Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosting Account Hacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 harperdennison

harperdennison

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 22 July 2012 - 08:59 PM

This is a computer of a family member who I know is doing risky things on the internet. They had their hosting account hacked and I have tried to remove the malware on the machine. Here are the logs. I'm pretty tech savvy, but have just about everything on this machine working against me. This laptop has a broken CD drive, but an external USB is available. I also have a Hiren Live CD available.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by owner at 21:51:04 on 2012-07-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1353 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Total Protection *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120722112443.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [cdloader] "c:\users\owner\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Search Protection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [{A26CBC34-006B-9645-11D9-C6114C819584}] c:\users\owner\appdata\roaming\ohonne\wuni.exe
uRun: [Headline] c:\users\owner\appdata\roaming\headliner.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [OnScreenDisplay] "c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP-Diags] c:\program files\hewlett-packard\hp active support\hpdom\HPDiags.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{4B8FA145-20C9-42E7-8ABA-D93FDD0BC5DD} : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{8D39AC4B-640E-4510-8D6F-1353CDE32884} : DhcpNameServer = 167.206.254.2 167.206.254.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-9 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-5-9 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-5-9 169608]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-30 54776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-17 655944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-30 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-9 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-9 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-9 151880]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-9 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-17 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-22 40776]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-9 180848]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-9 340920]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-9 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-9 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-22 40552]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-18 250056]
S4 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S4 gupdate1c9ec30121681a0;Google Update Service (gupdate1c9ec30121681a0);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
.
=============== Created Last 30 ================
.
2012-07-23 01:26:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-22 21:32:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-07-22 21:32:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-22 21:32:44 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-22 21:32:44 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-22 21:32:44 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-22 21:32:44 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-22 21:29:46 -------- d-----w- c:\users\owner\appdata\local\FixItCenter
2012-07-22 21:12:11 -------- d-----w- c:\windows\MATS
2012-07-22 21:12:09 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-07-22 20:20:26 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-22 19:58:14 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 19:56:28 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-22 19:56:26 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-22 19:56:25 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-22 19:30:47 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-22 19:30:47 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-22 19:30:47 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-22 19:30:47 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-22 19:06:43 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-22 19:04:20 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-22 19:04:20 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-22 19:04:20 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-22 19:04:20 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-22 19:04:19 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-22 19:04:19 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-22 19:04:19 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-22 18:20:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-22 18:19:12 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-22 18:19:12 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-22 18:19:12 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-22 18:15:54 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-22 18:15:32 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-22 18:14:51 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-07-22 18:14:51 189952 ----a-w- c:\windows\system32\winmm.dll
2012-07-22 18:14:25 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-22 18:14:25 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-22 18:14:24 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-22 18:14:24 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-22 17:58:57 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-07-22 17:58:56 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-07-22 17:58:56 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-07-22 17:58:54 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-07-22 17:58:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-07-22 17:58:52 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-07-22 17:58:42 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-22 17:58:25 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-07-22 17:58:18 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2012-07-22 17:58:12 66560 ----a-w- c:\windows\system32\packager.dll
2012-07-22 17:58:06 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-07-22 17:57:56 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-22 17:47:26 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-07-22 17:47:21 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-22 17:24:55 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-22 17:23:08 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-22 17:22:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-07-22 17:22:28 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-07-22 17:21:51 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-07-22 17:21:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-22 17:17:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-07-22 17:16:30 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-22 17:16:30 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-22 17:16:29 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-22 17:16:27 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-22 17:14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 17:14:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-22 17:12:02 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-22 17:11:29 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-22 17:11:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-22 17:06:12 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-07-22 16:51:45 -------- d-----w- c:\users\owner\appdata\local\ElevatedDiagnostics
2012-07-22 16:30:49 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-07-22 16:27:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-22 16:27:08 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-22 16:27:08 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-22 16:27:07 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-22 16:27:06 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-22 16:27:05 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-22 16:11:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-22 16:10:41 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-22 16:07:34 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-22 16:07:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-22 16:04:40 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-22 15:09:13 -------- d-----w- c:\windows\system32\eu-ES
2012-07-22 15:09:13 -------- d-----w- c:\windows\system32\ca-ES
2012-07-22 15:09:12 -------- d-----w- c:\windows\system32\vi-VN
2012-07-22 13:54:14 -------- d-----w- c:\windows\system32\EventProviders
2012-07-22 08:01:05 -------- d-----w- c:\windows\pss
2012-07-21 23:10:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-21 23:09:00 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-21 23:08:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-07-21 22:33:29 -------- d-----w- c:\program files\Bonjour
2012-07-21 22:06:47 -------- d-----w- c:\windows\system32\Adobe
2012-07-21 21:46:32 -------- d-----w- c:\users\owner\appdata\local\Secunia PSI
2012-07-21 21:45:55 -------- d-----w- c:\program files\Secunia
2012-07-21 13:41:57 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b5139d72-3575-4834-bf49-14b5cf6aadea}\mpengine.dll
2012-07-21 13:30:02 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-07-21 13:30:00 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-07-19 07:17:37 -------- d-----w- C:\Quarantine
2012-07-18 04:50:58 -------- d-----w- C:\LOGS
2012-07-18 01:22:25 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-18 01:22:24 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 00:45:27 -------- d-----w- c:\users\owner\appdata\roaming\TeamViewer
2012-07-18 00:07:51 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-07-18 00:07:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 00:07:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 00:07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 01:35:00 -------- d-----w- c:\program files\TeamViewer
2012-07-17 00:58:52 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-17 00:58:45 -------- d-----w- c:\program files\Trend Micro
2012-07-15 19:47:21 -------- d-----w- c:\users\owner\appdata\roaming\Ywydwe
2012-07-12 14:01:34 -------- d-----w- C:\Quarrantine
2012-07-09 02:14:46 -------- d-----w- c:\users\owner\appdata\local\DDMSettings
2012-07-08 23:09:21 -------- d-----w- c:\users\owner\appdata\roaming\Uniblue
2012-07-08 23:08:46 -------- d-----w- c:\program files\Uniblue
.
==================== Find3M ====================
.
2012-07-22 19:06:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-22 19:04:21 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-07-21 22:16:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 13:12:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-21 16:33:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
.
============= FINISH: 21:54:35.01 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2008 8:26:22 AM
System Uptime: 7/22/2012 8:14:30 PM (1 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 14.727 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.978 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP885: 7/21/2012 6:22:46 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP886: 7/21/2012 6:25:45 PM - Device Driver Package Install: Apple Network adapters
RP887: 7/22/2012 3:00:21 AM - Windows Update
RP888: 7/22/2012 9:50:41 AM - Windows Update
RP889: 7/22/2012 12:06:01 PM - Windows Update
RP890: 7/22/2012 2:16:21 PM - Windows Update
RP891: 7/22/2012 5:34:22 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Shockwave Player 11.6
AIM 6
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
Atheros Driver Installation Program
Bonjour
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Driver Detective
DVD Suite
EA Link
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
Fidelity Active Trader Pro®
FileZilla Client 3.5.3
Genbox Family History 3.7.1
Google Chrome
Google Earth Plug-in
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing 4.60
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java™ 6 Update 33
LabelPrint
Last Will And Testament Kit 1.0
LightScribe System Software 1.10.13.1
Linksys EasyLink Advisor
magicJack
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Online Backup
McAfee Total Protection
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee autoProducer 6.1
My HP Games
NetWaiting
NewzToolz-EZ v2.0.3
NVIDIA Drivers
Power2Go
PowerDirector
PSSWCORE
Pure Networks Platform
QuickPlay SlingPlayer 0.4.6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartWebPrinting
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
TBS WMP Plug-in
The Sims™ Life Stories
Trader Workstation
Trader Workstation 4.0
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
TurboTax Home & Business 2007
Uniblue DriverScanner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Viewpoint Media Player
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
WildTangent Games App (HP Games)
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
ZIP Reader 8.00.0018
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 harperdennison

harperdennison
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 22 July 2012 - 09:01 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-22 21:06:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9200827AS rev.3.BHA
Running: olyhrwyk.exe; Driver: C:\Users\owner\AppData\Local\Temp\kgloapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x807CA5A8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x807CA5D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x807CA5BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x807CA594]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82445992 5 Bytes JMP 807CA598 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E20C340, 0x3ED9C7, 0xE8000020]
? C:\Users\owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 00B0FE43
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 00B0FD1A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 00B0FEE5
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00B11DC3
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00B11F29
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00B06B6C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 00B137F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 00B138F0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 00B1383B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 00B138C4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00B13618
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 00B1387A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 00B136C0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 00B1366C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[396] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 00B1375C
.text C:\Windows\system32\services.exe[728] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\services.exe[728] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 001F0FC3
.text C:\Windows\system32\services.exe[728] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 001F0FDE
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 001E0F48
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 001E0F63
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 001E00BA
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 001E0F2D
.text C:\Windows\system32\services.exe[728] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 001E0073
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 001E002C
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 001E003D
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 001E008E
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 001E0F8F
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 001E0FC7
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 001E0FAC
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 001E004E
.text C:\Windows\system32\services.exe[728] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 001E0F7E
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 001E0F08
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 001E0011
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 001E0000
.text C:\Windows\system32\services.exe[728] kernel32.dll!WinExec 777160CF 5 Bytes JMP 001E009F
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00870FA5
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 0087003D
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00870000
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00870FB6
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00870F94
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 0087001B
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00870FE5
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 0087002C
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00DE0FA6
.text C:\Windows\system32\services.exe[728] msvcrt.dll!system 7744805B 5 Bytes JMP 00DE0FC1
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00DE0FD2
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_open 7744D116 5 Bytes JMP 00DE0000
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00DE0027
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00DE0FE3
.text C:\Windows\system32\services.exe[728] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00DF0000
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00950000
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 00950025
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 00950FEF
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 00940098
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 0094007D
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00940F23
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 009400C4
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 0094005B
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00940FD4
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00940025
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00940F5C
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00940F77
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00940FAF
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00940F94
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00940036
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 0094006C
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 009400DF
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00940FE5
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00940000
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!WinExec 777160CF 5 Bytes JMP 009400A9
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00DF002F
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00DF0000
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00DF0F83
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00DF0040
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00DF0FAF
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00DF0FD4
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00DF0F9E
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 01400F95
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!system 7744805B 5 Bytes JMP 01400FA6
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 01400FD2
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_open 7744D116 5 Bytes JMP 01400000
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 01400FB7
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 01400FE3
.text C:\Windows\system32\lsass.exe[744] WS2_32.dll!socket 77E936D1 5 Bytes JMP 01410000
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 003EFE43
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 003EFD1A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 003EFEE5
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 003F1DC3
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 003F1F29
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 003E6B6C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetCloseHandle 77B3C664 3 Bytes JMP 003F37F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetCloseHandle + 4 77B3C668 1 Byte [88]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!HttpQueryInfoA 77B3E13A 3 Bytes JMP 003F38F0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!HttpQueryInfoA + 4 77B3E13E 1 Byte [88]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetReadFile 77B3F8D8 3 Bytes JMP 003F383B
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetReadFile + 4 77B3F8DC 1 Byte [88]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetQueryDataAvailable 77B43184 3 Bytes JMP 003F38C4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetQueryDataAvailable + 4 77B43188 1 Byte [88]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 003F3618
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 003F387A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 003F36C0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 003F366C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[828] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 003F375C
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 003C0000
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 003C0FDB
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 003C0011
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 00110F6F
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 001100BF
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00110F2F
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 00110F54
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00110090
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 0011002C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00110FE5
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00110F8A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00110069
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00110047
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 776A9554 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00110058
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00110FC0
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 00110F9B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 00110F1E
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 0011001B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 777160CF 5 Bytes JMP 001100D0
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00C70FAB
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 7744805B 5 Bytes JMP 00C70FBC
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00C70022
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 7744D116 5 Bytes JMP 00C70000
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00C70FCD
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00C70011
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 0085002F
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00850FA8
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00850F97
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00850F72
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 001F0FDE
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 001E0F35
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 001E0F50
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 001E00CC
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 001E00B1
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 001E004C
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 001E0F9E
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 001E007B
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 001E0F72
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 001E0014
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 001E0F8D
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 001E0F61
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 001E00DD
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[1008] kernel32.dll!WinExec 777160CF 5 Bytes JMP 001E0096
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00690070
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 7744805B 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!system 7744805B 5 Bytes JMP 0069005F
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00690033
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_open 7744D116 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00690044
.text C:\Windows\system32\svchost.exe[1008] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 0068005B
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 0068002F
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00680FEF
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 0068004A
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 0068006C
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00680FCD
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00680FDE
.text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00680014
.text C:\Windows\system32\svchost.exe[1008] WS2_32.dll!socket 77E936D1 5 Bytes JMP 006A0000
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 009E0000
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 009E001B
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 009E0FE5
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 009C0093
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 009C0F4D
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 009C00C9
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 009C00B8
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 009C0F79
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 009C0014
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 009C0025
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 009C0F68
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 009C0F8A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 009C0FA5
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 009C0047
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 009C0036
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 009C0078
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 009C00DA
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 009C0FDE
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 009C0FEF
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!WinExec 777160CF 5 Bytes JMP 009C0F3C
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00A20F92
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!system 7744805B 5 Bytes JMP 00A2001D
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00A20FC8
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_open 7744D116 5 Bytes JMP 00A20FEF
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00A20FAD
.text C:\Windows\System32\svchost.exe[1112] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00A2000C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00A1006C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00A10FE5
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00A10000
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00A10FCA
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00A10087
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00A10036
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00A10025
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00A10051
.text C:\Windows\System32\svchost.exe[1112] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00A30000
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00FD000A
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 00FD0FDE
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 00FD0FEF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 00F80F41
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 00F80F5C
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00F80F1F
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 00F800B6
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00F80F7E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00F8001B
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00F8002C
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00F80F6D
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00F80F8F
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00F80047
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 776A9554 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00F80058
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00F80FCA
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 00F80073
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 776C925B 3 Bytes JMP 00F800D1
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress + 4 776C925F 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileW 776CB0EB 3 Bytes JMP 00F80FE5
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileW + 4 776CB0EF 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileA 776CD07F 3 Bytes JMP 00F8000A
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileA + 4 776CD083 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!WinExec 777160CF 5 Bytes JMP 00F80F30
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00FF0FA3
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!system 7744805B 5 Bytes JMP 00FF0FBE
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00FF001D
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_open 7744D116 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00FF0038
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00FF000C
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00FE006C
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00FE0087
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00FE0098
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00FE0036
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00FE0025
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00FE0051
.text C:\Windows\System32\svchost.exe[1140] WS2_32.dll!socket 77E936D1 5 Bytes JMP 01680FEF
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 01190000
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 01190011
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 01190FE5
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 01000091
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 01000F4B
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 010000C4
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 010000B3
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 0100005B
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 01000FD4
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 01000FB9
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 01000076
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 01000F81
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 01000025
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 01000040
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 01000FA8
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 01000F66
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 010000D5
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 0100000A
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 01000FEF
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!WinExec 777160CF 5 Bytes JMP 010000A2
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 011B0F9C
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!system 7744805B 5 Bytes JMP 011B0FB7
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 011B001D
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_open 7744D116 5 Bytes JMP 011B0000
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 011B0FC8
.text C:\Windows\system32\svchost.exe[1152] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 011B0FE3
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 011A0062
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 011A0051
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 011A0000
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 011A0FC0
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 011A0FA5
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 011A0FDB
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 011A001B
.text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 011A0036
.text C:\Windows\system32\svchost.exe[1152] WS2_32.dll!socket 77E936D1 5 Bytes JMP 011D0FEF
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenA 77B4D5E8 5 Bytes JMP 01FD000A
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 77B5E1C6 5 Bytes JMP 01FD001B
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenW 77B6C596 5 Bytes JMP 01FD0FE5
.text C:\Windows\system32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 77BBDBF8 5 Bytes JMP 01FD0FC0
.text C:\Windows\system32\rundll32.exe[1200] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0003FE43
.text C:\Windows\system32\rundll32.exe[1200] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0003FD1A
.text C:\Windows\system32\rundll32.exe[1200] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0003FEE5
.text C:\Windows\system32\rundll32.exe[1200] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00041DC3
.text C:\Windows\system32\rundll32.exe[1200] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00041F29
.text C:\Windows\system32\rundll32.exe[1200] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00036B6C
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 000437F8
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 000438F0
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0004383B
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 000438C4
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00043618
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0004387A
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 000436C0
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0004366C
.text C:\Windows\system32\rundll32.exe[1200] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0004375C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 001D0068
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 001D0F18
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 001D008A
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 001D0EFD
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 001D0F69
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 001D0F33
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 001D0F86
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 001D0FA8
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 001D0F97
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 001D0025
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 001D0F44
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 001D00AF
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!WinExec 777160CF 5 Bytes JMP 001D0079
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00350F97
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!system 7744805B 5 Bytes JMP 0035002C
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00350FC6
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_open 7744D116 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 0035001B
.text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00350FD7
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00340F94
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00340FAF
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00340036
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00340051
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00340011
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00340FCA
.text C:\Windows\system32\svchost.exe[1244] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 008C0011
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 008B00B3
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 008B00A2
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 008B00DF
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 008B0F48
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 008B0F99
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 008B0FDB
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 008B0022
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 008B0F77
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 008B0073
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 008B0058
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 008B0FB6
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 008B003D
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 008B0F88
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 008B00F0
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!WinExec 777160CF 5 Bytes JMP 008B00C4
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00970042
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!system 7744805B 5 Bytes JMP 00970FB7
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00970FE3
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_open 7744D116 5 Bytes JMP 0097000C
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00970FD2
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 0097001D
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 0096008E
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 0096006C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 0096000A
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 0096007D
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 0096009F
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00960025
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00960051
.text C:\Windows\system32\svchost.exe[1340] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[1340] WININET.dll!InternetOpenA 77B4D5E8 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1340] WININET.dll!InternetOpenUrlA 77B5E1C6 5 Bytes JMP 00980FEF
.text C:\Windows\system32\svchost.exe[1340] WININET.dll!InternetOpenW 77B6C596 5 Bytes JMP 00980025
.text C:\Windows\system32\svchost.exe[1340] WININET.dll!InternetOpenUrlW 77BBDBF8 5 Bytes JMP 00980036
.text C:\Windows\system32\svchost.exe[1460] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 013C0000
.text C:\Windows\system32\svchost.exe[1460] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 013C0FDE
.text C:\Windows\system32\svchost.exe[1460] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 013C0FEF
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 013B006C
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 013B0F1C
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 013B00B3
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 013B00A2
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 013B0F6D
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 013B0FE5
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 013B0FCA
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 013B0F37
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 013B0051
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 013B0F9E
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 013B0040
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 013B0FAF
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 013B0F5C
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 013B00C4
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 013B001B
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 013B0000
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!WinExec 777160CF 5 Bytes JMP 013B007D
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 01D80F84
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!system 7744805B 5 Bytes JMP 01D80F9F
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 01D80FC1
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_open 7744D116 5 Bytes JMP 01D80FEF
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 01D80FB0
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 01D80FDE
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 01D70FAC
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 01D7003D
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 01D70FEF
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 01D7004E
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 01D70F91
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 01D7001B
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 01D7000A
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 01D7002C
.text C:\Windows\system32\svchost.exe[1460] WS2_32.dll!socket 77E936D1 5 Bytes JMP 01D90000
.text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 002E0FE5
.text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 00290078
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 00290067
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 002900AE
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 00290F17
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00290056
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00290FCA
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00290FB9
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00290F46
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00290F7C
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00290F8D
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 0029002F
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00290FA8
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 00290F57
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 002900BF
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00290FE5
.text C:\Windows\system32\svchost.exe[1712] kernel32.dll!WinExec 777160CF 5 Bytes JMP 00290093
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00A00FAD
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!system 7744805B 5 Bytes JMP 00A00FC8
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00A00027
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_open 7744D116 5 Bytes JMP 00A00FE3
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00A00038
.text C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00280FA5
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00280FC0
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00280FEF
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00280047
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00280F94
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00280011
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 0028002C
.text C:\Windows\system32\svchost.exe[1712] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00A50FE5
.text C:\Windows\system32\taskeng.exe[1744] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0090FE43
.text C:\Windows\system32\taskeng.exe[1744] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0090FD1A
.text C:\Windows\system32\taskeng.exe[1744] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0090FEE5
.text C:\Windows\system32\taskeng.exe[1744] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00911DC3
.text C:\Windows\system32\taskeng.exe[1744] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00911F29
.text C:\Windows\system32\taskeng.exe[1744] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00906B6C
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 009137F8
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 009138F0
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0091383B
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 009138C4
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00913618
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0091387A
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 009136C0
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0091366C
.text C:\Windows\system32\taskeng.exe[1744] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0091375C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0068FE43
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0068FD1A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0068FEE5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00691DC3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00691F29
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00686B6C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 006937F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 006938F0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0069383B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 006938C4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00693618
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0069387A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 006936C0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0069366C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1924] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0069375C
.text C:\Windows\system32\svchost.exe[1996] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[1996] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 0012001B
.text C:\Windows\system32\svchost.exe[1996] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 00080F57
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 00080F68
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00080F32
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 000800C9
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00080F83
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00080022
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00080FDB
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00080093
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00080F94
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00080FAF
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00080047
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00080FC0
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 00080082
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 00080F0D
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00080011

.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1996] kernel32.dll!WinExec 777160CF 5 Bytes JMP 000800AE
.text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 0021004E
.text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!system 7744805B 5 Bytes JMP 0021003D
.text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00210011
.text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_open 7744D116 5 Bytes JMP 00210FE3
.text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00210022
.text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00140F7C
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00140FA1
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00140028
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00140039
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00140FCD
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00140FDE
.text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00140FBC
.text C:\Windows\system32\svchost.exe[1996] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00220FEF
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 022AFE43
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 022AFD1A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 022AFEE5
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 022B1DC3
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 022B1F29
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 022B37F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 022B38F0
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 022B383B
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 022B38C4
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 022B3618
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 022B387A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 022B36C0
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 022B366C
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 022B375C
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2064] crypt32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 022A6B6C
.text C:\Windows\system32\Dwm.exe[2304] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 01B1FE43
.text C:\Windows\system32\Dwm.exe[2304] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 01B1FD1A
.text C:\Windows\system32\Dwm.exe[2304] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 01B1FEE5
.text C:\Windows\system32\Dwm.exe[2304] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 01B21DC3
.text C:\Windows\system32\Dwm.exe[2304] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 01B21F29
.text C:\Windows\system32\Dwm.exe[2304] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 01B16B6C
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 01B237F8
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 01B238F0
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 01B2383B
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 01B238C4
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 01B23618
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 01B2387A
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 01B236C0
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 01B2366C
.text C:\Windows\system32\Dwm.exe[2304] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 01B2375C
.text C:\Windows\system32\svchost.exe[2320] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[2320] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 0076001B
.text C:\Windows\system32\svchost.exe[2320] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 007500BA
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 007500A9
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00750F3E
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 007500D5
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00750F9C
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00750025
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00750098
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00750076
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00750FB9
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00750065
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00750040
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 00750087
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 00750F23
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00750FD4
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!WinExec 777160CF 5 Bytes JMP 00750F59
.text C:\Windows\system32\svchost.exe[2320] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00790040
.text C:\Windows\system32\svchost.exe[2320] msvcrt.dll!system 7744805B 5 Bytes JMP 0079001B
.text C:\Windows\system32\svchost.exe[2320] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00790FBC
.text C:\Windows\system32\svchost.exe[2320] msvcrt.dll!_open 7744D116 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[2320] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00790FAB
.text C:\Windows\system32\svchost.exe[2320] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00790FE3
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00780036
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00780F94
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00780051
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00780FC0
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00780FAF
.text C:\Windows\system32\svchost.exe[2320] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00C7000A
.text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 000500AE
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 00050F68
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 000500DD
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 00050F3C
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00050FAF
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00050FC0
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00050062
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 0005007D
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 000500EE
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!WinExec 777160CF 5 Bytes JMP 00050F57
.text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00090038
.text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!system 7744805B 5 Bytes JMP 00090FB7
.text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00090FD9
.text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!_open 7744D116 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00090FC8
.text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 0009001D
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00080F72
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00080F97
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00080014
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00080025
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00080FC3
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00080FA8
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 003CFE43
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 003CFD1A
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 003CFEE5
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 003D1DC3
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 003D1F29
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 003C6B6C
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 003D37F8
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 003D38F0
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 003D383B
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 003D38C4
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 003D3618
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 003D387A
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 003D36C0
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 003D366C
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2588] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 003D375C
.text C:\Windows\Explorer.EXE[2896] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0558FE43
.text C:\Windows\Explorer.EXE[2896] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00040FE5
.text C:\Windows\Explorer.EXE[2896] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 00040025
.text C:\Windows\Explorer.EXE[2896] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[2896] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0558FD1A
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 000100AB
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 0001009A
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00010F1E
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 00010F2F
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00010F79
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00010FAF
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0558FEE5
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 0001007F
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00010047
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00010036
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 0001006E
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 000100D0
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00010FE5
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[2896] kernel32.dll!WinExec 777160CF 5 Bytes JMP 00010F4A
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00060054
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00060FCD
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00060FEF
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00060FBC
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00060F97
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 0006002F
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 0006000A
.text C:\Windows\Explorer.EXE[2896] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00060FDE
.text C:\Windows\Explorer.EXE[2896] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 05591DC3
.text C:\Windows\Explorer.EXE[2896] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 05591F29
.text C:\Windows\Explorer.EXE[2896] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 000B005D
.text C:\Windows\Explorer.EXE[2896] msvcrt.dll!system 7744805B 5 Bytes JMP 000B0042
.text C:\Windows\Explorer.EXE[2896] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 000B0FD2
.text C:\Windows\Explorer.EXE[2896] msvcrt.dll!_open 7744D116 5 Bytes JMP 000B0FEF
.text C:\Windows\Explorer.EXE[2896] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 000B0027
.text C:\Windows\Explorer.EXE[2896] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 000B000C
.text C:\Windows\Explorer.EXE[2896] WS2_32.dll!socket 77E936D1 5 Bytes JMP 01B50000
.text C:\Windows\Explorer.EXE[2896] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 05586B6C
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 055937F8
.text C:\Windows\Explorer.EXE[2896] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 055938F0
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0559383B
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 055938C4
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetOpenA 77B4D5E8 5 Bytes JMP 05500FE5
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetOpenUrlA 77B5E1C6 5 Bytes JMP 0550000A
.text C:\Windows\Explorer.EXE[2896] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 05593618
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetOpenW 77B6C596 5 Bytes JMP 05500FD4
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0559387A
.text C:\Windows\Explorer.EXE[2896] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 055936C0
.text C:\Windows\Explorer.EXE[2896] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0559366C
.text C:\Windows\Explorer.EXE[2896] WININET.dll!InternetOpenUrlW 77BBDBF8 5 Bytes JMP 05500FAF
.text C:\Windows\Explorer.EXE[2896] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0559375C
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 022EFE43
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 022EFD1A
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 022EFEE5
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 022F37F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 022F38F0
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 022F383B
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 022F38C4
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 022F3618
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 022F387A
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 022F36C0
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 022F366C
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 022F375C
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 022F1DC3
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 022F1F29
.text C:\Program Files\HP\QuickPlay\QPService.exe[2900] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 022E6B6C
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 003EFE43
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 003EFD1A
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 003EFEE5
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 003F1DC3
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 003F1F29
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 003E6B6C
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetCloseHandle 77B3C664 3 Bytes JMP 003F37F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetCloseHandle + 4 77B3C668 1 Byte [88]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!HttpQueryInfoA 77B3E13A 3 Bytes JMP 003F38F0
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!HttpQueryInfoA + 4 77B3E13E 1 Byte [88]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetReadFile 77B3F8D8 3 Bytes JMP 003F383B
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetReadFile + 4 77B3F8DC 1 Byte [88]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetQueryDataAvailable 77B43184 3 Bytes JMP 003F38C4
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetQueryDataAvailable + 4 77B43188 1 Byte [88]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 003F3618
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 003F387A
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 003F36C0
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 003F366C
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3036] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 003F375C
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3068] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 70C69A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3068] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 70C699A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0200FE43
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0200FD1A
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0200FEE5
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 02011DC3
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 02011F29
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 02006B6C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 020137F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 020138F0
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0201383B
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 020138C4
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 02013618
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0201387A
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 020136C0
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0201366C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3304] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0201375C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 008EFE43
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 008EFD1A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 008EFEE5
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 008E6B6C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] USER32.dll!TranslateMessage 770401AD 3 Bytes JMP 008F1DC3
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] USER32.dll!TranslateMessage + 4 770401B1 1 Byte [89]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 008F1F29
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 008F37F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 008F38F0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 008F383B
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 008F38C4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 008F3618
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 008F387A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 008F36C0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 008F366C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3348] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 008F375C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 01A8FE43
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 01A8FD1A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 01A8FEE5
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 01A91DC3
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 01A91F29
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 01A86B6C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 01A937F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 01A938F0
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 01A9383B
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 01A938C4
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 01A93618
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 01A9387A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 01A936C0
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 01A9366C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3520] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 01A9375C
.text C:\Windows\system32\svchost.exe[3896] ntdll.dll!NtCreateFile 77D84244 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[3896] ntdll.dll!NtCreateProcess 77D84304 5 Bytes JMP 00040FC3
.text C:\Windows\system32\svchost.exe[3896] ntdll.dll!NtProtectVirtualMemory 77D84BA4 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!GetStartupInfoW 77681929 5 Bytes JMP 00010F6F
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!GetStartupInfoA 776819C9 5 Bytes JMP 000100BF
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateProcessW 77681BF3 5 Bytes JMP 00010F43
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateProcessA 77681C28 5 Bytes JMP 00010F54
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!VirtualProtect 77681DC3 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateNamedPipeA 77682EF5 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateNamedPipeW 77685C0C 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreatePipe 776A8F06 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryExW 776A927C 5 Bytes JMP 00010073
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryW 776A9400 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryExA 776A9554 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryA 776A957C 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!VirtualProtectEx 776ADC52 5 Bytes JMP 000100A4
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!GetProcAddress 776C925B 5 Bytes JMP 00010F28
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateFileW 776CB0EB 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateFileA 776CD07F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!WinExec 777160CF 5 Bytes JMP 000100D0
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wsystem 77447F3F 5 Bytes JMP 00060FBE
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!system 7744805B 5 Bytes JMP 00060053
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_creat 7744BBF1 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_open 7744D116 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wcreat 7744D336 5 Bytes JMP 00060042
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wopen 7744D511 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 0007004A
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[3896] WS2_32.dll!socket 77E936D1 5 Bytes JMP 00080000
.text C:\Windows\ehome\ehtray.exe[4092] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0031FE43
.text C:\Windows\ehome\ehtray.exe[4092] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0031FD1A
.text C:\Windows\ehome\ehtray.exe[4092] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0031FEE5
.text C:\Windows\ehome\ehtray.exe[4092] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00321DC3
.text C:\Windows\ehome\ehtray.exe[4092] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00321F29
.text C:\Windows\ehome\ehtray.exe[4092] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00316B6C
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 003237F8
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 003238F0
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0032383B
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 003238C4
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00323618
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0032387A
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 003236C0
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0032366C
.text C:\Windows\ehome\ehtray.exe[4092] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0032375C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 001AFE43
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 001AFD1A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 001AFEE5
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 001B1DC3
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 001B1F29
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 001A6B6C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 001B37F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 001B38F0
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 001B383B
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 001B38C4
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 001B3618
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 001B387A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 001B36C0
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 001B366C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4144] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 001B375C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0003FE43
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + 6 77D8424A 4 Bytes [28, 00, 39, 00] {SUB [EAX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + B 77D8424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77D8499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77D8499A 4 Bytes [28, 03, 39, 00] {SUB [EBX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + B 77D8499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + 6 77D84A2A 4 Bytes [68, 00, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + B 77D84A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + 6 77D84AAA 4 Bytes [A8, 01, 39, 00] {TEST AL, 0x1; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + B 77D84AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + 6 77D84ABA 4 Bytes CALL 76D883C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + B 77D84ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + 6 77D84ACA 4 Bytes [A8, 02, 39, 00] {TEST AL, 0x2; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + B 77D84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + 6 77D84B1A 4 Bytes [68, 01, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + B 77D84B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + 6 77D84B2A 4 Bytes [68, 02, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + B 77D84B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + 6 77D84B3A 4 Bytes CALL 76D88441 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + B 77D84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + 6 77D84BCA 4 Bytes [A8, 00, 39, 00] {TEST AL, 0x0; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + B 77D84BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + 6 77D84C7A 4 Bytes CALL 76D8857F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + B 77D84C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + 6 77D8515A 4 Bytes [28, 01, 39, 00] {SUB [ECX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + B 77D8515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + 6 77D851AA 4 Bytes [28, 02, 39, 00] {SUB [EDX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + B 77D851AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77D8544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77D8544A 4 Bytes [68, 03, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + B 77D8544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0003FD1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0003FEE5
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00041DC3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00041F29
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00036B6C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 000437F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 000438F0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0004383B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 000438C4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00043618
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0004387A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 000436C0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0004366C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0004375C
.text C:\Windows\ehome\ehmsas.exe[4536] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 007BFE43
.text C:\Windows\ehome\ehmsas.exe[4536] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 007BFD1A
.text C:\Windows\ehome\ehmsas.exe[4536] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 007BFEE5
.text C:\Windows\ehome\ehmsas.exe[4536] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 007C1DC3
.text C:\Windows\ehome\ehmsas.exe[4536] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 007C1F29
.text C:\Windows\ehome\ehmsas.exe[4536] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 007B6B6C
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 007C37F8
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 007C38F0
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 007C383B
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 007C38C4
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 007C3618
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 007C387A
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 007C36C0
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 007C366C
.text C:\Windows\ehome\ehmsas.exe[4536] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 007C375C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0021FE43
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0021FD1A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0021FEE5
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00221DC3
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00221F29
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00216B6C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 002237F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 002238F0
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0022383B
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 002238C4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00223618
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0022387A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 002236C0
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0022366C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4588] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0022375C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0003FE43
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtCreateFile + 6 77D8424A 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtCreateFile + B 77D8424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + 6 77D8499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + 6 77D8499A 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + B 77D8499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenFile + 6 77D84A2A 4 Bytes [68, 00, 20, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenFile + B 77D84A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcess + 6 77D84AAA 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcess + B 77D84AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessToken + 6 77D84ABA 4 Bytes CALL 76D86AC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessToken + B 77D84ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessTokenEx + 6 77D84ACA 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenProcessTokenEx + B 77D84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThread + 6 77D84B1A 4 Bytes [68, 01, 20, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThread + B 77D84B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadToken + 6 77D84B2A 4 Bytes [68, 02, 20, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadToken + B 77D84B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadTokenEx + 6 77D84B3A 4 Bytes CALL 76D86B41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtOpenThreadTokenEx + B 77D84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryAttributesFile + 6 77D84BCA 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryAttributesFile + B 77D84BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryFullAttributesFile + 6 77D84C7A 4 Bytes CALL 76D86C7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtQueryFullAttributesFile + B 77D84C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationFile + 6 77D8515A 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationFile + B 77D8515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationThread + 6 77D851AA 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtSetInformationThread + B 77D851AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + 6 77D8544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + 6 77D8544A 4 Bytes [68, 03, 20, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + B 77D8544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0003FD1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0003FEE5
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00041DC3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00041F29
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00036B6C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 000437F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 000438F0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0004383B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 000438C4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00043618
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0004387A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 000436C0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0004366C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4608] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0004375C
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0003FE43
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0003FD1A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0003FEE5
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00036B6C
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00041DC3
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00041F29
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 000437F8
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 000438F0
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0004383B
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 000438C4
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00043618
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0004387A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 000436C0
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0004366C
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[5192] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0004375C
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 003DFE43
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 003DFD1A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 003DFEE5
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 003E1DC3
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 003E1F29
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 003D6B6C
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 003E37F8
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 003E38F0
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 003E383B
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 003E38C4
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 003E3618
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 003E387A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 003E36C0
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 003E366C
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5448] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 003E375C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0003FE43
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtCreateFile + 6 77D8424A 4 Bytes [28, 00, 1A, 00] {SUB [EAX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtCreateFile + B 77D8424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtMapViewOfSection + 6 77D8499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtMapViewOfSection + 6 77D8499A 4 Bytes [28, 03, 1A, 00] {SUB [EBX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtMapViewOfSection + B 77D8499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenFile + 6 77D84A2A 4 Bytes [68, 00, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenFile + B 77D84A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenProcess + 6 77D84AAA 4 Bytes [A8, 01, 1A, 00] {TEST AL, 0x1; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenProcess + B 77D84AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenProcessToken + 6 77D84ABA 4 Bytes CALL 76D864C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenProcessToken + B 77D84ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenProcessTokenEx + 6 77D84ACA 4 Bytes [A8, 02, 1A, 00] {TEST AL, 0x2; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenProcessTokenEx + B 77D84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenThread + 6 77D84B1A 4 Bytes [68, 01, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenThread + B 77D84B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenThreadToken + 6 77D84B2A 4 Bytes [68, 02, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenThreadToken + B 77D84B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenThreadTokenEx + 6 77D84B3A 4 Bytes CALL 76D86541 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtOpenThreadTokenEx + B 77D84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtQueryAttributesFile + 6 77D84BCA 4 Bytes [A8, 00, 1A, 00] {TEST AL, 0x0; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtQueryAttributesFile + B 77D84BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtQueryFullAttributesFile + 6 77D84C7A 4 Bytes CALL 76D8667F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtQueryFullAttributesFile + B 77D84C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtSetInformationFile + 6 77D8515A 4 Bytes [28, 01, 1A, 00] {SUB [ECX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtSetInformationFile + B 77D8515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtSetInformationThread + 6 77D851AA 4 Bytes [28, 02, 1A, 00] {SUB [EDX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtSetInformationThread + B 77D851AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtUnmapViewOfSection + 6 77D8544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtUnmapViewOfSection + 6 77D8544A 4 Bytes [68, 03, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtUnmapViewOfSection + B 77D8544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0003FD1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0003FEE5
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00041DC3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00041F29
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00036B6C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 000437F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 000438F0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0004383B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 000438C4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00043618
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0004387A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 000436C0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0004366C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5608] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0004375C
.text C:\Windows\system32\wbem\unsecapp.exe[5660] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0187FE43
.text C:\Windows\system32\wbem\unsecapp.exe[5660] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0187FD1A
.text C:\Windows\system32\wbem\unsecapp.exe[5660] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0187FEE5
.text C:\Windows\system32\wbem\unsecapp.exe[5660] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 01881DC3
.text C:\Windows\system32\wbem\unsecapp.exe[5660] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 01881F29
.text C:\Windows\system32\wbem\unsecapp.exe[5660] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 01876B6C
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 018837F8
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 018838F0
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0188383B
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 018838C4
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 01883618
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0188387A
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 018836C0
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0188366C
.text C:\Windows\system32\wbem\unsecapp.exe[5660] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0188375C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!LdrLoadDll 77D49378 5 Bytes JMP 0003FE43
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] ntdll.dll!NtCreateUserProcess 77D85674 5 Bytes JMP 0003FD1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] kernel32.dll!GetFileAttributesExW 77699C55 5 Bytes JMP 0003FEE5
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] USER32.dll!TranslateMessage 770401AD 5 Bytes JMP 00041DC3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] USER32.dll!GetClipboardData 7706715A 5 Bytes JMP 00041F29
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] CRYPT32.dll!PFXImportCertStore 75D9962D 5 Bytes JMP 00036B6C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!InternetCloseHandle 77B3C664 5 Bytes JMP 000437F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!HttpQueryInfoA 77B3E13A 5 Bytes JMP 000438F0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!InternetReadFile 77B3F8D8 5 Bytes JMP 0004383B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!InternetQueryDataAvailable 77B43184 5 Bytes JMP 000438C4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!HttpSendRequestW 77B6632D 5 Bytes JMP 00043618
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!InternetReadFileExA 77B6FA49 5 Bytes JMP 0004387A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!HttpSendRequestExW 77B7F564 5 Bytes JMP 000436C0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!HttpSendRequestA 77B9525A 5 Bytes JMP 0004366C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6096] WININET.dll!HttpSendRequestExA 77BDECD9 5 Bytes JMP 0004375C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 27 July 2012 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461989 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 29 July 2012 - 09:35 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users