Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked Firefox browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijacked Firefox browser

Unread postby dan12 » March 16th, 2009, 9:18 pm

you need to update the database in malwarebytes and I asked for a full scan :)
Your using internet explorer,yes ?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: Hijacked Firefox browser

Unread postby dan12 » March 16th, 2009, 9:22 pm

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Hijacked Firefox browser

Unread postby chicane » March 16th, 2009, 10:26 pm

Hey Dan. I ran the MBAM full scan but not able to update it, I also tried to access the eset website using IE set to run as admin but was not able to open the site. Here the scan results from MBAM

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1

3/16/2009 10:05:14 PM
mbam-log-2009-03-16 (22-05-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 252439
Time elapsed: 32 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby dan12 » March 17th, 2009, 3:38 am

GMER
  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Hijacked Firefox browser

Unread postby chicane » March 18th, 2009, 11:56 am

Hi Dan it seems this thing doesn't want to leave, I ran the gmer got the gmerrk.txt here which i'm about to post, but my system keeps crashin now every time i try to run gmer again so i wa able to get the gmerautos.txt part.

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-17 23:08:27
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8BE5F9BE]
Code 8A37E2D8 ZwEnumerateKey
Code 8A36D2C8 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BE5F9FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8BE5FA3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8BE5F930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8BE5F944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8BE5F9D2]
Code 8A3452E8 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8BE5FA67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8BE5FA53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8BE5F996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BE5FA2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BE5FA12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BE5F9E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8BE5F982]
Code 8A389305 IofCallDriver
Code 8A2973FE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81C4018C 5 Bytes JMP 8BE5F9EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCompleteRequest 81C52FE2 5 Bytes JMP 8A297403
.text ntkrnlpa.exe!IofCallDriver 81CD4F6F 5 Bytes JMP 8A38930A

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[420] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[420] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[608] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00370F96
.text C:\Windows\system32\services.exe[608] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 003700DC
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00370123
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00370108
.text C:\Windows\system32\services.exe[608] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 0037009F
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00370FE5
.text C:\Windows\system32\services.exe[608] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 0037008E
.text C:\Windows\system32\services.exe[608] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00370062
.text C:\Windows\system32\services.exe[608] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 003700B0
.text C:\Windows\system32\services.exe[608] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00370073
.text C:\Windows\system32\services.exe[608] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00370051
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 003700CB
.text C:\Windows\system32\services.exe[608] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00370134
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 0037001B
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00370000
.text C:\Windows\system32\services.exe[608] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00370036
.text C:\Windows\system32\services.exe[608] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 003700F7
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 0020005B
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 0020004A
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00200000
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00200FC3
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00200076
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00200025
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00200FEF
.text C:\Windows\system32\services.exe[608] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00200FD4
.text C:\Windows\system32\services.exe[608] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 001B0047
.text C:\Windows\system32\services.exe[608] msvcrt.dll!system 774B8B63 5 Bytes JMP 001B0FB2
.text C:\Windows\system32\services.exe[608] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 001B0011
.text C:\Windows\system32\services.exe[608] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 001B0000
.text C:\Windows\system32\services.exe[608] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 001B0022
.text C:\Windows\system32\services.exe[608] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 001B0FE3
.text C:\Windows\system32\services.exe[608] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00380000
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00170054
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00170F0E
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00170076
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00170065
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00170F5F
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00170FC3
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00170F70
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00170025
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00170F44
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00170F8D
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00170FA8
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00170F29
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00170091
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00170014
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00170FEF
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00170FDE
.text C:\Windows\system32\lsass.exe[624] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00170EE9
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00160F9B
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 0016003D
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00160000
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00160FAC
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00160F80
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 0016002C
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0016001B
.text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00160FD1
.text C:\Windows\system32\lsass.exe[624] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00150055
.text C:\Windows\system32\lsass.exe[624] msvcrt.dll!system 774B8B63 5 Bytes JMP 00150044
.text C:\Windows\system32\lsass.exe[624] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00150022
.text C:\Windows\system32\lsass.exe[624] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00150FEF
.text C:\Windows\system32\lsass.exe[624] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00150033
.text C:\Windows\system32\lsass.exe[624] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00150FDE
.text C:\Windows\system32\lsass.exe[624] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetStartupInfoW 779D1929 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 001E0F2D
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 001E007D
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 001E0F01
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 001E0F12
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 001E0F66
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 001E0F77
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 001E005B
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 001E0F9E
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 001E0EE6
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 001E0098
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 001C0F81
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!system 774B8B63 5 Bytes JMP 001C0F9C
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 001C0FD2
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 001C0FB7
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 001C0FE3
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 001D006C
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyA 77910BF5 3 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyA + 4 77910BF9 1 Byte [88]
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyW 7791B83D 3 Bytes JMP 001D0051
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyW + 4 7791B841 1 Byte [88]
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 3 Bytes JMP 001D0FAF
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExW + 4 7791BCE5 1 Byte [88]
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 3 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExA + 4 7791D4EC 1 Byte [88]
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 001D0040
.text C:\Windows\system32\svchost.exe[808] WS2_32.dll!socket 77B536D1 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00380F3D
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00380079
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 003800C3
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00380F2C
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00380043
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00380FBC
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00380F75
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00380F86
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00380F4E
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00380032
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00380FAB
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00380068
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00380F11
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00380FDE
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00380FCD
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 003800A8
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0036005D
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!system 774B8B63 5 Bytes JMP 00360042
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00360FD2
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00360027
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00370FCA
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00370047
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00370062
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00370FB9
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00370025
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00370036
.text C:\Windows\system32\svchost.exe[884] WS2_32.dll!socket 77B536D1 5 Bytes JMP 003D0FEF
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 01880076
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 01880F30
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 01880EF3
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 01880F0E
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 01880F55
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 01880FB9
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 01880F72
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 01880025
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 0188004A
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 01880F83
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 01880FA8
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 0188005B
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 018800A5
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 01880FE5
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 0188000A
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 01880FD4
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 01880F1F
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0186004E
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!system 774B8B63 5 Bytes JMP 01860FCD
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 01860FEF
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 0186000C
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 01860FDE
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 01860029
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 01870084
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 01870058
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 01870000
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 01870073
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 01870FC7
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 0187002C
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0187001B
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 01870047
.text C:\Windows\System32\svchost.exe[924] WS2_32.dll!socket 77B536D1 5 Bytes JMP 01890FEF
.text C:\Windows\System32\svchost.exe[924] WININET.DLL!InternetOpenA 770703DD 5 Bytes JMP 00870FEF
.text C:\Windows\System32\svchost.exe[924] WININET.DLL!InternetOpenUrlA 770720A3 5 Bytes JMP 0087000A
.text C:\Windows\System32\svchost.exe[924] WININET.DLL!InternetOpenW 77072A58 5 Bytes JMP 00870FDE
.text C:\Windows\System32\svchost.exe[924] WININET.DLL!InternetOpenUrlW 770BAF79 5 Bytes JMP 00870FAF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 01040F79
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 01040F8A
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 01040F4D
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 01040F5E
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 01040089
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 0104001B
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 01040FAF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 01040051
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 010400A4
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 0104006C
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 01040036
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 010400BF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 01040F3C
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 01040000
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 01040FEF
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 01040FCA
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 010400DA
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00CC0FBE
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!system 774B8B63 5 Bytes JMP 00CC0053
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00CC0038
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00CC0000
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00CC0FE3
.text C:\Windows\System32\svchost.exe[1040] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00CC001D
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00DB004A
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00DB0FAF
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00DB0FEF
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00DB0F9E
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00DB0F8D
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00DB0011
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00DB0000
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00DB0FC0
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!socket 77B536D1 5 Bytes JMP 01590000
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00D20096
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00D20F50

Part 1
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby chicane » March 18th, 2009, 11:57 am

Part 2

text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00D20F1A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00D20F2B
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00D20067
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00D20025
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00D20F8D
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00D20F9E
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00D20F7C
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00D2004A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00D20FAF
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00D20F61
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00D200CC
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00D2000A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00D20FEF
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00D20FD4
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00D200A7
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0093004C
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!system 774B8B63 5 Bytes JMP 0093003B
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00930FC1
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00930016
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00930FDE
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00D10051
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00D1000A
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00D10FAF
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00D10062
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00D10FE5
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00D1001B
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00D10FCA
.text C:\Windows\system32\svchost.exe[1096] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00D70FEF
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00DA0098
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00DA0F52
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00DA0F2D
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00DA00C4
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00DA0076
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00DA0FCD
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00DA0065
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00DA0054
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00DA0F77
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00DA0FB2
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00DA0043
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00DA0087
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00DA00D5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00DA0FDE
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00DA00B3
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00930FDB
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 774B8B63 5 Bytes JMP 00930066
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0093003A
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 0093000C
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00930055
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00930029
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00D90F8D
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00D90025
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00D90040
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00D90FC3
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00DB0FE5
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenA 770703DD 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenUrlA 770720A3 5 Bytes JMP 00080FD4
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenW 77072A58 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenUrlW 770BAF79 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00110073
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00110062
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 001100A9
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00110F12
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00110047
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00110014
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00110F6D
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00110036
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00110F52
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00110F8A
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00110025
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00110F37
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00110EF7
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00110FD4
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00110FE5
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00110FC3
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 0011008E
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0007004C
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!system 774B8B63 5 Bytes JMP 00070FB7
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00070027
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00070FD2
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 000A0F94
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[1324] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00120FEF
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00070F3F
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00070F50
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00070F1A
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 000700B1
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00070F83
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00070F94
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00070FAF
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00070F72
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00070036
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00070F61
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000700CC
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 000700A0
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00050FB7
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!system 774B8B63 5 Bytes JMP 00050038
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00050FE3
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00050FC8
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0005001D
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00060069
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00060033
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00060044
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 0006007A
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00060FDB
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00060022
.text C:\Windows\System32\svchost.exe[1372] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00270FE5
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00010093
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00010082
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 000100D3
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 000100B8
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00010F7C
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 0001002F
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010F97
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 0001004A
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00010F6B
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010FA8
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010FC3
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00010071
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000100EE
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F3C
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00090FA6
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!system 774B8B63 5 Bytes JMP 00090FB7
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00090FD2
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00090FEF
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 0009001D
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 000A006C
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 000A0036
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 000A0000
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 000A0051
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 000A0FAF
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 000A0FDB
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 000A0011
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 000A0FC0
.text C:\Windows\System32\svchost.exe[1404] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenA 770703DD 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenUrlA 770720A3 5 Bytes JMP 00720040
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenW 77072A58 5 Bytes JMP 00720025
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenUrlW 770BAF79 5 Bytes JMP 0072005B
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00760F3A
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00760F55
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 007600D1
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 007600B6
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00760F92
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00760FDE
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00760076
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 0076004A
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00760F81
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00760FC3
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00760F70
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00760F29
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 0076002F
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 0076009B
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00220F90
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!system 774B8B63 5 Bytes JMP 00220FAB
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00220FC6
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00220FE3
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00270051
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00270040
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00270F9E
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00270FD4
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 0027002F
.text C:\Windows\system32\svchost.exe[1460] WS2_32.dll!socket 77B536D1 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00310093
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00310082
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00310F0D
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 003100A4
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00310F68
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00310FAF
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 0031004C
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00310025
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00310067
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00310F83
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00310F9E
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00310F57
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 003100BF
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00310FD4
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00310F28
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00260F6B
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!system 774B8B63 5 Bytes JMP 00260F90
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00260FBC
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00260FE3
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00260FAB
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00260000
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 0027002F
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 0027004A
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00270FB2
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00270FD4
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00270014
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00270FC3
.text C:\Windows\system32\svchost.exe[1576] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 779D1929 3 Bytes JMP 00290F57
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW + 4 779D192D 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 779D19C9 3 Bytes JMP 00290F68
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA + 4 779D19CD 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 779D1C01 3 Bytes JMP 002900CC
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW + 4 779D1C05 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 779D1C36 3 Bytes JMP 00290F2B
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA + 4 779D1C3A 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 779D1DD1 3 Bytes JMP 00290F83
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect + 4 779D1DD5 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 779D5C44 3 Bytes JMP 00290025
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW + 4 779D5C48 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00290F94
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00290FAF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00290078
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00290051
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00290036
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00290089
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 002900DD
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00290FD4
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00290014
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00290F3C
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00260031
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!system 774B8B63 5 Bytes JMP 00260F9C
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0026000C
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00260FE3
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00260FC1
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00260FD2
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00270076
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 0027004A
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00270087
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00270FDE
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!socket 77B536D1 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00010F79
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 000100BF
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 000100EE
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00010FB6
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010090
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00010073
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010FC7
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000100FF
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00050FA4
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!system 774B8B63 5 Bytes JMP 00050FB5
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00050011
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00050FE3
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00050FC6
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00050000
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00060F97
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00060FA8
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00060054
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00060FDE
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00060014
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 0006002F
.text C:\Windows\system32\svchost.exe[2460] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00010F50
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00010096
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00010F1A
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 000100B1
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00010056
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010F7C
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00010F6B
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010F8D
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00010071
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000100CC
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00010025
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F3F
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0005005F
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!system 774B8B63 5 Bytes JMP 0005004E
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00050033
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00060F97
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyA 7790B8AE 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00060FB2
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 0006004A
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[3360] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00750FEF
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 000100EE
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00010FA8
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 000100FF
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00010F68
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 0001009D
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 0001002C
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010076
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 000100AE
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010047
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 000100D3
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00010110
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F8D
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00050F72
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00050F9E
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00050FEF
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00050F8D
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00050F61
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00050FCA
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0005000A
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00050FB9
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00060036
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!system 774B8B63 5 Bytes JMP 0006001B
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00060FAB
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00060FE3
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00060FD2
.text C:\Windows\Explorer.EXE[3536] WS2_32.dll!socket 77B536D1 5 Bytes JMP 02F30000
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenA 770703DD 5 Bytes JMP 0332000A
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenUrlA 770720A3 5 Bytes JMP 03320FDE
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenW 77072A58 5 Bytes JMP 03320FEF
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenUrlW 770BAF79 5 Bytes JMP 03320039

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAJ1NR27.jpg 4759 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAKSYIUW.jpg 1773 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMFJ6FE.jpg 1656 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMUHNG0.jpg 2738 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMZ5WB6.jpg 2443 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAO39XXD.jpg 1868 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAODHXYK.jpg 3891 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAOYJDFM.jpg 2330 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPDHNES.jpg 2480 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPSYRLE.jpg 2558 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPTFHZJ.jpg 4206 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQDEAVN.jpg 3129 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQF3PIO.jpg 2253 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCARBTJ8T.jpg 2470 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAT4VIUV.jpg 4271 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCATFFNWT.jpg 1570 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAU68LBC.jpg 3095 bytes
File C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys 38400 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gaopdxcounter 4 bytes
File C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll 19456 bytes executable

---- EOF - GMER 1.0.15 ----
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby chicane » March 18th, 2009, 11:57 am

Part 2

text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00D20F1A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00D20F2B
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00D20067
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00D20025
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00D20F8D
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00D20F9E
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00D20F7C
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00D2004A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00D20FAF
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00D20F61
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00D200CC
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00D2000A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00D20FEF
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00D20FD4
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00D200A7
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0093004C
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!system 774B8B63 5 Bytes JMP 0093003B
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00930FC1
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00930016
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00930FDE
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00D10051
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00D1000A
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00D10FAF
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00D10062
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00D10FE5
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00D1001B
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00D10FCA
.text C:\Windows\system32\svchost.exe[1096] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00D70FEF
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00DA0098
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00DA0F52
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00DA0F2D
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00DA00C4
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00DA0076
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00DA0FCD
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00DA0065
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00DA0054
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00DA0F77
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00DA0FB2
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00DA0043
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00DA0087
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00DA00D5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00DA000A
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00DA0FDE
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00DA00B3
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00930FDB
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 774B8B63 5 Bytes JMP 00930066
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0093003A
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 0093000C
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00930055
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00930029
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00D90F8D
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00D90025
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00D90040
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00D90FD4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00D90FC3
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00DB0FE5
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenA 770703DD 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenUrlA 770720A3 5 Bytes JMP 00080FD4
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenW 77072A58 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1272] WinInet.dll!InternetOpenUrlW 770BAF79 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00110073
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00110062
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 001100A9
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00110F12
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00110047
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00110014
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00110F6D
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00110036
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00110F52
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00110F8A
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00110025
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00110F37
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00110EF7
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00110FD4
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00110FE5
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00110FC3
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 0011008E
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0007004C
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!system 774B8B63 5 Bytes JMP 00070FB7
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00070027
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00070FD2
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 000A0F94
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[1324] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00120FEF
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00070F3F
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00070F50
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00070F1A
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 000700B1
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00070F83
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00070F94
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00070FAF
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00070F72
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00070036
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00070F61
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000700CC
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[1372] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 000700A0
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00050FB7
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!system 774B8B63 5 Bytes JMP 00050038
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00050FE3
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00050FC8
.text C:\Windows\System32\svchost.exe[1372] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0005001D
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00060069
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00060033
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00060044
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 0006007A
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00060FDB
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00060022
.text C:\Windows\System32\svchost.exe[1372] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00270FE5
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00010093
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00010082
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 000100D3
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 000100B8
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00010F7C
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 0001002F
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010F97
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 0001004A
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00010F6B
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010FA8
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010FC3
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00010071
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000100EE
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[1404] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F3C
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00090FA6
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!system 774B8B63 5 Bytes JMP 00090FB7
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00090FD2
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00090FEF
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 0009001D
.text C:\Windows\System32\svchost.exe[1404] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 000A006C
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 000A0036
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 000A0000
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 000A0051
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 000A0FAF
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 000A0FDB
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 000A0011
.text C:\Windows\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 000A0FC0
.text C:\Windows\System32\svchost.exe[1404] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenA 770703DD 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenUrlA 770720A3 5 Bytes JMP 00720040
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenW 77072A58 5 Bytes JMP 00720025
.text C:\Windows\System32\svchost.exe[1404] WININET.dll!InternetOpenUrlW 770BAF79 5 Bytes JMP 0072005B
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00760F3A
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00760F55
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 007600D1
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 007600B6
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00760F92
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00760FDE
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00760076
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 0076004A
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00760F81
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00760FC3
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00760F70
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00760F29
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 0076002F
.text C:\Windows\system32\svchost.exe[1460] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 0076009B
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00220F90
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!system 774B8B63 5 Bytes JMP 00220FAB
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00220FC6
.text C:\Windows\system32\svchost.exe[1460] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00220FE3
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00270051
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00270FB9
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00270040
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00270F9E
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00270FD4
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 0027002F
.text C:\Windows\system32\svchost.exe[1460] WS2_32.dll!socket 77B536D1 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00310093
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00310082
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00310F0D
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 003100A4
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00310F68
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00310FAF
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 0031004C
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00310025
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00310067
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00310F83
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00310F9E
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00310F57
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 003100BF
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00310FD4
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[1576] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00310F28
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00260F6B
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!system 774B8B63 5 Bytes JMP 00260F90
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00260FBC
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00260FE3
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00260FAB
.text C:\Windows\system32\svchost.exe[1576] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00260000
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 0027002F
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 0027004A
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00270FB2
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00270FD4
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00270014
.text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00270FC3
.text C:\Windows\system32\svchost.exe[1576] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 779D1929 3 Bytes JMP 00290F57
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW + 4 779D192D 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 779D19C9 3 Bytes JMP 00290F68
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA + 4 779D19CD 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 779D1C01 3 Bytes JMP 002900CC
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW + 4 779D1C05 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 779D1C36 3 Bytes JMP 00290F2B
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA + 4 779D1C3A 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 779D1DD1 3 Bytes JMP 00290F83
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect + 4 779D1DD5 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 779D5C44 3 Bytes JMP 00290025
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW + 4 779D5C48 1 Byte [88]
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00290F94
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00290FAF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00290078
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00290051
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00290036
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00290089
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 002900DD
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00290FD4
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00290014
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00290F3C
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00260031
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!system 774B8B63 5 Bytes JMP 00260F9C
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 0026000C
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00260FE3
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00260FC1
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00260FD2
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00270076
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 0027004A
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00270065
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00270087
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00270FDE
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!socket 77B536D1 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00010F79
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 000100BF
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 000100EE
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00010FB6
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010090
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00010073
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010FC7
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000100FF
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[2460] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00050FA4
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!system 774B8B63 5 Bytes JMP 00050FB5
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00050011
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00050FE3
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00050FC6
.text C:\Windows\system32\svchost.exe[2460] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00050000
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00060F97
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00060FA8
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00060054
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00060FDE
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 00060014
.text C:\Windows\system32\svchost.exe[2460] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 0006002F
.text C:\Windows\system32\svchost.exe[2460] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 00010F50
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00010096
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 00010F1A
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 000100B1
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 00010056
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010F7C
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 00010F6B
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010F8D
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 00010071
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 000100CC
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 00010025
.text C:\Windows\System32\svchost.exe[3360] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F3F
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 0005005F
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!system 774B8B63 5 Bytes JMP 0005004E
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00050033
.text C:\Windows\System32\svchost.exe[3360] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00060F97
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyA 7790B8AE 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00060FB2
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 0006004A
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[3360] WS2_32.dll!socket 77B536D1 5 Bytes JMP 00750FEF
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!GetStartupInfoW 779D1929 5 Bytes JMP 000100EE
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!GetStartupInfoA 779D19C9 5 Bytes JMP 00010FA8
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateProcessW 779D1C01 5 Bytes JMP 000100FF
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateProcessA 779D1C36 5 Bytes JMP 00010F68
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!VirtualProtect 779D1DD1 5 Bytes JMP 0001009D
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateNamedPipeW 779D5C44 5 Bytes JMP 0001002C
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryExW 779F30C3 5 Bytes JMP 00010076
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryW 779F361F 5 Bytes JMP 00010FCA
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!VirtualProtectEx 779F8D7E 5 Bytes JMP 000100AE
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryExA 779F9469 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!LoadLibraryA 779F9491 5 Bytes JMP 00010047
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreatePipe 77A00284 5 Bytes JMP 000100D3
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!GetProcAddress 77A1B8B6 5 Bytes JMP 00010110
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateFileW 77A1CC4E 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateFileA 77A1CF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!CreateNamedPipeA 77A641F6 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[3536] kernel32.dll!WinExec 77A653E7 5 Bytes JMP 00010F8D
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyExA 7790B5E7 5 Bytes JMP 00050F72
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyA 7790B8AE 5 Bytes JMP 00050F9E
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyA 77910BF5 5 Bytes JMP 00050FEF
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyW 7791B83D 5 Bytes JMP 00050F8D
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegCreateKeyExW 7791BCE1 5 Bytes JMP 00050F61
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyExA 7791D4E8 5 Bytes JMP 00050FCA
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyW 77923CB0 5 Bytes JMP 0005000A
.text C:\Windows\Explorer.EXE[3536] ADVAPI32.dll!RegOpenKeyExW 7792F09D 5 Bytes JMP 00050FB9
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_wsystem 774B8A47 5 Bytes JMP 00060036
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!system 774B8B63 5 Bytes JMP 0006001B
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_creat 774BC6F1 5 Bytes JMP 00060FAB
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_open 774BDA7E 5 Bytes JMP 00060FE3
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_wcreat 774BDC9E 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[3536] msvcrt.dll!_wopen 774BDE79 5 Bytes JMP 00060FD2
.text C:\Windows\Explorer.EXE[3536] WS2_32.dll!socket 77B536D1 5 Bytes JMP 02F30000
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenA 770703DD 5 Bytes JMP 0332000A
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenUrlA 770720A3 5 Bytes JMP 03320FDE
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenW 77072A58 5 Bytes JMP 03320FEF
.text C:\Windows\Explorer.EXE[3536] WININET.dll!InternetOpenUrlW 770BAF79 5 Bytes JMP 03320039

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAJ1NR27.jpg 4759 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAKSYIUW.jpg 1773 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMFJ6FE.jpg 1656 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMUHNG0.jpg 2738 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMZ5WB6.jpg 2443 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAO39XXD.jpg 1868 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAODHXYK.jpg 3891 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAOYJDFM.jpg 2330 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPDHNES.jpg 2480 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPSYRLE.jpg 2558 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPTFHZJ.jpg 4206 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQDEAVN.jpg 3129 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQF3PIO.jpg 2253 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCARBTJ8T.jpg 2470 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAT4VIUV.jpg 4271 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCATFFNWT.jpg 1570 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAU68LBC.jpg 3095 bytes
File C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys 38400 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gaopdxcounter 4 bytes
File C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll 19456 bytes executable

---- EOF - GMER 1.0.15 ----
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby dan12 » March 18th, 2009, 1:33 pm

Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Services
C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
    

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Can you update malwarebytes and do me a quick scan now.
Follow it up with another gmer scan.
Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Hijacked Firefox browser

Unread postby chicane » March 18th, 2009, 10:39 pm

Dan I was not able to update the MBAM, I have the results from OTMoveIT and gmer.

========= SERVICES/DRIVERS ==========
Service\Driver C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys not found.
Service\Driver C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03182009_214538

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-18 22:32:53
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8BC5E9BE]
Code 8A3BC378 ZwEnumerateKey
Code 8A3C22D0 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BC5E9FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8BC5EA3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8BC5E930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8BC5E944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8BC5E9D2]
Code 8AC154D8 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8BC5EA67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8BC5EA53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8BC5E996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BC5EA2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BC5EA12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BC5E9E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8BC5E982]
Code 8AC4C52D IofCallDriver
Code 8A384306 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81C2E18C 5 Bytes JMP 8BC5E9EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCompleteRequest 81C40FE2 5 Bytes JMP 8A38430B
.text ntkrnlpa.exe!IofCallDriver 81CC2F6F 5 Bytes JMP 8AC4C532

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[252] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00010F48
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 0001008E
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 000100BD
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 00010F26
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 0001007D
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 0001002C
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 0001006C
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00010F88
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00010FC0
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00010F6D
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 00010F0B
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00010011
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[252] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 00010F37
.text C:\Windows\System32\svchost.exe[252] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00090042
.text C:\Windows\System32\svchost.exe[252] msvcrt.dll!system 76608B63 5 Bytes JMP 00090FAD
.text C:\Windows\System32\svchost.exe[252] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[252] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00090FEF
.text C:\Windows\System32\svchost.exe[252] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00090027
.text C:\Windows\System32\svchost.exe[252] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00090FDE
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 000A007D
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 000A0058
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 000A0FDB
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 000A0FC0
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 000A0036
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 000A001B
.text C:\Windows\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 000A0047
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00570F26
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00570F41
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 005700A2
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 00570091
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00570F6D
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00570FC0
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00570051
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00570F94
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00570062
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00570036
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00570FA5
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00570F5C
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 005700BD
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00570011
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00570000
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00570FDB
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 00570F15
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00550F79
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00550FA5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00550000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00550F94
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00550040
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00550FC0
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00550FE5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00550011
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00560F9A
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 76608B63 5 Bytes JMP 00560025
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 0056000A
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00560FEF
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00560FB5
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00560FD2
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 775C36D1 5 Bytes JMP 009D000A
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00220F41
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00220091
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 002200D8
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 002200C7
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00220F81
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00220FCA
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00220F9E
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00220051
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00220076
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00220FAF
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00220040
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00220F66
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 00220F26
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 0022001B
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00220000
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00220FE5
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 002200A2
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00200F68
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00200F94
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00200FE5
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00200F79
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 0020001B
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00200000
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00200FD4
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00200FAF
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 0021001E
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!system 76608B63 5 Bytes JMP 00210F93
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00210FB5
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00210FEF
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00210FA4
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00210FD2
.text C:\Windows\system32\lsass.exe[704] WS2_32.dll!socket 775C36D1 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00970086
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00970F40
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 00970F0A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 00970F1B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00970064
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00970FD1
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00970F8A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00970F9B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00970F6F
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 0097003D
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00970FB6
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00970075
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 00970EF9
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00970011
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00970022
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 009700A1
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 0096005B
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 76608B63 5 Bytes JMP 00960040
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00960FC6
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 0096001B
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00960FE3
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 008B0F80
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 008B001B
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 008B0F6F
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 008B0FDE
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 008B0FB9
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 0022009A
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00220F5E
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 00220F28
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 00220F39
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 0022006E
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00220FCA
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00220F94
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00220FA5
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00220F83
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00220047
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 0022002C
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00220089
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 00220F03
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00220FDB
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 002200B5
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00200FBC
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!system 76608B63 5 Bytes JMP 0020003D
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 0020002C
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00200FCD
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00200011
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 001F0069
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 001F0033
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 001F004E
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 001F0084
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 001F0022
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 001F0FD1
.text C:\Windows\system32\svchost.exe[884] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00270000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00730096
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00730F5A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 00730F17
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 007300B8
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00730F7F
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00730FCD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00730F90
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00730FB2
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 0073006A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00730FA1
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 0073002F
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 0073007B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 007300C9
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00730FEF
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00730FDE
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 007300A7
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00640F90
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!system 76608B63 5 Bytes JMP 00640FA1
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00640011
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00640000
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00640FBC
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00640FE3
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00630069
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 0063003D
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00630000
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 0063004E
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00630FAC
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00630022
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 75D73CB0 3 Bytes JMP 00630011
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW + 4 75D73CB4 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 3 Bytes JMP 00630FD1
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW + 4 75D7F0A1 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00740FEF
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 01CC0F35
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 01CC0071
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 01CC0F1A
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 01CC00B1
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 01CC0F61
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 01CC0014
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 01CC0045
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 01CC0F97
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 01CC0F50
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 01CC0F7C
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 01CC0FA8
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 01CC0060
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 01CC0F09
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 01CC0FDE
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 01CC0FEF
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 01CC0FC3
.text C:\Windows\System32\svchost.exe[996] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 01CC00A0
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 01CB0F90
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!system 76608B63 5 Bytes JMP 01CB001B
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 01CB0FC6
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 01CB0FE3
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 01CB0FAB
.text C:\Windows\System32\svchost.exe[996] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 01CB0000
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 01360036
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 01360FAF
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 01360FE5
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 01360F9E
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 01360051
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 01360FD4
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 0136000A
.text C:\Windows\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 0136001B
.text C:\Windows\System32\svchost.exe[996] WS2_32.dll!socket 775C36D1 5 Bytes JMP 01CD0FE5
.text C:\Windows\System32\svchost.exe[996] WININET.DLL!InternetOpenA 764F03DD 5 Bytes JMP 01370000
.text C:\Windows\System32\svchost.exe[996] WININET.DLL!InternetOpenUrlA 764F20A3 5 Bytes JMP 01370FCA
.text C:\Windows\System32\svchost.exe[996] WININET.DLL!InternetOpenW 764F2A58 5 Bytes JMP 01370FE5
.text C:\Windows\System32\svchost.exe[996] WININET.DLL!InternetOpenUrlW 7653AF79 5 Bytes JMP 01370FB9
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 01830F0E
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 01830F29
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 01830ED1
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 01830EEC
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 01830F5F
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 01830FA8
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 01830F7C
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 0183002F
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 01830F44
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 01830F8D
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 01830014
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 01830054
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetProcAddress 766AB8B6 2 Bytes JMP 01830EB6
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetProcAddress + 3 766AB8B9 2 Bytes [18, 8B]
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 01830FDE
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 01830FEF
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 01830FB9
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 01830EFD
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 017E0F95
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!system 76608B63 5 Bytes JMP 017E0FA6
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 017E0FD2
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 017E0FEF
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 017E0FC1
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 017E000C
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00DB0FC0
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00DB0051
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00DB0FEF
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00DB0062
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00DB0FAF
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00DB0011
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00DB0000
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00DB0036
.text C:\Windows\System32\svchost.exe[1156] WS2_32.dll!socket 775C36D1 5 Bytes JMP 01840000
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 012A00A4
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 012A0093
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 012A0F0D
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 012A0F1E
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 012A0071
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 012A0014
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 012A0060
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 012A002F
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 76688D7E 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 012A0082
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 012A0F97
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 012A0FA8
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 012A0F68
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 012A0EF2
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 012A0FD4
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 012A0FE5
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 012A0FC3
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 012A0F39
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 01290053
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!system 76608B63 5 Bytes JMP 01290038
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 0129001D
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 01290000
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 01290FC8
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 01290FE3
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 01140F94
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 0114002C
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 01140FA5
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 01140047
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 01140000
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 01140FCA
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 0114001B
.text C:\Windows\system32\svchost.exe[1180] WS2_32.dll!socket 775C36D1 5 Bytes JMP 012B0000
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00070F49
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00070F5A
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 000700CC
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 000700BB
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00070F7C
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00070FD4
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00070F8D
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00070040
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 0007007B
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00070FA8
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00070F6B
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 000700DD
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00070025
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 000700A0
.text C:\Windows\System32\svchost.exe[1328] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00060FCD
.text C:\Windows\System32\svchost.exe[1328] msvcrt.dll!system 76608B63 5 Bytes JMP 0006004E
.text C:\Windows\System32\svchost.exe[1328] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[1328] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[1328] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00060FDE
.text C:\Windows\System32\svchost.exe[1328] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 0006001D
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00050F9B
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 0005002C
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 0005003D
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00050062
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00050FC0
.text C:\Windows\System32\svchost.exe[1328] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 01060093
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 01060F4D
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 01060F17
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 01060F32
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 01060060
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 0106000A
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 01060F7C
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 01060F9E
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 01060071
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 01060F8D
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 01060025
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 01060082
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 01060F06
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 01060FD4
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 01060FE5
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 01060FB9
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 010600A4
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00DF0F8B
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!system 76608B63 5 Bytes JMP 00DF0F9C
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00DF000C
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00DF0FB7
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00320091
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00320076
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 003200B6
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00320025
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 0032005B
.text C:\Windows\system32\svchost.exe[1340] WS2_32.dll!socket 775C36D1 5 Bytes JMP 010F0000
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenA 764F03DD 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenUrlA 764F20A3 5 Bytes JMP 009D0FD4
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenW 764F2A58 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenUrlW 7653AF79 5 Bytes JMP 009D0025
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00830F54
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 008300A4
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 00830F28
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 008300BF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00830F9E
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 0083002C
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00830078
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00830FAF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00830089
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00830051
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00830FCA
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00830F79
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 008300DA
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00830FEF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 0083001B
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 00830F43
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00820038
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!system 76608B63 5 Bytes JMP 00820FB7
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00820FE3
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00820000
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00820FC8
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 0082001D
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00810F9E
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00810FAF
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00810000
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00810036
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 0081005B
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00810FDB
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00810011
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00810FCA
.text C:\Windows\system32\svchost.exe[1504] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00250093
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00250078
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 002500B8
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 00250F21
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 0025004C
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00250F9E
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00250F68
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00250025
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00250F4D
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00250F83
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00250014
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 0025005D
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 002500D3
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00250FCA
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00250FE5
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00250FB9
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 00250F32
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 001B0FB7
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!system 76608B63 5 Bytes JMP 001B0FC8
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 001B0FE3
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 001B002E
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 001B0011
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00180FB9
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00180051
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00180FCA
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00180076
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00180FE5
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 0018001B
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00180036
.text C:\Windows\system32\svchost.exe[1512] WS2_32.dll!socket 775C36D1 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00940F63
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 009400A9
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 00940F48
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 009400DF
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00940076
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00940FD4
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00940065
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 0094004A
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 00940087
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00940FA8
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00940FC3
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00940098
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetProcAddress

Part 1
Last edited by chicane on March 18th, 2009, 10:41 pm, edited 1 time in total.
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby chicane » March 18th, 2009, 10:41 pm

part 2


.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00940025
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 0094000A
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[1744] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 009400C4
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 008B0027
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!system 76608B63 5 Bytes JMP 008B0F9C
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 008B0FD2
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 008B0FB7
.text C:\Windows\system32\svchost.exe[1744] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00310F97
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00310FB2
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00310F7C
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 0031002F
.text C:\Windows\system32\svchost.exe[1744] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00950FEF
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00720098
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00720F52
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 007200D8
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 007200BD
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 0072006C
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00720FD4
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 0072005B
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 0072004A
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 0072007D
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00720F9E
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00720FB9
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00720F6D
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 00720F26
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 0072000A
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00720FEF
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 0072001B
.text C:\Windows\Explorer.EXE[2500] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 00720F41
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 0016004A
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 0016002F
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00160FEF
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 00160FA8
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00160065
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00160FDE
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 0016000A
.text C:\Windows\Explorer.EXE[2500] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00160FC3
.text C:\Windows\Explorer.EXE[2500] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 001B0078
.text C:\Windows\Explorer.EXE[2500] msvcrt.dll!system 76608B63 5 Bytes JMP 001B005D
.text C:\Windows\Explorer.EXE[2500] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 001B0FE3
.text C:\Windows\Explorer.EXE[2500] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 001B000C
.text C:\Windows\Explorer.EXE[2500] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 001B0042
.text C:\Windows\Explorer.EXE[2500] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 001B001D
.text C:\Windows\Explorer.EXE[2500] WS2_32.dll!socket 775C36D1 5 Bytes JMP 02EE0FE5
.text C:\Windows\Explorer.EXE[2500] WININET.dll!InternetOpenA 764F03DD 5 Bytes JMP 03080000
.text C:\Windows\Explorer.EXE[2500] WININET.dll!InternetOpenUrlA 764F20A3 5 Bytes JMP 03080FD4
.text C:\Windows\Explorer.EXE[2500] WININET.dll!InternetOpenW 764F2A58 5 Bytes JMP 03080FE5
.text C:\Windows\Explorer.EXE[2500] WININET.dll!InternetOpenUrlW 7653AF79 5 Bytes JMP 03080025
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00010F5A
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 00010F6B
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 000100E0
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 00010F49
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 00010F97
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00010039
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 0001008C
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00010F7C
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 000100FB
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[3692] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 000100C5
.text C:\Windows\system32\svchost.exe[3692] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00090053
.text C:\Windows\system32\svchost.exe[3692] msvcrt.dll!system 76608B63 5 Bytes JMP 00090FC8
.text C:\Windows\system32\svchost.exe[3692] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 0009001D
.text C:\Windows\system32\svchost.exe[3692] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[3692] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00090038
.text C:\Windows\system32\svchost.exe[3692] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 00090FE3
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 000A0051
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 000A000A
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 000A0FCA
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 000A0091
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\svchost.exe[3692] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 000A0036
.text C:\Windows\system32\svchost.exe[3692] WS2_32.dll!socket 775C36D1 5 Bytes JMP 000B0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!GetStartupInfoW 76661929 5 Bytes JMP 00020F46
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!GetStartupInfoA 766619C9 5 Bytes JMP 0002008C
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreateProcessW 76661C01 5 Bytes JMP 00020F1A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreateProcessA 76661C36 5 Bytes JMP 000200B1
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!VirtualProtect 76661DD1 5 Bytes JMP 0002006A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreateNamedPipeW 76665C44 5 Bytes JMP 00020FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!LoadLibraryExW 766830C3 5 Bytes JMP 00020F86
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!LoadLibraryW 7668361F 5 Bytes JMP 00020FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!VirtualProtectEx 76688D7E 5 Bytes JMP 0002007B
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!LoadLibraryExA 76689469 5 Bytes JMP 00020F97
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!LoadLibraryA 76689491 5 Bytes JMP 00020FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreatePipe 76690284 5 Bytes JMP 00020F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!GetProcAddress 766AB8B6 5 Bytes JMP 00020F09
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreateFileW 766ACC4E 5 Bytes JMP 00020FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreateFileA 766ACF71 5 Bytes JMP 00020000
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!CreateNamedPipeA 766F41F6 5 Bytes JMP 00020011
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] kernel32.dll!WinExec 766F53E7 5 Bytes JMP 00020F2B
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegCreateKeyExA 75D5B5E7 5 Bytes JMP 00060F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegCreateKeyA 75D5B8AE 5 Bytes JMP 00060FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegOpenKeyA 75D60BF5 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegCreateKeyW 75D6B83D 5 Bytes JMP 0006002F
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegCreateKeyExW 75D6BCE1 5 Bytes JMP 00060F72
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegOpenKeyExA 75D6D4E8 5 Bytes JMP 00060014
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegOpenKeyW 75D73CB0 5 Bytes JMP 00060FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] ADVAPI32.dll!RegOpenKeyExW 75D7F09D 5 Bytes JMP 00060FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxIndirectParamW 7616BD25 5 Bytes JMP 6F3D5CBB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxParamW 76181FD5 5 Bytes JMP 6F3D5C45 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxParamA 761A80B2 5 Bytes JMP 6F3D5C80 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxIndirectParamA 761A83DD 5 Bytes JMP 6F3D5CF6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxIndirectA 761BD471 5 Bytes JMP 6F3D5C01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxIndirectW 761BD56B 5 Bytes JMP 6F3D5BBD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxExA 761BD5D1 5 Bytes JMP 6F3D5B83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxExW 761BD5F5 5 Bytes JMP 6F3D5B49 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] msvcrt.dll!_wsystem 76608A47 5 Bytes JMP 00170038
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] msvcrt.dll!system 76608B63 5 Bytes JMP 00170027
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] msvcrt.dll!_creat 7660C6F1 5 Bytes JMP 00170FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] msvcrt.dll!_open 7660DA7E 5 Bytes JMP 00170FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] msvcrt.dll!_wcreat 7660DC9E 5 Bytes JMP 00170FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] msvcrt.dll!_wopen 7660DE79 5 Bytes JMP 0017000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] SHELL32.dll!SHRestricted + DFD 767C8390 4 Bytes [99, 0B, 0D, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] SHELL32.dll!SHRestricted + E05 767C8398 8 Bytes [A7, 0A, 0D, 6E, A4, 32, 0C, ...] {CMPSD ; OR CL, [0xc32a46e]; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] SHELL32.dll!SHBindToObject + 693 767CA9B8 4 Bytes [99, 0B, 0D, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] SHELL32.dll!SHBindToObject + 69B 767CA9C0 4 Bytes [A7, 0A, 0D, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WS2_32.dll!recv 775C343A 5 Bytes JMP 0099000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WS2_32.dll!socket 775C36D1 5 Bytes JMP 00180000
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WS2_32.dll!WSASend 775C4496 5 Bytes JMP 009A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WS2_32.dll!send 775C659B 5 Bytes JMP 0098000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WS2_32.dll!WSARecv 775C8400 5 Bytes JMP 009B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WININET.dll!InternetOpenA 764F03DD 5 Bytes JMP 00940FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WININET.dll!InternetOpenUrlA 764F20A3 5 Bytes JMP 0094000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WININET.dll!InternetOpenW 764F2A58 5 Bytes JMP 00940FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4024] WININET.dll!InternetOpenUrlW 7653AF79 5 Bytes JMP 00940FB9

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E0BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E0BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E0BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E0BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E0BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E0BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E0BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E0BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E0BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E0BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E0BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E0BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E0BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E0C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E0BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E0C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E0BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E0BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E0BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E0CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E0CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E0CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E0CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E0CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E0CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E0CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E0C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E0BFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E0BFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E0C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E0BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E0B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E0BEBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E0B8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E0BE3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E0BE9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E0BC1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E0B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E0BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E0B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E0BE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E0BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E0BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E0BEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E0BDDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E0BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E0BBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E0BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E0BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E0BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E0BE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E0BA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E0BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E0BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E0B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E0BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E0C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E0BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E0BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E0B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E0B8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E0BBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E0BFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E0BFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E0C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E0BEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E0B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E0BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E0BCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E0BCE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E0CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E0CC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E0CCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E0CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E0CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E0CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E0CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E0CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E0CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E0CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E0CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E0CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E0CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E0CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E0CDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E0CE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E0CDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E0CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E0BA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E0BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E0BE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E0BA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E0BAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E0BC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E0BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E0B9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E0BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E0BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E0C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E0C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E0B9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E0B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E0BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E0BA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E0BEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E0BE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E0BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E0B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E0B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E0BDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E0B94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E0BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E0BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E0B8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E0BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E0B9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E0BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E0BC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E0BCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E0BCA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E0CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E0CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6E0CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6E0CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E0CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E0CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E0CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E0CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E0CD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6E0CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6E0CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6E0CC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E0CC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6E0CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E0CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6E0CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E0C91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E0C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E0C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E0BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E0BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E0BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E0B94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E0B8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E0BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E0BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E0B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E0BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6E0CD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6E067C75] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E0CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6E0CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6E0CDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6E0CCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E0CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E0CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6E0CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6E0CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6E0CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6E0CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E0CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E0CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E0CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6E0CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E0CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E0C5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E0C5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E0C4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E0C50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E0C519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E0C40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E0C5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E0C619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E0C53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E0C61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4024] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E0C3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAJ1NR27.jpg 4759 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAKSYIUW.jpg 1773 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMFJ6FE.jpg 1656 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMUHNG0.jpg 2738 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMZ5WB6.jpg 2443 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAO39XXD.jpg 1868 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAODHXYK.jpg 3891 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAOYJDFM.jpg 2330 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPDHNES.jpg 2480 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPSYRLE.jpg 2558 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPTFHZJ.jpg 4206 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQDEAVN.jpg 3129 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQF3PIO.jpg 2253 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCARBTJ8T.jpg 2470 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAT4VIUV.jpg 4271 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCATFFNWT.jpg 1570 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAU68LBC.jpg 3095 bytes
File C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys 38400 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gaopdxcounter 4 bytes
File C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll 19456 bytes executable

---- EOF - GMER 1.0.15 ----
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby dan12 » March 19th, 2009, 2:22 am

  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:files 
C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll 
    

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Try updating malwarebytes now and do me a quick scan.

Then post me a further gmer scan as before.
malwarebytes report
HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Hijacked Firefox browser

Unread postby chicane » March 23rd, 2009, 6:41 pm

Hi Dan was not able to update any AV software but did perform the actions u asked for.

========== FILES ==========
File/Folder C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_201221


GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-23 18:31:00
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8B6609BE]
Code 8A7AD308 ZwEnumerateKey
Code 8A7B4308 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B6609FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8B660A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8B660930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8B660944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8B6609D2]
Code 8AE1A2C0 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8B660A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8B660A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8B660996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B660A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B660A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B6609E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8B660982]
Code 8A691C6D IofCallDriver
Code 8A6577CE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 81C7018C 5 Bytes JMP 8B6609EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCompleteRequest 81C82FE2 5 Bytes JMP 8A6577D3
.text ntkrnlpa.exe!IofCallDriver 81D04F6F 5 Bytes JMP 8A691C72

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 00180F32
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00180F4D
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 001800D3
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 001800B8
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00180F94
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 0018002C
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00180078
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 00180FB9
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 00180F79
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 0018005B
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 00180FCA
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00180F68
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00180F21
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0018000A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 00180FE5
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0018001B
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 0018009D
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00170F94
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00170FCA
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00170000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00170FA5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00170F83
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00170025
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00170FE5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00170036
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 001A0FB2
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 76FD8B63 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 001A002C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 001A0000
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 001A003D
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 001A0011
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 771636D1 5 Bytes JMP 00270000
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000D0F63
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000D0F74
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000D00F0
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000D00DF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000D007D
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000D006C
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000D0FCA
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000D008E
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000D0FAF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000D0051
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000D009F
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000D0F3E
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000D001B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000D0000
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000D0036
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000D00C4
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 000B0062
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 000B003D
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 000B0FA5
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 000B001B
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 000B0000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 000B002C
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 007D0042
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!system 76FD8B63 5 Bytes JMP 007D0031
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 007D0FD2
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 007D0FE3
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 007D0FC1
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 007D0000
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 771636D1 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 003500A0
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00350F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 003500C2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 00350F35
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00350071
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00350025
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00350F97
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 75A9361F 3 Bytes JMP 00350FC3
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW + 4 75A93623 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 75A98D7E 3 Bytes JMP 00350F7C
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx + 4 75A98D82 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 75A99469 3 Bytes JMP 00350FB2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA + 4 75A9946D 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 75A99491 3 Bytes JMP 0035004A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA + 4 75A99495 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 75AA0284 3 Bytes JMP 00350F6B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe + 4 75AA0288 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00350F06
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0035000A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 00350FD4
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 003500B1
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 00360FBE
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00360FCF
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 0036002E
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 0036000C
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00360049
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 0036001D
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 002E0F8D
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 002E0FA8
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 002E0FE5
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 002E002F
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 002E0F7C
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 002E0FB9
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 771636D1 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000C0F66
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000C00AC
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000C00EC
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000C00DB
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000C006F
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000C0FCA
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000C0F8B
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000C004A
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000C0080
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000C0FA8
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000C009B
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000C0107
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000C0025
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000C0F55
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000D0FA6
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000D0FB7
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000D0011
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 000B003D
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 000B0000
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 000B0F9B
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 000B004E
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 000B0FDB
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 000B0011
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 000B002C
.text C:\Windows\system32\svchost.exe[888] WS2_32.dll!socket 771636D1 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000D0F5F
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000D00A5
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000D0F22
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000D0F33
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000D0F8B
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000D0014
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000D0065
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000D0FB2
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000D0F70
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000D0054
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000D0039
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000D0080
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000D00CA
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000D0FD4
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000D0F4E
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000E006E
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000E0053
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000E0FE3
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000E0042
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000E001D
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 000C005B
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 000C0040
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 000C0076
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 000C000A
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 000C001B
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!socket 771636D1 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 01400F57
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 014000A7
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 014000DD
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 014000C2
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 01400F94
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 01400FD4
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 01400FA5
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 01400047
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 01400F83
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 01400062
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 01400036
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 01400F72
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 014000EE
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0140000A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 01400FE5
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0140001B
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 01400F3C
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 01DC002C
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!system 76FD8B63 5 Bytes JMP 01DC0FA1
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 01DC0FCD
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 01DC0FEF
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 01DC0FBC
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 01DC0FDE
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 013F0051
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 013F0FB9
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 013F000A
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 013F0040
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 013F006C
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 013F0025
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 013F0FE5
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 013F0FCA
.text C:\Windows\System32\svchost.exe[1008] WS2_32.dll!socket 771636D1 5 Bytes JMP 01DD0FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenA 76C103DD 5 Bytes JMP 01DB0FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenUrlA 76C120A3 5 Bytes JMP 01DB001E
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenW 76C12A58 5 Bytes JMP 01DB0FDE
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenUrlW 76C5AF79 5 Bytes JMP 01DB0FCD
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 001B00C7
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 001B0F81
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 001B00D8
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 001B0F41
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 001B0076
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 001B002F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 001B0065
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 001B0FA8
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 001B0091
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 001B004A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 001B0FC3
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 001B00A2
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 001B0F1C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 001B0014
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 001B0FEF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 001B0FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 001B0F66
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 001C0FB9
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 76FD8B63 5 Bytes JMP 001C0FD4
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 001C0029
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 001C0FEF
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 001C0044
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 001C0018
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 001A0047
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 001A0036
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 001A0FA5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 001A0F8A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 001A0FDB
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 001A0FC0
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 771636D1 5 Bytes JMP 001D0FEF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 01000F57
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 010000A7
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 010000DD
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 010000C2
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 01000082
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 01000025
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 01000FA8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0100005B
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 01000F83
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 01000FB9
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 01000040
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 01000F72
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 010000F8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0100000A
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 01000FEF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 01000FDE
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 01000F46
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 01050FA6
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!system 76FD8B63 5 Bytes JMP 01050031
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 01050FC1
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 01050FEF
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 01050016
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 01050FD2
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00DF004E
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00DF003D
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00DF0FAC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00DF0069
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00DF002C
.text C:\Windows\System32\svchost.exe[1160] WS2_32.dll!socket 771636D1 5 Bytes JMP 01060FE5
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 010D0F74
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 010D0F85
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 010D00DF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 010D0F48
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 010D0095
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 010D002C
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 010D0084
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 010D0058
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 010D00A6
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 010D0073
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 010D0047
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 010D0F96
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 010D0F2D
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 010D0000
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 010D0FE5
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 010D0011
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 010D0F59
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 010E0069
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 76FD8B63 5 Bytes JMP 010E0FD4
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 010E0029
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 010E000C
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 010E0044
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 010E0FEF
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 010C002C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 010C001B
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 010C0FE5
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 010C0F8A
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 010C0F6F
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 010C0FB9
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 010C0FD4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 010C000A
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 771636D1 5 Bytes JMP 01270FEF
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 01050F08
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 01050058
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 01050084
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 01050069
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 01050F5C
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 01050FB6
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 01050F6D
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 01050022
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 01050047
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 01050F8A
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 01050F9B
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 01050F2D
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 01050ED2
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 01050011
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 01050000
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 01050FDB
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 01050EF7
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 01130051
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!system 76FD8B63 5 Bytes JMP 01130040
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 0113001B
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 01130FEF
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 01130FC6
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 01130000
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 01000073
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 01000FD1
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 01000058
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 01000FB6
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 0100002C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 0100001B
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 01000047
.text C:\Windows\system32\svchost.exe[1344] WS2_32.dll!socket 771636D1 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenA 76C103DD 5 Bytes JMP 010A0FE5
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenUrlA 76C120A3 5 Bytes JMP 010A0000
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenW 76C12A58 5 Bytes JMP 010A0FCA
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenUrlW 76C5AF79 5 Bytes JMP 010A0011
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 008300B3
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 008300A2
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 00830F4B
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 00830F5C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00830F88
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00830FD1
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 0083006C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 00830047
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 00830F77
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 00830FAF
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 00830FC0
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00830091
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 008300FD
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0083001B
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0083002C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 008300CE
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 0085003A
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 0085000C
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00850FE5
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 0085001D
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 0082005B
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00820040
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00820FB9
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 0082006C
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00820025
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00820014
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00820FD4
.text C:\Windows\system32\svchost.exe[1544] WS2_32.dll!socket 771636D1 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 001D007F
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 001D006E
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 001D00A4
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 001D0F0D
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 001D0F54
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 001D0F6F
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 001D0F94
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 001D0049
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 001D0F39
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 001D0EFC
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 001D0F1E
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 0030004C
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00300027
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 00300FD2
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 00300FE3
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00300FC1
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00070F79
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00070FA5
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[1556] WS2_32.dll!socket 771636D1 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 008C00A9
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 008C0F59
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 008C0F3E
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 008C00CB
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 008C0069
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 008C0058
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 008C0036
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 008C007A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 008C0047
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 008C0F6A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 008C00F0
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 008C0FB9
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 008C00BA
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 008D0058
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!system 76FD8B63 5 Bytes JMP 008D003D
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 008D0022
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 008D0FD7
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 008D0011
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00280FAF
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00280FD4
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00280051
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00280F94
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 0028002C
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 0028001B
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00280FE5
.text C:\Windows\system32\svchost.exe[1728] WS2_32.dll!socket 771636D1 5 Bytes JMP 008E0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000B0F79
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000B00BF
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000B00EE
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000B0F4D
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000B0FA5
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000B0FDB
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000B007F
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000B0051
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000B0F94
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000B0062
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000B0FCA
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000B00A4
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000B0F3C
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000B001B
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000B000A
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000B0036
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000B0F5E
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000C0F7F
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000C000A
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000C0FB5
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000C0FE3
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000C0FA4
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000C0FD2
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00050FA5
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00050F94
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00050011
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000100B5
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00010F79
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 00010F54
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000100E1
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00010FAF
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00010093
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0001005B
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000100A4
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 0001006C
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 0001004A
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00010106
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000100C6
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00090F9B
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00090FB6
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00090000
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 0009003D
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00090062
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00090022
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00090011
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00090FD1
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000A0FB2
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000A0FC3
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000A002C
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000A0000
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000A003D
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000A0011
.text C:\Windows\Explorer.EXE[2960] WS2_32.dll!socket 771636D1 5 Bytes JMP 02D4000A
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenA 76C103DD 5 Bytes JMP 02CB0FE5
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenUrlA 76C120A3 5 Bytes JMP 02CB0FCA
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenW 76C12A58 5 Bytes JMP 02CB0000
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenUrlW 76C5AF79 5 Bytes JMP 02CB001B
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 00010091
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000100CE
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00010054
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00010FBC
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00010039
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0001001E
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 00010F7C
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 00010F97
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00010F55
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00010F1C
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 00010FCD
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000100A2
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 00050FA6
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00050FC1
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 00050FE3
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 0005000C
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00050FD2
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 0005001D
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 0006005B
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 0006000A
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00060FA8
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 0006004A
.text C:\Windows\system32\svchost.exe[3872] WS2_32.dll!socket 771636D1 5 Bytes JMP 00070000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAJ1NR27.jpg 4759 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAKSYIUW.jpg 1773 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMFJ6FE.jpg 1656 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMUHNG0.jpg 2738 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMZ5WB6.jpg 2443 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAO39XXD.jpg 1868 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAODHXYK.jpg 3891 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAOYJDFM.jpg 2330 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPDHNES.jpg 2480 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPSYRLE.jpg 2558 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPTFHZJ.jpg 4206 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQDEAVN.jpg 3129 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQF3PIO.jpg 2253 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCARBTJ8T.jpg 2470 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAT4VIUV.jpg 4271 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCATFFNWT.jpg 1570 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAU68LBC.jpg 3095 bytes
File C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys 38400 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gaopdxcounter 4 bytes
File C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll 19456 bytes executable

---- EOF - GMER 1.0.15 ----
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby chicane » March 23rd, 2009, 6:42 pm

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1

3/23/2009 5:53:26 PM
mbam-log-2009-03-23 (17-53-26).txt

Scan type: Quick Scan
Objects scanned: 71887
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:35 PM, on 3/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\blackjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6398 bytes
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm

Re: Hijacked Firefox browser

Unread postby dan12 » March 23rd, 2009, 7:23 pm

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Hijacked Firefox browser

Unread postby chicane » March 23rd, 2009, 8:05 pm

Hey Dan i did the combofix and HJT scans.




ComboFix 09-03-22.01 - Mark 2009-03-23 19:44:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.424 [GMT -4:00]
Running from: c:\users\Mark\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
c:\windows\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
d:\recycler\S-3-2-33-100017897-100002657-100018779-7230.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-22 00:44 . 2009-03-22 00:44 <DIR> d-------- c:\users\Guest\AppData\Roaming\Malwarebytes
2009-03-21 18:40 . 2009-03-21 18:40 <DIR> d-------- c:\program files\BYOND
2009-03-19 20:47 . 2009-03-19 20:47 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-18 21:44 . 2009-03-18 21:44 <DIR> d-------- C:\_OTMoveIt
2009-03-16 15:02 . 2009-03-16 15:02 <DIR> d-------- c:\users\Mark\AppData\Roaming\Malwarebytes
2009-03-16 13:06 . 2009-03-16 13:06 <DIR> d-------- c:\program files\Trend Micro
2009-03-16 13:04 . 2009-03-16 13:04 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-16 13:04 . 2009-03-16 13:04 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-16 13:04 . 2009-03-16 15:14 <DIR> d-------- c:\program files\getem
2009-03-16 13:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-16 13:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-16 02:01 . 2009-03-16 02:01 <DIR> d-------- c:\program files\Alwil Software
2009-03-15 18:42 . 2009-03-15 18:42 <DIR> d-------- c:\users\Guest\AppData\Roaming\iWin
2009-03-15 18:04 . 2009-03-15 18:04 <DIR> d-------- c:\users\Guest\AppData\Roaming\SPORE Creature Creator
2009-03-15 18:02 . 2009-03-15 18:02 <DIR> d-------- c:\users\Guest\AppData\Roaming\WildTangent
2009-03-14 13:02 . 2009-03-23 19:43 155,053,305 --a------ c:\windows\MEMORY.DMP
2009-03-14 12:05 . 2009-03-16 00:20 <DIR> d-------- c:\users\All Users\Lavasoft
2009-03-14 12:05 . 2009-03-16 00:20 <DIR> d-------- c:\programdata\Lavasoft
2009-03-10 21:53 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 21:53 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 21:53 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 21:53 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 21:53 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 21:53 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-04 17:13 . 2009-03-04 17:13 <DIR> d-------- c:\program files\SopCast
2009-02-23 23:58 . 2009-02-23 23:58 <DIR> d-------- c:\users\Guest\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 12:39 --------- d-----w c:\users\Spoonface\AppData\Roaming\DNA
2009-03-22 01:07 --------- d-----w c:\users\Francis\AppData\Roaming\DNA
2009-03-15 22:47 --------- d-----w c:\programdata\WildTangent
2009-03-11 12:36 --------- d-----w c:\program files\Windows Mail
2009-02-18 01:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 01:15 --------- d-----w c:\programdata\Age of Empires 3 XPack Trial
2009-02-18 01:07 --------- d-----w c:\program files\Microsoft Games
2009-02-18 00:52 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 16:20 --------- d-----w c:\programdata\Yahoo!
2009-02-07 16:15 --------- d-----w c:\programdata\Yahoo! Companion
2009-02-07 16:14 --------- d-----w c:\program files\Yahoo!
2009-02-03 04:00 --------- d-----w c:\programdata\Microsoft Help
2009-02-02 14:16 --------- d-----w c:\program files\Windows Live
2009-02-02 14:16 --------- d-----w c:\program files\Microsoft
2009-02-02 14:15 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-02 14:09 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-01 00:38 --------- d-----w c:\programdata\HipSoft
2009-01-26 04:06 --------- d-----w c:\program files\TVUPlayer
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-20 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-20 215552]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-20 217088]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-06-24 46416]

c:\users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\users\Spoonface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
--a------ 2008-06-12 00:32 90112 c:\program files\HP\DVDPlay\DPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2008-07-03 15:44 972080 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-12-02 23:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-10 20:27 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Universal Installer]
--a------ 2008-03-18 15:50 984616 c:\program files\ComcastUI\Universal Installer\uinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B001402-6987-455D-8B88-287A9A001AE3}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{D299BEBB-B75C-41EE-918A-04226FFEEB5D}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{38BCAA5F-4CF3-4B93-8DE1-12193D71FC3B}"= UDP:c:\program files\Trend Micro\blackjack\HijackThis.exe:HijackThis
"{E8134EF9-BE7B-452D-BD8A-85F418787074}"= TCP:c:\program files\Trend Micro\blackjack\HijackThis.exe:HijackThis
"{DB1E29AE-AAA3-4134-A2D6-AFCB32776FC1}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{B4DB0BD3-CF4D-4BFF-800A-D8803C98ABCA}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{9C454F59-3118-4F1C-9451-282000EE889D}"= UDP:c:\program files\McAfee\MSC\mcshell.exe:McAfee SecurityCenter
"{86F68F1B-0705-46DA-B5C3-BA832CCCFFAA}"= TCP:c:\program files\McAfee\MSC\mcshell.exe:McAfee SecurityCenter
"{DEF4309C-EC09-47EC-A86E-AFFDB60333A5}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{0283AA03-71EF-4316-8410-AFE942FD951B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{4CEDB04A-21EB-4973-A1BB-6230B27DDFC9}"= UDP:c:\program files\TVUPlayer\TVUPlayer.exe:TVUPlayer
"{053EBAFC-6F80-4E74-BCCE-2B58C7590FDB}"= TCP:c:\program files\TVUPlayer\TVUPlayer.exe:TVUPlayer
"{91AC2A05-3393-433B-980E-3F9A5A8A03D3}"= UDP:c:\program files\DivX\DivX Player\DivX Player.exe:DivX Player
"{48364115-3F64-43C2-A36E-8F23D648252C}"= TCP:c:\program files\DivX\DivX Player\DivX Player.exe:DivX Player
"{15AE0B75-CCAF-4EF8-A355-07CD72F28DF3}"= UDP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender
"{4C464214-9D7B-4381-BBAF-DB2B47C2658D}"= TCP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender
"{E7D1FFFF-74C8-47FA-B0B5-3DFA2C364632}"= UDP:c:\program files\Real\RealPlayer\realplay.exe:RealPlayer
"{2E3AAA46-5BAA-4EE4-AF5C-4A7B4560F0AB}"= TCP:c:\program files\Real\RealPlayer\realplay.exe:RealPlayer
"{052D4C23-6624-4CDA-B9B5-328786FB10D7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B40BFB96-A342-42F1-9BAD-DD490E1ED541}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B3EB83ED-7E58-4CEA-91CC-F51CAC96ED70}"= UDP:c:\program files\getem\mbam.exe:Malwarebytes' Anti-Malware
"{DA4FE876-CF6F-4491-BE6D-3450005360AA}"= TCP:c:\program files\getem\mbam.exe:Malwarebytes' Anti-Malware

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 HSXHWBS3;HSXHWBS3;c:\windows\System32\drivers\HSXHWBS3.sys [2008-08-28 207360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91030ee5-792e-11dd-9daa-806e6f6e6963}]
\shell\AutoRun\command - E:\SetupWizard.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{9426B017-53CD-49FB-BB0C-8F784EF64826}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 22:34]

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{ACFFF53C-BEB9-4BDF-BB71-11F3202F57CC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 22:34]

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{AD4C80D7-62B0-4957-AF61-DD6CE5BDF9ED}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 22:34]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\da3y422w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\da3y422w.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 19:48:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-03-23 19:51:34
ComboFix-quarantined-files.txt 2009-03-23 23:51:31

Pre-Run: 196,170,940,416 bytes free
Post-Run: 196,328,448,000 bytes free

210 --- E O F --- 2009-03-11 06:07:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:06 PM, on 3/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\blackjack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6196 bytes
chicane
Regular Member
 
Posts: 19
Joined: March 16th, 2009, 1:47 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware