Also, got Gmer to run somehow...
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-12-30 19:24:25
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT sppw.sys ZwCreateKey [0xF72CA0E0]
SSDT sppw.sys ZwEnumerateKey [0xF72E7CA2]
SSDT sppw.sys ZwEnumerateValueKey [0xF72E8030]
SSDT sppw.sys ZwOpenKey [0xF72CA0C0]
SSDT sppw.sys ZwQueryKey [0xF72E8108]
SSDT sppw.sys ZwQueryValueKey [0xF72E7F88]
SSDT sppw.sys ZwSetValueKey [0xF72E819A]
INT 0x62 ? 86FDBBF8
INT 0x63 ? 86D2FF00
INT 0x73 ? 86D2FF00
INT 0x73 ? 86D2FF00
INT 0x83 ? 86D2FF00
INT 0xB4 ? 86D2FF00
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA1F59AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA1F5958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA1F596C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA1F5A5B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA1F5A87]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1F59EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA1F5B21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA1F5930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA1F5944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA1F59BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA1F5AC9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA1F5A71]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA1F5B49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA1F5B35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA1F5996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA1F5982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1F5A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA1F5B0B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1F5A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1F59D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP AA1F59D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP AA1F59AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP AA1F59EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP AA1F5A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP AA1F59C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP AA1F5934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP AA1F5948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP AA1F5986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP AA1F5970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP AA1F595C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP AA1F599A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP AA1F5A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BC2 7 Bytes JMP AA1F5B0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80619460 7 Bytes JMP AA1F5ACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D34 7 Bytes JMP AA1F5A75 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7A2 7 Bytes JMP AA1F5A5F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A972 7 Bytes JMP AA1F5A8B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCCA 5 Bytes JMP AA1F5B39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3BE 5 Bytes JMP AA1F5B4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4D8 5 Bytes JMP AA1F5B25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? sppw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F692B8AC 5 Bytes JMP 86D2F4E0
.text azidq1m6.SYS F685C384 1 Byte [ 20 ]
.text azidq1m6.SYS F685C386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text azidq1m6.SYS F685C3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text azidq1m6.SYS F685C3C4 3 Bytes [ 00, 00, 00 ]
.text azidq1m6.SYS F685C3C9 1 Byte [ 00 ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02230000
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02230F72
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02230F8D
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0223005B
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02230F9E
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02230FD4
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 022300A4
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02230093
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02230F37
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 022300D0
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02230F26
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02230FB9
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02230025
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02230082
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02230FE5
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02230040
.text C:\WINDOWS\Explorer.EXE[472] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 022300BF
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02210FB9
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0221004A
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02210FCA
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02210FE5
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0221002F
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02210000
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02210F8D
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 41, 8A ]
.text C:\WINDOWS\Explorer.EXE[472] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02210FA8
.text C:\WINDOWS\Explorer.EXE[472] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02220FEF
.text C:\WINDOWS\Explorer.EXE[472] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02220000
.text C:\WINDOWS\Explorer.EXE[472] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02220FD4
.text C:\WINDOWS\Explorer.EXE[472] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02220FAF
.text C:\WINDOWS\Explorer.EXE[472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 021F0000
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010F0000
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010F0067
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010F0F68
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010F0F79
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010F0F8A
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010F0FA5
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010F0095
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010F0F4D
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010F0F32
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010F00CB
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010F00E6
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 010F002C
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010F0011
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010F0078
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 010F0FCA
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 010F0FE5
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010F00B0
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 010E0040
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 010E0FAF
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 010E001B
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 010E0000
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 010E006C
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 010E0FE5
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 010E005B
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 010E0FCA
.text C:\WINDOWS\system32\services.exe[704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F69
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F84
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F95
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF005E
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F3D
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F4E
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F00
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F11
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BF00BE
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BF0079
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BF002F
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BF0F2C
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BE0F65
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BE0022
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BE0F80
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DE, 88 ]
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F77
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B8006C
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8005B
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B8004A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FB2
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B8007D
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F35
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800A2
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F09
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B800B3
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B8002F
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B80F5C
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B80FC3
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B8001E
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B80F1A
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B70022
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B70F91
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B70FDB
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B70FAC
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B7004E
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B7003D
.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40098
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40087
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40076
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40065
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F4002F
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F6D
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F7E
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F400F5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F52
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F40F41
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F40054
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F400A9
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F400D0
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F30FAF
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F30051
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F30F94
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00F30036
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F3001B
.text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 031A0FE5
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 031A0F59
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 031A0058
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 031A0047
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 031A0F94
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 031A0025
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 031A0F37
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 031A0F48
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 031A00BF
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 031A0F26
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 031A0F0B
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 031A0036
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 031A0FD4
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 031A0073
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 031A0014
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 031A0FB9
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 031A009A
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03180FCA
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0318006C
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0318001B
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03180000
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0318005B
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03180FE5
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 03180FAF
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 38, 8B ]
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03180036
.text C:\WINDOWS\System32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D20FEF
.text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 0319000A
.text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03190FE5
.text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03190FD4
.text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03190025
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770076
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F81
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F92
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0077005B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007700A4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770093
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F30
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700C9
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00770F15
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00770F66
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00770040
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0077002F
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00770F41
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0076002F
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00760065
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00760FDE
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0076004A
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00760FA8
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 96, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00760FC3
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx + 2 7C801A63 3 Bytes [ E5, 41, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C2004A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F7C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F97
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200AC
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20091
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F2B
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200CE
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20F1A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C20039
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20076
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C200BD
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009B0051
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009B0036
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 009B0F9E
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ BB, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B4008F
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40074
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40F9A
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40FAB
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40032
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B400BB
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B400A0
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B40102
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B400F1
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B4011D
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B4004D
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B40FDE
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B40F7F
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40FBC
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40FCD
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B400CC
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B30040
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30087
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B3002F
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B30076
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B3000A
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B30065
.text C:\WINDOWS\system32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30FD4
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1676] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72CB040] sppw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72CB13C] sppw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72CB0BE] sppw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72CB7FC] sppw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72CB6D2] sppw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72DAD92] sppw.sys
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\azidq1m6.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 86FDA1F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbehci \Device\USBPDO-0 86D01500
Device \Driver\usbuhci \Device\USBPDO-1 86D2E1F8
Device \Driver\sptd \Device\1249450602 sppw.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F6B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F6B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F6B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F6B1F8
Device \Driver\usbuhci \Device\USBPDO-2 86D2E1F8
Device \Driver\usbuhci \Device\USBPDO-3 86D2E1F8
Device \Driver\usbuhci \Device\USBPDO-4 86D2E1F8
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FDC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FDC1F8
Device \Driver\Cdrom \Device\CdRom0 86B931F8
Device \Driver\Cdrom \Device\CdRom1 86B931F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86FDC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8689B1F8
Device \Driver\NetBT \Device\NetbiosSmb 8689B1F8
Device \Driver\PCI_PNP1852 \Device\0000005a sppw.sys
Device \Driver\PCI_PNP1852 \Device\0000005a sppw.sys
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 86D2E1F8
Device \Driver\usbuhci \Device\USBFDO-1 86D2E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 868981F8
Device \Driver\usbuhci \Device\USBFDO-2 86D2E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2092B281-B539-4123-90AE-7A7B3B873C2E} 8689B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 868981F8
Device \Driver\usbuhci \Device\USBFDO-3 86D2E1F8
Device \Driver\usbehci \Device\USBFDO-4 86D01500
Device \Driver\Ftdisk \Device\FtControl 86FDC1F8
Device \Driver\azidq1m6 \Device\Scsi\azidq1m61 86B8E1F8
Device \Driver\azidq1m6 \Device\Scsi\azidq1m61Port1Path0Target0Lun0 86B8E1F8
Device \FileSystem\Fastfat \Fat 86C97500
Device \FileSystem\Fastfat \Fat A8529297
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs 86D951F8
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x51 0x61 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x88 0x52 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x19 0x2A 0xC9 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x51 0x61 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x88 0x52 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x19 0x2A 0xC9 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x51 0x61 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x88 0x52 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x19 0x2A 0xC9 0xCE ...
---- EOF - GMER 1.0.14 ----