Thank you for clear directions and for your help. When I first sent this it was rejsected b/c too many characters in message. Am dividing the gmer.txt into 2 posts. Here is information:
GMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-04 15:26:23
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB85B744A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB85B74E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB85B73F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB85B740C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB85B74F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB85B7521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB85B758F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB85B7579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB85B748A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB85B75BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB85B74CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB85B73D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB85B73E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB85B745E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB85B75F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB85B7563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB85B754D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB85B750B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB85B75E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB85B75CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB85B7436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB85B7422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB85B7537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB85B74B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB85B75A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB85B74A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB85B7474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B85B7478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B85B744E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B85B748E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B85B74A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B85B7462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B85B73D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B85B73E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B85B7426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B85B7410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 1 Byte [E9]
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B85B73FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B85B743A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B85B74BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP B85B7551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP B85B753B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP B85B75A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP B85B7567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP B85B750F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP B85B74E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP B85B74F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP B85B7525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP B85B7593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP B85B757D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP B85B74D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP B85B75FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP B85B75D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP B85B75E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP B85B75BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0F7A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0054
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0F97
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0076
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F3A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F13
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00AC
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00FF0EEE
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00FF0F4B
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00FF0091
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FE0F79
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [1E, 89]
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD002F
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0FA4
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0FC6
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FB5
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0FE3
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80098
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80087
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F8005B
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F83
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F800C9
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F32
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F57
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F800F0
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F8006C
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F80F9E
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F80040
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F80F72
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F70025
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F70076
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F7005B
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00F70040
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F60044
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F6000C
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F60033
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00094
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00F95
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0006F
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00FB2
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000C2
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C000B1
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F4E
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000E7
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C000F8
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C00F84
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C00F69
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0022
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0F8A
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0F9B
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BF0FB6
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0033
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0053
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0038
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0027
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02200FEF
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02200073
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02200062
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02200F7E
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02200F9B
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0220002C
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02200F43
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02200095
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 022000CB
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 022000A6
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 022000E6
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0220003D
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0220000A
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02200084
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0220001B
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02200FD4
.text C:\WINDOWS\Explorer.EXE[1108] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02200F32
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02170FD4
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02170FA8
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02170FEF
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0217001B
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02170065
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0217000A
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02170FC3
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [37, 8A]
.text C:\WINDOWS\Explorer.EXE[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02170040
.text C:\WINDOWS\Explorer.EXE[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0216007A
.text C:\WINDOWS\Explorer.EXE[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 02160FE5
.text C:\WINDOWS\Explorer.EXE[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0216003A
.text C:\WINDOWS\Explorer.EXE[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0216000C
.text C:\WINDOWS\Explorer.EXE[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02160055
.text C:\WINDOWS\Explorer.EXE[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02160029
.text C:\WINDOWS\Explorer.EXE[1108] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 02150FE5
.text C:\WINDOWS\Explorer.EXE[1108] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 02150000
.text C:\WINDOWS\Explorer.EXE[1108] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 02150011
.text C:\WINDOWS\Explorer.EXE[1108] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 0215002E
.text C:\WINDOWS\Explorer.EXE[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02140FEF
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30F72
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30F83
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D3005D
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30040
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30F9E
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D30F46
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D30F57
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F2B
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D300C4
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D300D5
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D30025
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D30082
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D30014
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D300B3
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D2005B
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D20F9E
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D20FAF
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [F2, 88]
.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D20FC0
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D1003A
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D1001D
.text C:\WINDOWS\system32\svchost.exe[1148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05480000
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05480F5A
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05480F7F
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05480F90
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0548004D
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05480FB2
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05480085
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05480F49
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 054800C5
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 054800AA
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 054800D6
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 05480FA1
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 05480FEF
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 05480074
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 05480FCD
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 05480FDE
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 05480F22
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0547001E
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 05470080
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 05470FCD
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 05470FDE
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 05470065
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 05470FEF
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 05470054
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 05470039
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0546002E
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 0546001D
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0546000C
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05460FEF
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05460FB7
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05460FDE
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 05430FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 05450000
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 05450FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 05450011
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 05450FB4
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B00B1
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0096
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0085
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0FBC
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0043
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B00E2
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B0F90
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B011F
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B010E
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007B0130
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007B005E
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007B0FDE
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007B0FA1
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007B0FCD
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007B0014
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007B00F3
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007A0FD1
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007A0076
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007A0022
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007A0011
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007A0FAF
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 007A0FC0
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [9A, 88]
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007A003D
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0079002C
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790FA1
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790FBC
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0079001B
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790FD7
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B1000A
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B1009F
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B10084
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B10073
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B10062
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10051
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B100DC
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B100CB
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B1011C
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B10F83
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B1012D
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B10FC0
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B100BA
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B10036
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B10025
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B100F7
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A00F7C
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A00F8D
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00A00F9E
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [C0, 88]
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A00FAF
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F0058
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F0FD7
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0022
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F0047
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0011
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 009E0022
.text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 009E0FDB
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1688] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00F66
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00F77
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00051
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00040
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B0001B
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00F3A
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B00F4B
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B00F0B
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B000A4
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B000BF
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B00F9E
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B00076
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B00FB9
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B00093
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AF0FCD
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AF005E
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AF0FDE
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AF0FA1
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00AF0039
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AF0FBC
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0FB2
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE0FC3
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0029
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0FD4
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50065
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C50F70
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50F8D
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C5008C
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50F3A
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C500B8
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500A7
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C500D3
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C50FA8
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C50F55
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C50FCA
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\svchost.exe[2352] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C50F29
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C4006C
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C40051
.text C:\WINDOWS\system32\svchost.exe[2352] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30FA3
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30038
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C3001D
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FC8
.text C:\WINDOWS\system32\svchost.exe[2352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C
.text C:\WINDOWS\system32\svchost.exe[2352] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0084
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0073
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0062
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B2
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A1
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F34
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F45
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00DE
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F74
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00C3
.text C:\WINDOWS\system32\dllhost.exe[2372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F97
.text C:\WINDOWS\system32\dllhost.exe[2372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FA8
.text C:\WINDOWS\system32\dllhost.exe[2372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\dllhost.exe[2372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[2372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FB9
.text C:\WINDOWS\system32\dllhost.exe[2372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0058
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0022
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0FA5
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002A0FC0
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [4A, 88]
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\system32\dllhost.exe[2372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0082
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0F97
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0071
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0FA8
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0040
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F52
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA00A4
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00D7
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA00C6
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CA0F23
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CA0FB9
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CA0093
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CA002F
.text C:\WINDOWS\system32\svchost.exe[2388] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CA00B5
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C90F72
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C90FDB
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C90F8D
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C90FA8
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes JMP C89FEDB5
.text C:\WINDOWS\system32\svchost.exe[2388] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[2388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FAB
.text C:\WINDOWS\system32\svchost.exe[2388] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80040
.text C:\WINDOWS\system32\svchost.exe[2388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\svchost.exe[2388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[2388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80025
.text C:\WINDOWS\system32\svchost.exe[2388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FD2
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013E0FEF
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013E0093
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013E0F9E
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013E0FB9
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013E0076
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013E0FD4
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013E00E6
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013E00BF
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013E0F4D
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013E0F68
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 013E010B
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 013E005B
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 013E0014
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 013E00AE
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 013E0040
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 013E0025
.text C:\WINDOWS\system32\svchost.exe[2572] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 013E0F83
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 013D0FC3
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 013D005E
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 013D0FD4
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 013D0FEF
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 013D0FA1
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 013D000A
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 013D0FB2
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [5D, 89]
.text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 013D0039
.text C:\WINDOWS\system32\svchost.exe[2572] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 013C0FAB
.text C:\WINDOWS\system32\svchost.exe[2572] msvcrt.dll!system 77C293C7 5 Bytes JMP 013C0040
.text C:\WINDOWS\system32\svchost.exe[2572] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013C0011
.text C:\WINDOWS\system32\svchost.exe[2572] msvcrt.dll!_open 77C2F566 5 Bytes JMP 013C0000
.text C:\WINDOWS\system32\svchost.exe[2572] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 013C0FC6
.text C:\WINDOWS\system32\svchost.exe[2572] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 013C0FE3
.text C:\WINDOWS\system32\svchost.exe[2572] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013B000A
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014E000A
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014E0078
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014E0F8D
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014E0F9E
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 014E005B
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014E0025
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014E00BA
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014E0093
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014E0F3C
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014E00D5
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 014E00F0
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 014E0040
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 014E0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 014E0F68
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 014E0FB9
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 014E0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3552] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 014E0F57
.text C:\Program Files\Messenger\msmsgs.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014C0055
.text C:\Program Files\Messenger\msmsgs.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 014C0FCA
.text C:\Program Files\Messenger\msmsgs.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014C0033
.text C:\Program Files\Messenger\msmsgs.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014C0044
.text C:\Program Files\Messenger\msmsgs.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014C000C
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 014D0014
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 014D0065
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 014D0FC3
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 014D0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 014D0054
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 014D0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 014D0FA8
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [6D, 89]
.text C:\Program Files\Messenger\msmsgs.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 014D0039
.text C:\Program Files\Messenger\msmsgs.exe[3552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70000
.text C:\Program Files\Messenger\msmsgs.exe[3552] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00FF001B
.text C:\Program Files\Messenger\msmsgs.exe[3552] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00FF0000
.text C:\Program Files\Messenger\msmsgs.exe[3552] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00FF002C
.text C:\Program Files\Messenger\msmsgs.exe[3552] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00FF003D