GMER 1.0.15.15077 [gmer.exe] -
http://www.gmer.netRootkit scan 2009-08-25 17:09:26
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT spdq.sys ZwCreateKey [0xBA6A80E0]
SSDT spdq.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spdq.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spdq.sys ZwOpenKey [0xBA6A80C0]
SSDT spdq.sys ZwQueryKey [0xBA6C7108]
SSDT spdq.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spdq.sys ZwSetValueKey [0xBA6C719A]
INT 0x62 ? 8A569BF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x63 ? 8A30BBF8
INT 0x82 ? 8A569BF8
INT 0x83 ? 8A569BF8
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB75919AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB7591958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB759196C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7591A5B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7591A87]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB75919EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB7591B21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7591930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB7591944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB75919BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB7591AC9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB7591A71]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB7591B49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB7591B35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7591996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7591982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7591A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB7591B0B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7591A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB75919D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP B75919D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP B75919AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP B75919EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP B7591A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP B75919C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP B7591934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP B7591948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP B7591986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP B7591970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP B759195C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP B759199A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP B7591A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP B7591B0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8061947E 7 Bytes JMP B7591ACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP B7591A75 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP B7591A5F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP B7591A8B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCE8 5 Bytes JMP B7591B39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3DC 5 Bytes JMP B7591B4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4F6 5 Bytes JMP B7591B25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spdq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E718AC 5 Bytes JMP 8A30B1D8
.text au3fzcub.SYS B9A3E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text au3fzcub.SYS B9A3E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text au3fzcub.SYS B9A3E3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text au3fzcub.SYS B9A3E3C9 1 Byte [2E]
.text au3fzcub.SYS B9A3E3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070090
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F9B
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070073
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070062
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070036
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F59
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F6A
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F34
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700CD
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700E8
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070047
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070000
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700A1
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001B
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCA
.text G:\WINDOWS\system32\services.exe[660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700BC
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FB9
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060040
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FD4
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FEF
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F83
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F94
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text G:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060025
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA6
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050031
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC1
.text G:\WINDOWS\system32\services.exe[660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005000C
.text G:\WINDOWS\system32\services.exe[660] USERENV.dll!UnloadUserProfile + CACA 76A2A3F1 1 Byte [01]
.text G:\WINDOWS\system32\services.exe[660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF008C
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F8D
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF005B
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F9E
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FB9
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F61
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F72
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00D5
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F3C
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00F0
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0040
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FE5
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF009D
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FD4
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0025
.text G:\WINDOWS\system32\lsass.exe[672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00BA
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0000
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F54
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FB9
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FD4
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0F6F
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F8A
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text G:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0011
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0F9F
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FB0
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0016
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FC1
.text G:\WINDOWS\system32\lsass.exe[672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FD2
.text G:\WINDOWS\system32\lsass.exe[672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30000
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30F88
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30073
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30FA5
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30062
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30FD1
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300C9
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D300A2
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F41
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D300DA
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30F26
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30FC0
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30011
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30F77
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D3003D
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D3002C
.text G:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D30F66
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D20FCA
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D20F68
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D2001B
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20FE5
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D20F83
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20000
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D20F9E
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F2, 88]
.text G:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D20FB9
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10042
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10FB7
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10FD2
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10000
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D1001D
.text G:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10FE3
.text G:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00000
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C9000A
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90FAC
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C900A1
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90090
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90FC7
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C9004E
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F80
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C900BC
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C900F4
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C90F5B
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C90F40
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90069
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C9001B
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90F9B
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C9003D
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C9002C
.text G:\WINDOWS\system32\svchost.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C900D9
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C8002F
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80F8D
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80014
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80FDE
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C80F9E
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80FEF
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C80040
.text G:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C80FC3
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70FB2
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70033
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70FD7
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70000
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70022
.text G:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70011
.text G:\WINDOWS\system32\svchost.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60000
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02570FEF
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02570093
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02570078
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02570067
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0257004A
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02570025
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02570F52
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02570F79
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025700E1
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025700D0
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02570F2D
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02570F9E
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0257000A
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025700A4
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02570FC3
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02570FD4
.text G:\WINDOWS\System32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025700B5
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02130022
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02130058
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02130FDB
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02130011
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02130F9B
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02130000
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02130FB6
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [33, 8A]
.text G:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0213003D
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02120FA8
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 02120033
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02120FDE
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0212000C
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02120FCD
.text G:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02120FEF
.text G:\WINDOWS\System32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02110FEF
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02100FE5
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02100000
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02100FD4
.text G:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 0210001B
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0FEF
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0FAF
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C009A
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0089
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C006C
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0040
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C00DA
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C0F9E
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00FF
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F66
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0F4B
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0051
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C000A
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C00C9
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0FD4
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C0025
.text G:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C0F77
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0FC3
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B0F79
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B0FD4
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B0FEF
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007B0040
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007B000A
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007B0F9E
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9B, 88]
.text G:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007B0025
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A002F
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0FA4
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A0FB5
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0FE3
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A000A
.text G:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0FC6
.text G:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00790FEF
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F66
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F77
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80F94
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FA5
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8002C
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F3A
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80076
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F04
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F1F
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80EF3
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80051
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FE5
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F55
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B8001B
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FCA
.text G:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B8009D
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FCA
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70FAF
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FDB
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70011
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70076
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B7005B
.text G:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70036
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F97
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FB2
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FD7
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60022
.text G:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60011
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40051
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F52
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F63
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F80
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FA5
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F0B
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F26
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40EFA
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40089
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40EE9
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4002C
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FD4
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F41
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40011
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40000
.text G:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40078
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FB2
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F75
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FCD
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FDE
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30028
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A30F86
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 88]
.text G:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30FA1
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20042
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20027
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FD2
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FB7
.text G:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A2000C
.text G:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A1000A
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02440FEF
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024400A5
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0244008A
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02440079
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02440068
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02440FBC
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024400EE
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024400DD
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02440121
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02440110
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02440F6D
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02440043
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02440FDE
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024400B6
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02440FCD
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0244001E
.text G:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024400FF
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02430FC0
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02430F72
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02430011
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02430FE5
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02430F83
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02430000
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02430F94
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [63, 8A]
.text G:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02430FAF
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0242006E
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!system 77C293C7 5 Bytes JMP 0242005D
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02420027
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02420000
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02420042
.text G:\WINDOWS\Explorer.EXE[1472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02420FE3
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02400FE5
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02400000
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02400011
.text G:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02400022
.text G:\WINDOWS\Explorer.EXE[1472] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02410FEF
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F92
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0087
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0FAF
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0062
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FCA
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00B5
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA00A4
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F41
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F52
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00F5
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0047
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F77
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FDB
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA002C
.text G:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00D0
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FB2
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930039
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FC3
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930028
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F86
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text G:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930F97
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920027
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FA6
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092000C
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FE3
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FB7
.text G:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00900FEF
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00900FD4
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00900FB9
.text G:\WINDOWS\system32\svchost.exe[1652] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00900FA8
.text G:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FE5
.text g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F9B
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0090
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FB6
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004E
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F65
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A1
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00F4
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00E3
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0105
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FD1
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F76
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A003D
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
.text G:\WINDOWS\System32\svchost.exe[2648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C8
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029001B
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290065
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FC0
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDB
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F9E
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FAF
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text G:\WINDOWS\System32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290036
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FD2
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0053
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FE3
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E000C
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0042
.text G:\WINDOWS\System32\svchost.exe[2648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E001D
.text G:\WINDOWS\System32\svchost.exe[2648] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F70
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0065
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F81
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0040
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FAF
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F38
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0080
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00C0
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00AF
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F0C
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F9E
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F55
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FCA
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001B
.text G:\WINDOWS\system32\wuauclt.exe[3676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F27
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0069
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FDE
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FEF
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A000C
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A004E
.text G:\WINDOWS\system32\wuauclt.exe[3676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B001B
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0058
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FCA
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FE5
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0FA5
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0047
.text G:\WINDOWS\system32\wuauclt.exe[3676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B002C
.text G:\WINDOWS\system32\wuauclt.exe[3676] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0FEF
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spdq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spdq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spdq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spdq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spdq.sys
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\au3fzcub.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spdq.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5681F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \FatCdrom 8A10E500
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8A3C11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5D51F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5D51F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5D51F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5D51F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3C11F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3C11F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3C11F8
Device \Driver\usbehci \Device\USBPDO-4 8A3AA1F8
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\PCI_PNP2692 \Device\00000049 spdq.sys
Device \Driver\usbstor \Device\00000070 8A1E0500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A56A1F8
Device \Driver\usbstor \Device\00000071 8A1E0500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A56A1F8
Device \Driver\Cdrom \Device\CdRom0 8A3CD500
Device \Driver\usbstor \Device\00000072 8A1E0500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A56A1F8
Device \Driver\Cdrom \Device\CdRom1 8A3CD500
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A56A1F8
Device \Driver\Cdrom \Device\CdRom2 8A3CD500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2E31F8
Device \Driver\NetBT \Device\NetbiosSmb 8A2E31F8
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 8A3C11F8
Device \Driver\sptd \Device\1034783942 spdq.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B195FBB7-F822-4F69-8E63-B4E9F35FF758} 8A2E31F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3C11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A204500
Device \Driver\usbuhci \Device\USBFDO-2 8A3C11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A204500
Device \Driver\usbstor \Device\0000006f 8A1E0500
Device \Driver\usbuhci \Device\USBFDO-3 8A3C11F8
Device \Driver\usbehci \Device\USBFDO-4 8A3AA1F8
Device \Driver\Ftdisk \Device\FtControl 8A56A1F8
Device \Driver\au3fzcub \Device\Scsi\au3fzcub1 8A29B1F8
Device \Driver\au3fzcub \Device\Scsi\au3fzcub1Port5Path0Target0Lun0 8A29B1F8
Device \FileSystem\Fastfat \Fat 8A10E500
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A0F3500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxckdpgmavdefxejntjnlmnecsxphaejsht.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xC0 0x11 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxclmivjgddohsahsvltpvgkukopgugaqll.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxckdpgmavdefxejntjnlmnecsxphaejsht.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xC0 0x11 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF2 0xF9 0xCB 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x64 0xC1 0x1B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0xF7 0x8D 0x39 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF2 0xF9 0xCB 0xE1 ...
---- EOF - GMER 1.0.15 ----