thanks for hanging in there for me.
here is gmer log from newly downloaded gmer.exeGMER 1.0.15.15220 -
http://www.gmer.netRootkit scan 2009-11-11 13:55:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\pfrcapog.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys ZwCreateKey [0xBA17887E]
SSDT Lbd.sys ZwSetValueKey [0xBA178BFE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA894C78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA894C738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA894C74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA894C837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA894C863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA894C8D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA894C8BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA894C7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA894C8FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA894C80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA894C710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA894C724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA894C79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA894C939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA894C8A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA894C88F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA894C84D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA894C925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA894C911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA894C776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA894C762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA894C7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA894C8E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA894C7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA894C7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A894C7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A894C78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP A894C7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP A894C7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP A894C7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP A894C714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP A894C728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP A894C766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP A894C750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP A894C73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP A894C77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP A894C7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP A894C893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP A894C8EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP A894C8A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D4 7 Bytes JMP A894C851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C42 7 Bytes JMP A894C83B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E12 7 Bytes JMP A894C867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP A894C8D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP A894C8BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B84 5 Bytes JMP A894C811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP A894C93D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP A894C915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP A894C929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP A894C901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Lbd.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0073
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0058
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0047
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F8A
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED001B
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0098
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0F5C
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F2E
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F3F
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00E2
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED002C
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FD4
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0F6D
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED00B3
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0011
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0033
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FCA
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0022
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0F8A
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0FA5
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0042
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0031
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB000C
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FC1
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FD2
.text C:\WINDOWS\system32\services.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F7A
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F8B
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0065
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FB2
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00B1
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00A0
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F29
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00C2
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00E7
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0054
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F69
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F44
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90058
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FD7
.text C:\WINDOWS\system32\lsass.exe[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE0F88
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE0073
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE0FA5
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE0FB6
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE0051
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE009F
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE0F63
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE0F1A
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE0F2B
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0F09
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE0062
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE008E
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE0036
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0FE5
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE0F3C
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AD0073
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AD0FDB
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AD0011
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AD0062
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CD, 88] {INT 0x88}
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AC0042
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AC0031
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AC0FD2
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AC0FC1
.text C:\WINDOWS\system32\svchost.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AC0FE3
.text C:\WINDOWS\system32\svchost.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90065
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F66
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90F83
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90FA8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C900AE
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C9009D
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C90F41
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C900DA
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C900FF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C9002F
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90076
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C900BF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C80FBC
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80F86
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80FCD
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C80FA1
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C80043
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C80028
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70031
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70FA6
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C7000C
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70FC1
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C70FD2
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60000
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02270FE5
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02270F5C
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02270051
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02270F6D
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02270F94
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02270FAF
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02270087
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02270076
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 022700BD
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02270F24
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02270F13
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02270036
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02270000
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02270F4B
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02270FCA
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0227001B
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 022700A2
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02260FC0
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02260058
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02260011
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02260000
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02260047
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02260FEF
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02260036
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02260FAF
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02250058
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 02250FC3
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02250FDE
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02250FEF
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02250033
.text C:\WINDOWS\System32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0225000C
.text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0224000A
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02230000
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0223001B
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02230FE5
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02230FD4
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650058
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F63
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F8A
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650084
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F3C
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500CB
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500BA
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006500DC
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650073
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0065009F
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640047
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F9B
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00640062
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FDB
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630F81
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630F9C
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FAD
.text C:\WINDOWS\system32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660089
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F8A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660064
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F9B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660047
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F5E
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006600A6
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600CB
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00660F28
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00660F17
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660FB6
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660F6F
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660F39
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0065003D
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650073
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650022
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FC0
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640049
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640038
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0064001D
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FD2
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0064000C
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0F55
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0F70
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0F81
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D004A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0065
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F29
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0094
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0EF1
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0EE0
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0F9E
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F3A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F02
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F79
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0F8A
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009C002C
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FBE
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0049
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B001D
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0038
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F8B
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB008A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB006F
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0054
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F7A
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00B6
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F4E
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F69
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F3D
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FB2
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB00A5
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00E7
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0066006C
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0066005B
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660040
.text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650064
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FD9
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0065002E
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0065003F
.text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0065001D
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F8B
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0FA6
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0080
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B006F
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F42
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F5D
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F20
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00B9
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F0F
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B004A
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F7A
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F31
.text C:\WINDOWS\system32\wuauclt.exe[2092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FCD
.text C:\WINDOWS\system32\wuauclt.exe[2092] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A004E
.text C:\WINDOWS\system32\wuauclt.exe[2092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0029
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0047
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2092] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B002C
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A007D
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A005B
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F46
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F63
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D5
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C4
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F21
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A008E
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00A9
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029005B
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDE
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FA8
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FB9
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290040
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0025
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0F90
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FC0
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0011
.text C:\WINDOWS\Explorer.EXE[2248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F10000
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0106F6E0 C:\Program Files\SiteAdvisor\6253\saPlugin.dll
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F7A
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F8B
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0065
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0054
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A001E
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00A0
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F58
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00BB
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F22
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F11
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0039
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F69
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\svchost.exe[3116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F3D
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290040
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FB2
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029002F
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FC3
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\system32\svchost.exe[3116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029005B
.text C:\WINDOWS\system32\svchost.exe[3116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E005F
.text C:\WINDOWS\system32\svchost.exe[3116] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E004E
.text C:\WINDOWS\system32\svchost.exe[3116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\system32\svchost.exe[3116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\system32\svchost.exe[3116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FDE
.text C:\WINDOWS\system32\svchost.exe[3116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E001D
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\cdudf_xp \Device\CdUdf_XP tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----