Thanks for responding! Here is the gmer output (part 1):
GMER 1.0.15.15252 -
http://www.gmer.netRootkit scan 2009-12-02 05:42:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\EARLOS~1\LOCALS~1\Temp\kfpdrfow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB232DABB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB232DA3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB232DAE5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB232DA4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB232DA7B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB232DB0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB232DA27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB232DACF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB232DA65]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB232DA91]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB232DAA7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB232DB25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB232DAF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP B232DAFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP B232DABF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74FE 7 Bytes JMP B232DB13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8314 5 Bytes JMP B232DB29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA96 7 Bytes JMP B232DAD3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AE 5 Bytes JMP B232DAE9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB8 5 Bytes JMP B232DAAB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B8 7 Bytes JMP B232DA95 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D54 7 Bytes JMP B232DA69 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A332 5 Bytes JMP B232DA3F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C2 7 Bytes JMP B232DA53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A992 7 Bytes JMP B232DA7F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B704 5 Bytes JMP B232DA2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00082
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00FA8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B00040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00F7C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B000C4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B000DF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B00F46
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B000F0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B00051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B00000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B00F8D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B00FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B00025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B00F57
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AF0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AF0FA1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AF0025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AF000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AF0FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AF0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AF0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CF, 88]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AF0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0F9C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE0FB7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0FD2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 007C0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 007C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 007C0027
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[296] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 007C0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE0091
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE0F92
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE0076
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE0065
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE0FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE00B3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE0F6B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE00C4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE0F2B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE00E9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE00A2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE0F46
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C0091
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006C0076
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006C000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006C0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8C, 88]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006C0051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006B0075
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] msvcrt.dll!system 77C293C7 5 Bytes JMP 006B0050
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006B002E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006B0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006B003F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006B001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 006A0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 006A0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 006A0FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[580] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 006A0FAD
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AD0FEF
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01AD0F7A
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01AD0F8B
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01AD0FA8
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01AD005B
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01AD004A
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01AD009B
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01AD008A
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01AD00C0
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AD0F31
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01AD0F0C
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01AD0FC3
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AD0014
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01AD0F5F
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01AD002F
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01AD0FDE
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01AD0F42
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01AC0036
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01AC0FAC
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01AC0FE5
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01AC001B
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01AC0073
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01AC000A
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01AC0058
.text C:\WINDOWS\system32\services.exe[736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01AC0047
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01AB0FA1
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!system 77C293C7 5 Bytes JMP 01AB0FBC
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01AB0FDE
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01AB000C
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01AB0FCD
.text C:\WINDOWS\system32\services.exe[736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01AB0FEF
.text C:\WINDOWS\system32\services.exe[736] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\services.exe[736] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[736] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FF0027
.text C:\WINDOWS\system32\services.exe[736] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\services.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01090F86
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01090F97
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01090FA8
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01090FC3
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01090FE5
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01090F55
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0109009D
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01090F29
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01090F44
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010900D3
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01090FD4
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01090025
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0109008C
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01090051
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01090036
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010900C2
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D80F83
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D80040
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D80F94
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F8, 88]
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D80FAF
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D7004E
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D70FC3
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D70029
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\lsass.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D7000C
.text C:\WINDOWS\system32\lsass.exe[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02530FEF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02530F43
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02530F68
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02530F79
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0253002C
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02530F9E
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02530075
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02530064
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025300BF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0253009A
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02530F0B
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0253001B
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0253000A
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02530053
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02530FAF
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02530FCA
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02530F1C
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02520FE5
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0252008E
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02520036
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02520025
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0252007D
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02520000
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02520062
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02520051
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0251001B
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 02510F9A
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0251000A
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02510FEF
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02510FAB
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02510FC6
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70F57
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E70F7C
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E70F8D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E7004A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70FA8
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E7008E
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E70071
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E700B0
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E70F17
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E70EFC
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E7002F
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E70FDE
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E70F46
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E70FC3
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E7009F
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA0040
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DA006C
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA0051
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D90F86
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D90F97
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90FC6
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00D8001D
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00D8002E
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C00FEF
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02C00F83
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02C00082
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02C00FA8
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02C00065
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02C00FC3
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02C00F44
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02C00F61
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02C000B1
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02C00F18
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02C00EFD
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02C0004A
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02C00FDE
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02C00F72
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02C0002F
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02C00014
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02C00F29
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02BF0FD4
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02BF0FA8
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02BF0FE5
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02BF001B
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02BF0FB9
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02BF0000
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02BF005B
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02BF0040
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02BE0F8B
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 02BE0F9C
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02BE0FD2
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02BE0000
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02BE0FB7
.text C:\WINDOWS\System32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02BE0FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 02BD000A
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 02BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02BD0FD2
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02BD0025
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02BC0FEF
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0076006E
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00760F79
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00760047
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00760F8A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0076002C
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007600A4
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00760089
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007600D3
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00760F30
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007600E4
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00760FA5
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00760011
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00760F5E
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00760FCA
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00760FDB
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00760F41
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00750036
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0075008E
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00750025
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00750014
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0075007D
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00750FEF
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00750062
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00750051
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00740045
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 00740FB0
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00740FD2
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00740000
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00740FC1
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00740FE3
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00730FEF
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 0073001B
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 0073002C
.text C:\WINDOWS\System32\svchost.exe[1332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00720FE5
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00960F6D
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00960F88
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00960F99
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00960062
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00960040
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00960F35
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00960087
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009600B3
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009600A2
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00960F09
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00960051
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00960F5C
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00960FCA
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00960F24
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950036
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00950091
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00950025
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00950FD4
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0095006C
.text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0095005B
.text C:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00770FB7
.text C:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!system 77C293C7 5 Bytes JMP 00770FD2
.text C:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0077001D
.text C:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00770042
.text C:\WINDOWS\system32\svchost.exe[1348] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00770FE3
.text C:\WINDOWS\system32\svchost.exe[1348] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1348] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00760038
.text C:\WINDOWS\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00760049
.text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F97
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60082
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60FA8
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60065
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60043
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F60F6B
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F7C
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F60F24
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F35
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F600D8
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60054
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F600A7
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60FCD
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F50
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50025
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F5007D