I'm a little concerned, I submitted a response this morning around 7:30 Chicago time and it does not appear.
The computer seems to be running ok, but we are not using it. I am not being redirected from security websites, which is a positive note.
Below are the logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4178
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18372
6/8/2010 7:03:49 AM
mbam-log-2010-06-08 (07-03-49).txt
Scan type: Quick scan
Objects scanned: 132892
Time elapsed: 9 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 45
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\notepad.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.FakeAlert) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.167,93.188.166.198 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{483ba6c5-d4e3-4fa0-a9ba-0e93c1a5131e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.167,93.188.166.198 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM32\neekyxwh.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Desktop\MyFunCardsSetup2.3.50.56.ZUfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\My Documents\downloads\explorer.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465755.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146111103.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146103110.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_4.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks\MSWD-a29fde91.job (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Start Menu\Programs\Startup\scandisk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\notepad.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\LocalService\ntload.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\I93qG93.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\G9iQ7w3.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GM1gMY1cE.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GM31w9u.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\QG9i17.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IQG55.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\IQG9317e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\K31gM31wS.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\KU5mY.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\M17w3u79.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\M17wS1e9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MYW9u17i.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\O7o317.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\O7oC1s.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\OC9s1e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\OCEIQGMY9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\QG7iQGMY.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johnny Pants\Application Data\a29fde91.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\QGM17wS.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\UOCE1a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ernel32.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\AAAA3k7y.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\AAAAA17e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\C317931cE.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\C7sK17.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\EI793qG9.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\G1iQG17a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\G31aA31e9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-08 07:46:29
Windows 5.1.2600 Service Pack 2
Running: 0pnoz39s.exe; Driver: C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp\awtoapow.sys
---- System - GMER 1.0.15 ----
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF741ECEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB1DF878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB1DF8821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB1DF8738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB1DF874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB1DF8835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB1DF8861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB1DF88CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB1DF88B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB1DF87CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB1DF88FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB1DF880D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB1DF8710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB1DF8724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB1DF879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB1DF8937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB1DF88A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB1DF888D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB1DF884B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB1DF8923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB1DF890F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB1DF8776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB1DF8762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB1DF8877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB1DF87F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB1DF88E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB1DF87E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB1DF87B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F8B9D 7 Bytes JMP B1DF87B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80567D6A 5 Bytes JMP B1DF8811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B343 7 Bytes JMP B1DF8891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BFA7 5 Bytes JMP B1DF8766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8056EA01 5 Bytes JMP B1DF8825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8056EE18 7 Bytes JMP B1DF893B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F10F 7 Bytes JMP B1DF88D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FE58 5 Bytes JMP B1DF878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80572159 5 Bytes JMP B1DF87E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805725D4 7 Bytes JMP B1DF87CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572F6E 5 Bytes JMP B1DF8714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057331D 7 Bytes JMP B1DF87A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80573EF5 7 Bytes JMP B1DF887B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FDEC 7 Bytes JMP B1DF88BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP B1DF8750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805849B4 5 Bytes JMP B1DF87FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058FCDD 5 Bytes JMP B1DF8728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805908B8 5 Bytes JMP B1DF88FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059295F 7 Bytes JMP B1DF8865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80594F21 7 Bytes JMP B1DF8839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B246F 5 Bytes JMP B1DF873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C7FB 5 Bytes JMP B1DF877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C488 5 Bytes JMP B1DF8913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C761 7 Bytes JMP B1DF88E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064D043 7 Bytes JMP B1DF88A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064D48B 7 Bytes JMP B1DF884F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D97E 5 Bytes JMP B1DF8927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? mdbpa.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0000
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE009F
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE008E
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE007D
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE006C
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0040
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE0F8F
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE0F4D
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE00E6
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CE0F32
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CE0051
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE001B
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CE00BA
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\System32\svchost.exe[440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CE00CB
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00CD006C
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00CD001B
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00CD0051
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\System32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00CD0036
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0F97
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0022
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FBC
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0011
.text C:\WINDOWS\System32\svchost.exe[440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FE3
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00CB0FC0
.text C:\WINDOWS\System32\svchost.exe[440] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00CB0FA5
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B00F77
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B00F88
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B00062
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B00FA5
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B00FCA
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B00098
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B00087
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B000CE
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B000BD
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B00F1A
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B00051
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B00F5C
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B00036
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\services.exe[516] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B00F3F
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00070FD1
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0007008E
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00070073
.text C:\WINDOWS\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060042
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060031
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0006000C
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FB7
.text C:\WINDOWS\system32\services.exe[516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FD2
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[516] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[516] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FC00A2
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FC0FAD
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FC0087
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FC0076
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FC0F77
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FC0F88
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FC0F37
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FC0F52
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00FC00EB
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00FC00B3
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\lsass.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00FC00D0
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00FB0FB2
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00FB0054
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00FB0FCD
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00FB0039
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00FB0028
.text C:\WINDOWS\system32\lsass.exe[528] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00FB0F97
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA0078
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0053
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA001D
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA000C
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0038
.text C:\WINDOWS\system32\lsass.exe[528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0FE3
.text C:\WINDOWS\system32\lsass.exe[528] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[528] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E00065
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E00054
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E00F70
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E00F8D
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E00FB2
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E00F29
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E00F44
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E000AA
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E00F07
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E00EEC
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E00039
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E00FDE
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E00F55
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E00FCD
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E0001E
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E00F18
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00DF0040
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00DF0091
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00DF0014
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00DF0FCA
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00DF006C
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00DF005B
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE004E
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE0FC3
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE000C
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0029
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00DC0FDE
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00DC0FCD
.text C:\WINDOWS\system32\svchost.exe[676] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00DC0014
.text C:\WINDOWS\system32\svchost.exe[676] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011A0FEF
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 011A007D
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 011A0062
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 011A0F88
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 011A0FAF
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 011A003D
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011A0F41
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011A0F5C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011A0F15
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011A00AE
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 011A00C9
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 011A0FC0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 011A000A
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 011A0F6D
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 011A002C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 011A001B
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 011A0F30
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01190FB9
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0119005B
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01190FCA
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01190FE5
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0119004A
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0119000A
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01190025
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01190FA8
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01180070
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!system 77C293C7 5 Bytes JMP 01180055
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01180044
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0118000C
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01180FE5
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01180029
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 01160FEF
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 01160FDE
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 01160FCD
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 01160014
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01170000
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C00084
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C00069
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C00F8F
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C00058
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C000B2
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C00F6A
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C00F37
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C00F48
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C00F26
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C00095
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C00F59
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00BF0F9B
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0055
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0029
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0044
.text C:\WINDOWS\system32\svchost.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE000C
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0281000A
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0281006C
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02810F81
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02810F9E
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02810FAF
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02810036
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 028100A4
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0281007D
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 028100DA
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 028100BF
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 028100F5
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02810047
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02810FE5
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02810F5C
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02810025
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02810FD4
.text C:\WINDOWS\System32\svchost.exe[988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02810F41
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0270001B
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02700F68
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 02700FCA
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 02700FDB
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02700F83
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 02700000
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 02700F94
.text C:\WINDOWS\System32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 02700FAF
.text C:\WINDOWS\System32\svchost.exe[988] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[988] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00AE000A
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026F0F97
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 026F0022
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026F0FC6
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026F0000
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026F0011
.text C:\WINDOWS\System32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026F0FD7
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 02550FEF
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 02550014
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 02550025
.text C:\WINDOWS\System32\svchost.exe[988] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 02550036
.text C:\WINDOWS\System32\svchost.exe[988] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 026E0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F00A9
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F008E
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0FB4
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0FD1
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0062
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F0F72
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F0F83
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F0104
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F00DF
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008F011F
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008F007D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008F00BA
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008F003D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008F002C
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008F0F61
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008E006F
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008E0FB2
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008E0FCD
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008E004A
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0038
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FAD
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D001D
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0FE3
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FC8
.text C:\WINDOWS\system32\svchost.exe[1044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D000C
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 008C0FCD
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 008C001E
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02390FEF
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02390F55
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0239004A
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0239002F
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02390F72
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02390FA8
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02390F27
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0239006F
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02390EEA
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02390EFB
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 023900A8
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02390F8D
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02390FD4
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02390F44
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02390FB9
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0239000A
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02390F0C
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 02380FC3
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 02380065
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 02380014
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 02380FDE
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 02380054
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 02380FEF
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 02380039
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 02380FB2
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0227003D
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 02270FB2
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02270011
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02270FEF
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02270022
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02270000
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 02250000
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 02250011
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 02250FDB
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 02250022
.text C:\WINDOWS\Explorer.EXE[1228] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02260FEF
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009F0F4E
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009F0F69
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009F0043
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009F0032
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009F0FA1
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009F0080
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009F006F
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009F0F02
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009F0F13
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009F00AC
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009F0F90
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009F005E
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009F0FB2
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!WinExec 7C86158D 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009F0091
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009E0F8D
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009E0025
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009E000A
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009E0F9E
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009E0FB9
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009E0040
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D0FBC
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D0FCD
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D0033
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0018
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 001B001B
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 001B002C
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 001B003D
.text C:\WINDOWS\System32\svchost.exe[1296] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B00000
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B00F9E
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B00FAF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B0007D
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B00FC0
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B00051
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B00F6B
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B00F7C
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B000DF
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B000C4
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B000F0
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B00062
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B00011
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B00FDB
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B00036
.text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B00F50
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00AF0025
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00AF0F94
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00AF0051
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00AF0FB9
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00AF0040
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0F92
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE001D
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0FB7
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE000C
.text C:\WINDOWS\System32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0FD2
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 00AC0000
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 00AC001B
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AD0000
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D0000
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009D0078
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009D0067
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009D0056
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009D002F
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009D0FA8
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009D0F46
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009D0F57
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009D0F2B
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009D00BA
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009D00D5
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009D0F8D
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009D0FDB
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009D0F68
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009D00A9
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008F0FDE
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008F0FA8
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008F002F
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008F0014
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008F0065
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008F0054
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008F0FCD
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0FB7
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0042
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0027
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FD2
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E000C
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenA 63022BB0 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenW 63023031 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenUrlA 6302A7D0 5 Bytes JMP 008C000A
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenUrlW 63075ECF 5 Bytes JMP 008C0FAF
.text C:\WINDOWS\System32\svchost.exe[1588] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008D0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1812] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----