I ran the GMER, it crashed the computer first time (blue screen), then locked the computer up the next 3 times so I had to cold boot. I had no other programs running. I finally got the GMER to run by deselecting Files. I then ran Files separately (no hits came up running just Files). I had my E/ drive, a Seagate Replica automatic backup harddrive, unhooked and the backup software not running. Thanks, Greg
GMER 1.0.15.15477 -
http://www.gmer.netRootkit scan 2010-10-19 23:35:26
Windows 5.1.2600 Service Pack 3
Running: 428ylezp.exe; Driver: C:\DOCUME~1\GREGCO~1\LOCALS~1\Temp\fwloapod.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EAF090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EAF0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EAF0D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF126]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EAF07C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAF0BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAF0FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EAF0E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF150]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF13C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF110]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9EAF114 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP B9EAF12A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP B9EAF140 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6040 5 Bytes JMP B9EAF100 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP B9EAF058 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP B9EAF06C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CAA 5 Bytes JMP B9EAF154 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 2 Bytes JMP B9EAF0EA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey + 3 806188B9 4 Bytes [89, 39, 90, 90] {MOV [ECX], EDI; NOP ; NOP }
PAGE ntkrnlpa.exe!ZwRenameKey 80619D66 7 Bytes JMP B9EAF0BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A344 5 Bytes JMP B9EAF094 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7E0 7 Bytes JMP B9EAF0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A9B0 7 Bytes JMP B9EAF0D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B722 5 Bytes JMP B9EAF080 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00730000
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00730036
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0073001B
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009400B2
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00940097
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0094007A
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00940069
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940FD1
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00940F8E
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009400E0
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00940127
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00940116
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00940F73
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00940058
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00940011
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009400C3
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0094003D
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0094002C
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009400FB
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00760FA1
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760025
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760FB2
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0076004A
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FC3
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750038
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750FAD
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0075000C
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00750027
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750FD2
.text C:\WINDOWS\system32\services.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F80
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0075
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0058
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0047
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED00BC
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00AB
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F3E
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F4F
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00F2
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0036
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0014
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED009A
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FB9
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED00D7
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC000A
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC0F7C
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FAF
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F8D
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EC002F
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0F9E
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0FC3
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0044
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0029
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\lsass.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F76
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80075
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80058
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80F9B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F8003D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F23
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F3E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F800A1
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F12
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800BC
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80FB6
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F5B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80FDB
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80022
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80090
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F7007D
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F7006C
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F70FC0
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [17, 89]
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80F64
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80F7F
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80FB5
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80FE3
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80FA4
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80FC6
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AF0025
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B30F68
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B3005D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3004C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B3002F
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B30014
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30F4D
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B3009F
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30F3C
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B300CB
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B30F21
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30F83
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B30082
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FA8
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B300BA
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B2002F
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B20080
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B20014
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B20FDE
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B20FC3
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B2005B
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B2004A
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10FB0
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B1003B
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B1000C
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B10FC1
.text C:\WINDOWS\system32\svchost.exe[1352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FD2
.text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00000
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01F90FEF
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01F90FD4
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01F90000
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03590FEF
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03590075
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03590064
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03590F80
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0359003D
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0359001B
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 035900AD
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0359009C
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 035900D9
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 035900C8
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03590F25
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0359002C
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03590000
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03590F65
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03590FB9
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03590FCA
.text C:\WINDOWS\System32\svchost.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03590F4A
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03200FD4
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03200F7C
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03200FE5
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03200011
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03200F8D
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03200000
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03200FA8
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [40, 8B]
.text C:\WINDOWS\System32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03200FB9
.text C:\WINDOWS\System32\svchost.exe[1388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 031F0F9A
.text C:\WINDOWS\System32\svchost.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes JMP 031F0025
.text C:\WINDOWS\System32\svchost.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 031F000A
.text C:\WINDOWS\System32\svchost.exe[1388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 031F0FE3
.text C:\WINDOWS\System32\svchost.exe[1388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 031F0FB5
.text C:\WINDOWS\System32\svchost.exe[1388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 031F0FC6
.text C:\WINDOWS\System32\svchost.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02910000
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 021E000A
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 021E0FE5
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 021E0FD4
.text C:\WINDOWS\System32\svchost.exe[1388] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 021E0025
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740011
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780062
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780047
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F79
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780F8A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F2B
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780073
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780EFF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F10
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800B3
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FD4
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F52
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780098
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770FA8
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770065
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0077004A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FC3
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760F86
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760011
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FBC
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FA1
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FD7
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE00AE
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0093
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00E6
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F57
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F72
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0F3C
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FC0
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE00C9
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F8D
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F8D
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FDB
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F9E
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FAB
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FE3
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FBC
.text C:\WINDOWS\system32\svchost.exe[1532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1532] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F80
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0075
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0058
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0047
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F59
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00A1
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F3E
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00D7
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00F2
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0090
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00BC
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0073
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0062
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\svchost.exe[1688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930F8B
.text C:\WINDOWS\system32\svchost.exe[1688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930F9C
.text C:\WINDOWS\system32\svchost.exe[1688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC1
.text C:\WINDOWS\system32\svchost.exe[1688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[1688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0093000C
.text C:\WINDOWS\system32\svchost.exe[1688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FD2
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00910011
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0092000A
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD006B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F76
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD004E
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00A3
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F5B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F25
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00BE
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F0A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0F9B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0086
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FB6
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F40
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC003D
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC00A9
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0098
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC007D
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0FA1
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FBC
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FCD
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0022
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\SearchIndexer.exe[2028] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[2064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\Explorer.EXE[2064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FA000A
.text C:\WINDOWS\Explorer.EXE[2064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FA0FD4
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0214000A
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02140F99
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02140084
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02140FAA
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02140073
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02140047
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 021400A9
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02140F6D
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 021400CB
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02140F3C
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02140F0D
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02140062
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02140025
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02140F7E
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02140FE5
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02140036
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 021400BA
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02130FB9
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02130F79
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02130FCA
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02130FE5
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02130036
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02130000
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02130F94
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [33, 8A]
.text C:\WINDOWS\Explorer.EXE[2064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0213001B
.text C:\WINDOWS\Explorer.EXE[2064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0042
.text C:\WINDOWS\Explorer.EXE[2064] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0031
.text C:\WINDOWS\Explorer.EXE[2064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FC1
.text C:\WINDOWS\Explorer.EXE[2064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\Explorer.EXE[2064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0016
.text C:\WINDOWS\Explorer.EXE[2064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FD2
.text C:\WINDOWS\Explorer.EXE[2064] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FB0000
.text C:\WINDOWS\Explorer.EXE[2064] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FB0011
.text C:\WINDOWS\Explorer.EXE[2064] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\Explorer.EXE[2064] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00FB002C
.text C:\WINDOWS\Explorer.EXE[2064] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0FEF
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat 9B6E2D20
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----