Hi Dan was not able to update any AV software but did perform the actions u asked for.
========== FILES ==========
File/Folder C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll not found.
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_201221
GMER 1.0.15.14939 -
http://www.gmer.netRootkit scan 2009-03-23 18:31:00
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8B6609BE]
Code 8A7AD308 ZwEnumerateKey
Code 8A7B4308 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B6609FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8B660A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8B660930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8B660944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8B6609D2]
Code 8AE1A2C0 ZwQueryValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8B660A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8B660A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8B660996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B660A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B660A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B6609E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8B660982]
Code 8A691C6D IofCallDriver
Code 8A6577CE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 81C7018C 5 Bytes JMP 8B6609EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!IofCompleteRequest 81C82FE2 5 Bytes JMP 8A6577D3
.text ntkrnlpa.exe!IofCallDriver 81D04F6F 5 Bytes JMP 8A691C72
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 00180F32
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00180F4D
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 001800D3
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 001800B8
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00180F94
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 0018002C
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00180078
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 00180FB9
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 00180F79
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 0018005B
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 00180FCA
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00180F68
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00180F21
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0018000A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 00180FE5
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0018001B
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 0018009D
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00170F94
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00170FCA
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00170000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00170FA5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00170F83
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00170025
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00170FE5
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00170036
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 001A0FB2
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 76FD8B63 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 001A002C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 001A0000
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 001A003D
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 001A0011
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 771636D1 5 Bytes JMP 00270000
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000D0F63
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000D0F74
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000D00F0
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000D00DF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000D007D
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000D006C
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000D0FCA
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000D008E
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000D0FAF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000D0051
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000D009F
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000D0F3E
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000D001B
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000D0000
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000D0036
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000D00C4
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 000B0062
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 000B003D
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 000B0FA5
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 000B001B
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 000B0000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 000B002C
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 007D0042
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!system 76FD8B63 5 Bytes JMP 007D0031
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 007D0FD2
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 007D0FE3
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 007D0FC1
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 007D0000
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 771636D1 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 003500A0
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00350F5A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 003500C2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 00350F35
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00350071
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00350025
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00350F97
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 75A9361F 3 Bytes JMP 00350FC3
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW + 4 75A93623 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 75A98D7E 3 Bytes JMP 00350F7C
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx + 4 75A98D82 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 75A99469 3 Bytes JMP 00350FB2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA + 4 75A9946D 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 75A99491 3 Bytes JMP 0035004A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA + 4 75A99495 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 75AA0284 3 Bytes JMP 00350F6B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe + 4 75AA0288 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00350F06
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0035000A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 00350FD4
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 003500B1
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 00360FBE
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00360FCF
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 0036002E
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 0036000C
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00360049
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 0036001D
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 002E0F8D
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 002E0FA8
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 002E0FE5
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 002E002F
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 002E0F7C
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 002E0FB9
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 771636D1 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000C0F66
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000C00AC
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000C00EC
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000C00DB
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000C006F
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000C0FCA
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000C0F8B
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000C004A
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000C0080
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000C0FA8
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000C009B
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000C0107
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000C0025
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000C0F55
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000D0FA6
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000D0FB7
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000D0FE3
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000D0011
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 000B003D
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 000B0000
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 000B0F9B
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 000B004E
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 000B0FDB
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 000B0011
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 000B002C
.text C:\Windows\system32\svchost.exe[888] WS2_32.dll!socket 771636D1 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000D0F5F
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000D00A5
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000D0F22
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000D0F33
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000D0F8B
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000D0014
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000D0065
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000D0FB2
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000D0F70
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000D0054
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000D0039
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000D0080
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000D00CA
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000D0FD4
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000D0FC3
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000D0F4E
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000E006E
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000E0053
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000E0FE3
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000E0042
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000E001D
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 000C005B
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 000C0040
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 000C0076
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 000C000A
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 000C001B
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!socket 771636D1 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 01400F57
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 014000A7
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 014000DD
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 014000C2
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 01400F94
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 01400FD4
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 01400FA5
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 01400047
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 01400F83
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 01400062
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 01400036
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 01400F72
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 014000EE
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0140000A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 01400FE5
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0140001B
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 01400F3C
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 01DC002C
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!system 76FD8B63 5 Bytes JMP 01DC0FA1
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 01DC0FCD
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 01DC0FEF
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 01DC0FBC
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 01DC0FDE
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 013F0051
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 013F0FB9
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 013F000A
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 013F0040
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 013F006C
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 013F0025
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 013F0FE5
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 013F0FCA
.text C:\Windows\System32\svchost.exe[1008] WS2_32.dll!socket 771636D1 5 Bytes JMP 01DD0FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenA 76C103DD 5 Bytes JMP 01DB0FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenUrlA 76C120A3 5 Bytes JMP 01DB001E
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenW 76C12A58 5 Bytes JMP 01DB0FDE
.text C:\Windows\System32\svchost.exe[1008] WININET.DLL!InternetOpenUrlW 76C5AF79 5 Bytes JMP 01DB0FCD
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 001B00C7
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 001B0F81
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 001B00D8
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 001B0F41
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 001B0076
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 001B002F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 001B0065
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 001B0FA8
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 001B0091
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 001B004A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 001B0FC3
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 001B00A2
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 001B0F1C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 001B0014
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 001B0FEF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 001B0FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 001B0F66
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 001C0FB9
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 76FD8B63 5 Bytes JMP 001C0FD4
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 001C0029
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 001C0FEF
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 001C0044
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 001C0018
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 001A0047
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 001A0036
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 001A0FA5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 001A0F8A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 001A0FDB
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 001A0FC0
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 771636D1 5 Bytes JMP 001D0FEF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 01000F57
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 010000A7
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 010000DD
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 010000C2
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 01000082
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 01000025
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 01000FA8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0100005B
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 01000F83
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 01000FB9
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 01000040
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 01000F72
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 010000F8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0100000A
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 01000FEF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 01000FDE
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 01000F46
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 01050FA6
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!system 76FD8B63 5 Bytes JMP 01050031
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 01050FC1
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 01050FEF
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 01050016
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 01050FD2
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00DF004E
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00DF003D
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00DF0000
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00DF0FAC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00DF0069
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00DF002C
.text C:\Windows\System32\svchost.exe[1160] WS2_32.dll!socket 771636D1 5 Bytes JMP 01060FE5
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 010D0F74
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 010D0F85
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 010D00DF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 010D0F48
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 010D0095
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 010D002C
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 010D0084
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 010D0058
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 010D00A6
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 010D0073
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 010D0047
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 010D0F96
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 010D0F2D
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 010D0000
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 010D0FE5
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 010D0011
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 010D0F59
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 010E0069
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 76FD8B63 5 Bytes JMP 010E0FD4
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 010E0029
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 010E000C
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 010E0044
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 010E0FEF
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 010C002C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 010C001B
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 010C0FE5
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 010C0F8A
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 010C0F6F
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 010C0FB9
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 010C0FD4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 010C000A
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 771636D1 5 Bytes JMP 01270FEF
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 01050F08
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 01050058
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 01050084
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 01050069
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 01050F5C
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 01050FB6
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 01050F6D
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 01050022
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 01050047
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 01050F8A
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 01050F9B
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 01050F2D
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 01050ED2
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 01050011
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 01050000
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 01050FDB
.text C:\Windows\system32\svchost.exe[1344] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 01050EF7
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 01130051
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!system 76FD8B63 5 Bytes JMP 01130040
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 0113001B
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 01130FEF
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 01130FC6
.text C:\Windows\system32\svchost.exe[1344] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 01130000
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 01000073
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 01000FD1
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 01000058
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 01000FB6
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 0100002C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 0100001B
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 01000047
.text C:\Windows\system32\svchost.exe[1344] WS2_32.dll!socket 771636D1 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenA 76C103DD 5 Bytes JMP 010A0FE5
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenUrlA 76C120A3 5 Bytes JMP 010A0000
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenW 76C12A58 5 Bytes JMP 010A0FCA
.text C:\Windows\system32\svchost.exe[1344] WinInet.dll!InternetOpenUrlW 76C5AF79 5 Bytes JMP 010A0011
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 008300B3
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 008300A2
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 00830F4B
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 00830F5C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00830F88
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00830FD1
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 0083006C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 00830047
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 00830F77
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 00830FAF
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 00830FC0
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00830091
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 008300FD
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 0083001B
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0083002C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 008300CE
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 00850FB9
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 0085003A
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 0085000C
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00850FE5
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 0085001D
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 0082005B
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00820040
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00820FB9
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 0082006C
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00820025
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00820014
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00820FD4
.text C:\Windows\system32\svchost.exe[1544] WS2_32.dll!socket 771636D1 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 001D007F
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 001D006E
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 001D00A4
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 001D0F0D
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 001D0F54
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 001D0F6F
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 001D0F94
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 001D0049
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 001D0F39
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 001D0EFC
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 001D0F1E
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 0030004C
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00300027
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 00300FD2
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 00300FE3
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00300FC1
.text C:\Windows\system32\svchost.exe[1556] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00070F79
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00070FA5
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[1556] WS2_32.dll!socket 771636D1 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 008C00A9
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 008C0F59
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 008C0F3E
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 008C00CB
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 008C0069
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 008C0058
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 008C0036
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 008C007A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 008C0047
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 008C0F6A
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 008C00F0
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 008C0FB9
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 008C00BA
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 008D0058
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!system 76FD8B63 5 Bytes JMP 008D003D
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 008D0022
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 008D0FD7
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 008D0011
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00280FAF
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00280FD4
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00280051
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00280F94
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 0028002C
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 0028001B
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00280FE5
.text C:\Windows\system32\svchost.exe[1728] WS2_32.dll!socket 771636D1 5 Bytes JMP 008E0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000B0F79
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 000B00BF
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000B00EE
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000B0F4D
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 000B0FA5
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 000B0FDB
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 000B007F
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 000B0051
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000B0F94
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 000B0062
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 000B0FCA
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 000B00A4
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 000B0F3C
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 000B001B
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 000B000A
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 000B0036
.text C:\Windows\System32\svchost.exe[2092] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000B0F5E
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000C0F7F
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000C000A
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000C0FB5
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000C0FE3
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000C0FA4
.text C:\Windows\System32\svchost.exe[2092] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000C0FD2
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00050FA5
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00050F94
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00050011
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 000100B5
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00010F79
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 00010F54
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000100E1
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00010FAF
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00010093
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0001005B
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 000100A4
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 0001006C
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 0001004A
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00010106
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[2960] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000100C6
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00090F9B
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 00090FB6
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 00090000
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 0009003D
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00090062
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00090022
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 00090011
.text C:\Windows\Explorer.EXE[2960] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 00090FD1
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 000A0FB2
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!system 76FD8B63 5 Bytes JMP 000A0FC3
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 000A002C
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 000A0000
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 000A003D
.text C:\Windows\Explorer.EXE[2960] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 000A0011
.text C:\Windows\Explorer.EXE[2960] WS2_32.dll!socket 771636D1 5 Bytes JMP 02D4000A
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenA 76C103DD 5 Bytes JMP 02CB0FE5
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenUrlA 76C120A3 5 Bytes JMP 02CB0FCA
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenW 76C12A58 5 Bytes JMP 02CB0000
.text C:\Windows\Explorer.EXE[2960] WININET.dll!InternetOpenUrlW 76C5AF79 5 Bytes JMP 02CB001B
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!GetStartupInfoW 75A71929 5 Bytes JMP 00010091
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!GetStartupInfoA 75A719C9 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateProcessW 75A71C01 5 Bytes JMP 000100CE
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateProcessA 75A71C36 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!VirtualProtect 75A71DD1 5 Bytes JMP 00010054
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateNamedPipeW 75A75C44 5 Bytes JMP 00010FBC
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryExW 75A930C3 5 Bytes JMP 00010039
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryW 75A9361F 5 Bytes JMP 0001001E
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!VirtualProtectEx 75A98D7E 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryExA 75A99469 5 Bytes JMP 00010F7C
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!LoadLibraryA 75A99491 5 Bytes JMP 00010F97
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreatePipe 75AA0284 5 Bytes JMP 00010F55
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!GetProcAddress 75ABB8B6 5 Bytes JMP 00010F1C
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateFileW 75ABCC4E 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateFileA 75ABCF71 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!CreateNamedPipeA 75B041F6 5 Bytes JMP 00010FCD
.text C:\Windows\system32\svchost.exe[3872] kernel32.dll!WinExec 75B053E7 5 Bytes JMP 000100A2
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_wsystem 76FD8A47 5 Bytes JMP 00050FA6
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!system 76FD8B63 5 Bytes JMP 00050FC1
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_creat 76FDC6F1 5 Bytes JMP 00050FE3
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_open 76FDDA7E 5 Bytes JMP 0005000C
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_wcreat 76FDDC9E 5 Bytes JMP 00050FD2
.text C:\Windows\system32\svchost.exe[3872] msvcrt.dll!_wopen 76FDDE79 5 Bytes JMP 0005001D
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyExA 7591B5E7 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyA 7591B8AE 5 Bytes JMP 0006005B
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyA 75920BF5 5 Bytes JMP 0006000A
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyW 7592B83D 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegCreateKeyExW 7592BCE1 5 Bytes JMP 00060FA8
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyExA 7592D4E8 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyW 75933CB0 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!RegOpenKeyExW 7593F09D 5 Bytes JMP 0006004A
.text C:\Windows\system32\svchost.exe[3872] WS2_32.dll!socket 771636D1 5 Bytes JMP 00070000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll
---- Files - GMER 1.0.15 ----
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAJ1NR27.jpg 4759 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAKSYIUW.jpg 1773 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMFJ6FE.jpg 1656 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMUHNG0.jpg 2738 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAMZ5WB6.jpg 2443 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAO39XXD.jpg 1868 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAODHXYK.jpg 3891 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAOYJDFM.jpg 2330 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPDHNES.jpg 2480 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPSYRLE.jpg 2558 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAPTFHZJ.jpg 4206 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQDEAVN.jpg 3129 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAQF3PIO.jpg 2253 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCARBTJ8T.jpg 2470 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAT4VIUV.jpg 4271 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCATFFNWT.jpg 1570 bytes
File C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T37V6OSS\defaultCAU68LBC.jpg 3095 bytes
File C:\Windows\System32\drivers\gaopdxxfcjqwsbcdtppviyidqynpteqqpnixno.sys 38400 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gaopdxcounter 4 bytes
File C:\Windows\System32\gaopdxucqvxyhvysrketqhtbcvuclntiooqoxr.dll 19456 bytes executable
---- EOF - GMER 1.0.15 ----