I was able to run th Gmer and delete the programs but not able to run the combofix. This is the Gmer log
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-04-22 19:29:29
Windows 5.1.2600 Service Pack 3
Running: c05ws5ly.exe; Driver: E:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypod.sys
---- System - GMER 1.0.15 ----
SSDT F8B45B86 ZwCreateKey
SSDT F8B45B7C ZwCreateThread
SSDT F8B45B8B ZwDeleteKey
SSDT F8B45B95 ZwDeleteValueKey
SSDT F8B45B9A ZwLoadKey
SSDT F8B45B68 ZwOpenProcess
SSDT F8B45B6D ZwOpenThread
SSDT F8B45BA4 ZwReplaceKey
SSDT F8B45B9F ZwRestoreKey
SSDT F8B45B90 ZwSetValueKey
SSDT F8B45B77 ZwTerminateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEEB97799]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEB97747]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEEB9775B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEEB978EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEEB978D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEB977D9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEEB97918]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEEB9781C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEB977AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEEB9795E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEEB978C0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEEB978AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEEB97862]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEEB97785]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEEB97771]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEEB97902]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEB977EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEB977C3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP EEB977C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568EE9 5 Bytes JMP EEB97820 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A382 7 Bytes JMP EEB978AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP EEB9779D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80570441 5 Bytes JMP EEB97775 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 805732AD 7 Bytes JMP EEB97962 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 7 Bytes JMP EEB978F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP EEB977B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP EEB977F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP EEB977DD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP EEB9775F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058BA5D 5 Bytes JMP EEB9791C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590669 7 Bytes JMP EEB978DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B135A 5 Bytes JMP EEB9774B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD47 5 Bytes JMP EEB97789 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA6A 7 Bytes JMP EEB97906 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E390 7 Bytes JMP EEB978C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E80E 7 Bytes JMP EEB97866 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init E:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF88D2720]
init E:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7E91F80]
---- User code sections - GMER 1.0.15 ----
.text e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070047
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F52
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F6F
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F8A
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F2D
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070075
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700C6
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700AB
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F12
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FA5
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDE
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070058
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001B
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007000A
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070090
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FCA
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F9B
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060062
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060051
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060036
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA6
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050031
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0005000C
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC1
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text E:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FEF
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F000AC
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00091
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00076
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00065
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F0002F
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F6E
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F7F
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000F6
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F5D
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00111
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00040
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FD4
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F9C
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00014
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FC3
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000DB
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FB9
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F68
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FD4
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF000A
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0F79
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0F9E
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0025
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0058
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE003D
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0011
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0022
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FD7
.text E:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0000
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0F8B
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0F9C
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF0076
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0065
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF0FC3
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF00A5
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0F69
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00C7
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0F38
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF00EC
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF004A
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FE5
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF0F7A
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF0FD4
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF001B
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF00B6
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EE0FB9
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EE0F8D
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EE0FD4
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EE0FE5
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EE0F9E
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EE0000
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EE0040
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EE002F
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00ED0FB9
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00ED0044
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00ED0FD4
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00ED000C
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00ED0033
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00ED0FEF
.text E:\WINDOWS\system32\svchost.exe[900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EC0FE5
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C2000A
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C2009B
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20FA6
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20080
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20065
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FC3
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F75
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200BD
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F64
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200FD
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F53
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20054
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FEF
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C200AC
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C2002F
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FD4
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C200E2
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10FB9
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10062
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10FCA
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10FDB
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10047
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C10036
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10025
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00031
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FA6
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C0000C
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FB7
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FDE
.text E:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 050A0FEF
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 050A0F88
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 050A0F99
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 050A0073
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 050A0058
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 050A0FC0
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 050A0F3F
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 050A0F66
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 050A0F09
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 050A0F24
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 050A0EF8
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 050A0047
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 050A000A
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 050A0F77
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 050A002C
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 050A001B
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 050A00A2
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05090039
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05090FA1
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05090FDE
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05090FEF
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05090FBC
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0509000A
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 05090FCD
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [29, 8D]
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05090054
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0503001B
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 05030F90
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05030FC6
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05030000
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05030FAB
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05030FE3
.text E:\WINDOWS\System32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02720000
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02710FE5
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0271000A
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02710FCA
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0271001B
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0FEF
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0040
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0F4B
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0F68
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0025
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0F8D
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0F09
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C005B
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0098
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C007D
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C00A9
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C000A
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0FD4
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0F30
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0F9E
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0FB9
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C006C
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B002F
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B004A
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0014
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0FDE
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0F8D
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0FEF
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008B0F9E
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AB, 88]
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0FC3
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0FBE
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0049
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A001D
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A002E
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FE3
.text E:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00890000
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F32
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F4D
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90027
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F68
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90F8A
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90069
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B9004C
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90084
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90EEB
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90EDA
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F79
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FDB
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F21
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FA5
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FC0
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F06
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B8000A
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80076
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FC3
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FDE
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B8005B
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80040
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8002F
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FAD
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70038
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70016
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70027
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FD2
.text E:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60000
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F6D
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F88
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0062
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0051
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002C
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F50
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0098
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00BD
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F24
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00CE
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FAF
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FDB
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0087
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FCA
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0011
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F3F
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FAF
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F54
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930000
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FCA
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F65
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FE5
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930011
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930F94
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092004E
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB9
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD4
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920029
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FEF
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FEF
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900025
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FCA
.text E:\WINDOWS\system32\svchost.exe[1692] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC007F
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F8A
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC006E
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0051
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0036
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00D2
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00C1
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00F4
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00E3
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0105
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FAF
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC000A
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A4
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0025
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FD4
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F6F
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0FDB
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0087
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB002C
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB001B
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB006C
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB000A
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FCA
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0051
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FD4
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FE5
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA003A
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0055
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA001D
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FE5
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0025007D
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F88
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F99
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250062
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250036
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500BA
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002500A9
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F46
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500DF
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500FA
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250051
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025000A
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0025008E
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FCA
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0025001B
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F57
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340FD4
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0034007D
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FE5
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340011
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340062
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340047
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340036
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0035002C
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!system 77C293C7 5 Bytes JMP 0035001B
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FBC
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FAB
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FD7
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0000
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB0011
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0022
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0033
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01590000
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A009D
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A008C
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FA8
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0065
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004A
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B8
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F7C
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D3
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F3A
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F1F
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FC3
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FEF
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F8D
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A002F
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDE
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F5F
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290014
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F68
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F83
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F9E
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290025
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0047
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A002C
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD7
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FBC
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0011
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FEF
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FD4
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0025
.text E:\WINDOWS\Explorer.EXE[3368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E60000
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F58
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F69
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F7A
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F97
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FA8
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F05
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F20
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0025008D
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0025007C
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0025009E
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250039
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FD4
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250F47
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250014
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FB9
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250EF4
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0034002F
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0034005B
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FDE
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340014
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340F9E
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0034004A
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340FC3
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350FB7
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FD2
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350038
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FE3
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350011
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01AE0FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01AE0000
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01AE0011
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01AE0FC0
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ws2_32.dll!socket 71AB4211 5 Bytes JMP 024C0000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F66
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F77
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F9E
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0025005B
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FCA
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500A7
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250080
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500DA
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500C9
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250F26
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250FB9
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025001B
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250F55
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250040
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002500B8
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340FD4
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340073
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340025
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340062
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340047
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340036
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350049
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FBE
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0035001D
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0035002E
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FE3
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01BE000A
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01BE0FE5
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01BE001B
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01BE0FC0
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ws2_32.dll!socket 71AB4211 5 Bytes JMP 024C0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\FineReaderSprint.FRSprintWord.6@ FineReaderSprint.FRSprintWord.6
Reg HKLM\SOFTWARE\Classes\FineReaderSprint.FRSprintWord.6\CLSID
Reg HKLM\SOFTWARE\Classes\FineReaderSprint.FRSprintWord.6\CLSID@ {60A6D1B7-1FF4-49b7-9EA7-D1FF5166FEC6}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer@ RstrCC.RstrProgress.1
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16@ Veetle Broadcaster Plugin 0.9.16
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CLSID
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CLSID@ {B91B0A7A-B6E9-476D-8560-4ACA2E3C01B1}
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CurVer
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CurVer@ Veetle Broadcaster Plugin 0.9.16
Reg HKLM\SOFTWARE\Classes\Veetle TV Core 0.9.16@ Veetle TV Core
Reg HKLM\SOFTWARE\Classes\Veetle TV Core 0.9.16\CLSID
Reg HKLM\SOFTWARE\Classes\Veetle TV Core 0.9.16\CLSID@ {1EB0FE44-B210-47FE-BADE-04D617312B39}
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16@ Veetle TV Player 0.9.16
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CLSID
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CLSID@ {8A4227BF-0CC2-4EEF-B076-DAFFF941EEA5}
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CurVer
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CurVer@ Veetle TV Player 0.9.16
---- EOF - GMER 1.0.15 ----