ComboFix 07-08-30.1 - "Chris Gray" 2007-08-29 12:49:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.491 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\cookies.ini
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))
2007-08-29 12:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 11:15 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-29 11:07 <DIR> d-------- C:\Program Files\CCleaner
2007-08-28 19:58 <DIR> d-------- C:\VundoFix Backups
2007-08-28 14:05 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Media Player Classic
2007-08-28 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-27 21:13 <DIR> d-------- C:\backup
2007-08-27 18:08 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Apple Computer
2007-08-27 18:06 <DIR> d-------- C:\Program Files\iTunes
2007-08-27 18:06 <DIR> d-------- C:\Program Files\iPod
2007-08-27 18:03 <DIR> d-------- C:\Program Files\QuickTime
2007-08-27 18:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-27 18:01 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-27 17:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-27 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-27 16:53 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\AdobeUM
2007-08-27 16:40 <DIR> d-------- C:\WINDOWS\Cache
2007-08-27 13:07 57,344 --a------ C:\WINDOWS\system32\itmreg.dll
2007-08-27 13:07 548,864 --a------ C:\WINDOWS\system32\Triad2003e.dll
2007-08-27 13:07 <DIR> d-------- C:\Program Files\Triad Interactive
2007-08-27 13:07 <DIR> d-------- C:\Program Files\SimNet 2003 Enterprise
2007-08-26 10:27 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-08-26 10:27 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-08-26 10:27 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-08-26 10:27 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-08-26 10:27 <DIR> d-------- C:\Program Files\Webroot
2007-08-26 10:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-08-26 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-26 10:26 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Webroot
2007-08-25 21:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-25 21:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-25 02:00 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-08-25 02:00 <DIR> d-------- C:\Program Files\YVD
2007-08-24 09:08 <DIR> d-------- C:\Program Files\Intelore
2007-08-24 09:02 <DIR> d-------- C:\Program Files\Passware
2007-08-23 14:00 91,136 --a------ C:\WINDOWS\system32\drivers\p4.exe
2007-08-23 14:00 89,088 --a------ C:\WINDOWS\system32\drivers\p5.exe
2007-08-23 14:00 84,480 --a------ C:\WINDOWS\system32\drivers\p6.exe
2007-08-23 10:21 <DIR> d--hs---- C:\Diskeeper
2007-08-23 09:28 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-08-23 09:27 <DIR> d-------- C:\Program Files\X64
2007-08-23 09:24 <DIR> d-------- C:\Program Files\X86
2007-08-23 09:20 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-08-23 09:16 <DIR> d-------- C:\Program Files\propremierx86v110686
2007-08-23 09:15 35,085,416 --a------ C:\Program Files\Diskeeper2007-ProPremier.exe
2007-08-23 09:15 31,449,264 --a------ C:\Program Files\Diskeeper2007-Server.exe
2007-08-23 09:15 <DIR> d-------- C:\Program Files\propremierx64v110686
2007-08-23 09:15 <DIR> d-------- C:\Program Files\Disskeeper2007.License
2007-08-23 09:14 52,126,144 --a------ C:\Program Files\Diskeeper2007-Administrator.exe
2007-08-23 09:14 35,536,256 --a------ C:\Program Files\Diskeeper2007-EnterpriseServer.exe
2007-08-23 09:14 35,460,384 --a------ C:\Program Files\Diskeeper2007-Professional.exe
2007-08-23 09:14 14,539,984 --a------ C:\Program Files\Diskeeper2007-Home.exe
2007-08-23 09:02 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-08-23 09:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-23 09:01 <DIR> d-------- C:\Program Files\GameMinimizer
2007-08-23 09:00 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-23 08:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-23 08:59 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-23 08:55 <DIR> dr-h----- C:\MSOCache
2007-08-23 08:54 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-23 08:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-08-23 08:43 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-23 08:43 32,256 --a------ C:\WINDOWS\system32\aecache.exe
2007-08-23 08:35 <DIR> d-------- C:\Program Files\Siber Systems
2007-08-23 08:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
2007-08-23 08:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-08-23 08:26 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2007-08-23 08:17 <DIR> d-------- C:\Program Files\VoiceOverlay
2007-08-22 23:47 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\vlc
2007-08-22 23:22 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-21 22:40 <DIR> d-------- C:\Program Files\visual boy
2007-08-21 17:01 594,238 --a--c--- C:\WINDOWS\system32\dllcache\es56hpi.sys
2007-08-21 17:01 594,238 --a------ C:\WINDOWS\system32\drivers\es56hpi.sys
2007-08-21 17:01 49,152 --------- C:\WINDOWS\remvess.exe
2007-08-21 17:01 163,840 --------- C:\WINDOWS\essspk.exe
2007-08-21 17:01 <DIR> d-------- C:\WINDOWS\options
2007-08-21 17:00 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\WinRAR
2007-08-21 16:22 <DIR> d-------- C:\DOCUME~1\CHRISG~1\Contacts
2007-08-21 16:20 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-21 16:14 <DIR> d-------- C:\Program Files\PCPitstop
2007-08-21 16:11 <DIR> d-------- C:\Program Files\uTorrent
2007-08-21 16:10 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\uTorrent
2007-08-21 13:50 1,458,176 --a------ C:\WINDOWS\system\SmWizard.exe
2007-08-21 13:42 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-08-21 13:41 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-21 13:39 <DIR> d-------- C:\SOYO
2007-08-21 13:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-21 13:33 <DIR> d---s---- C:\Program Files\Xfire
2007-08-21 13:33 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Xfire
2007-08-21 13:22 <DIR> d-------- C:\Program Files\Call of Duty
2007-08-21 12:54 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\ATI
2007-08-21 12:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
2007-08-21 12:51 <DIR> d-------- C:\Program Files\Steam
2007-08-21 12:50 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-21 12:49 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-21 12:49 <DIR> d-------- C:\ATI
2007-08-21 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-21 11:59 <DIR> d-------- C:\Program Files\Download Manager
2007-08-21 11:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IGN_DLM
2007-08-21 11:43 <DIR> d-------- C:\WINDOWS\system32\Defaults
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-29 11:59 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-08-21 10:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-21 10:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-21 10:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-27 22:44 45296 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-07-27 20:30 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-27 20:30 2371584 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-27 20:12 3067712 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-27 20:01 1550208 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-27 19:40 450560 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-10-16 14:09 1209 --a------ C:\Program Files\License.dal
2006-10-01 02:24 73728 --a------ C:\Program Files\Autorun.exe
2001-11-22 20:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 04:00]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-29 11:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-08-21 12:54]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-08-23 08:35]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 03:29]
"MSConfig32"="C:\WINDOWS\system32\aecache.exe" [2007-08-29 12:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*MSConfig32"=C:\WINDOWS\system32\aecache.exe
C:\DOCUME~1\CHRISG~1\STARTM~1\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-08-23 16:41:12]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
C:\WINDOWS\system32\aecache.exe
Contents of the 'Scheduled Tasks' folder
2007-08-28 01:01:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-21 17:29:23 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-21 17:29:21 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-30 12:50:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-30 12:51:47
C:\ComboFix-quarantined-files.txt ... 2007-08-30 12:51
--- E O F ---
GMER 1.0.13.12551 -
http://www.gmer.net
Rootkit scan 2007-08-30 12:58:26
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
---- Kernel code sections - GMER 1.0.13 ----
.text ntoskrnl.exe!ZwYieldExecution 80509014 7 Bytes JMP A8F385BA \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 805793A1 7 Bytes JMP A8F38590 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtCreateFile 8057D3C4 5 Bytes JMP A8F3857C \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057E2A3 5 Bytes JMP A8F385E6 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E71B 7 Bytes JMP A8F385D0 \SystemRoot\system32\drivers\mfehidk.sys
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F724B62C 5 Bytes JMP 864DE1C8
? System32\Drivers\arcavo9z.SYS The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.
? C:\DOCUME~1\CHRISG~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified.
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F70
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F81
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F9C
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F49
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0007009B
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700E2
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700C7
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00070F2E
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0007008A
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[652] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 000700AC
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[652] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EF0F4B
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EF0040
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EF0F72
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EF002F
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EF0FA8
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EF0089
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EF0078
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EF00C9
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EF0F30
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00EF0F1F
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00EF0F97
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00EF005B
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\lsass.exe[664] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00EF00A4
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00EE002C
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00EE0087
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00EE0FDB
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00EE001B
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00EE006C
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00EE0051
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00EE000A
.text C:\WINDOWS\system32\lsass.exe[664] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00EE0FC0
.text C:\WINDOWS\system32\lsass.exe[664] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00EC000A
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00840F48
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00840F59
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00840F76
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00840F87
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00840022
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00840062
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00840F1A
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00840084
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00840EF5
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00840ED0
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00840033
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00840FDB
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00840F37
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00840011
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00840FC0
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00840073
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0083002F
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0083006F
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00830FDE
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00830FA8
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00830FC3
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0083000A
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00830040
.text C:\WINDOWS\system32\svchost.exe[840] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00990F8A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0099007F
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00990FA5
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00990062
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00990FCA
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00990F52
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00990F6D
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00990F0B
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00990F26
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009900B5
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00990FE5
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009900A4
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0099002C
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00990011
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00990F41
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00980FB9
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0098005B
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00980FD4
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00980FE5
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00980F9E
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00980040
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00980025
.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00960FEF
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02810000
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0281008E
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0281007D
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02810FA5
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02810058
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0281002C
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02810F74
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 028100B0
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02810103
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 028100F2
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02810F59
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02810047
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02810FE5
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0281009F
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0281001B
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02810FCA
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 028100D7
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02800014
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02800F5E
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02800FC3
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02800FD4
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02800F83
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02800025
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02800FEF
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02800F9E
.text C:\WINDOWS\System32\svchost.exe[1008] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 027E0000
.text C:\WINDOWS\System32\svchost.exe[1008] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 01DE0000
.text C:\WINDOWS\System32\svchost.exe[1008] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 01DE0011
.text C:\WINDOWS\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 01DE0FD1
.text C:\WINDOWS\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 42C7AB2D 5 Bytes JMP 01DE0FC0
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0090005D
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00900F68
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00900F79
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00900036
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00900025
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00900F1F
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00900F3C
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00900EF0
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00900089
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80ADA0 1 Byte [ E9 ]
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetProcAddress + 2 7C80ADA2 3 Bytes [ 52, 0F, 84 ]
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00900F9E
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00900F4D
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00900FB9
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00900078
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008F0036
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008F0FA8
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008F0FE5
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008F0025
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008F0FB9
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008F000A
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008F005B
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00820000
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00820082
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00820F8D
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00820071
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00820FA8
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0082004A
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00820093
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00820F4B
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008200AE
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00820F15
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00820F04
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00820FC3
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00820FE5
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00820F68
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00820025
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00820FD4
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00820F30
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0081002C
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00810F79
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0081001B
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00810FE5
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00810F8A
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00810FA5
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00810000
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00810FB6
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00770000
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BD007D
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BD0F88
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BD0F99
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BD0058
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BD0FB6
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BD00DA
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BD00BF
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BD0F52
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BD0F6D
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BD0F37
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BD003D
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BD0FDB
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BD0098
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BD0022
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BD0011
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BD00EB
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BC002F
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BC000A
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BC005B
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BC004A
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[1188] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 00B90000
.text C:\WINDOWS\System32\svchost.exe[1188] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 00B90FDB
.text C:\WINDOWS\System32\svchost.exe[1188] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 00B90FCA
.text C:\WINDOWS\System32\svchost.exe[1188] WININET.dll!InternetOpenUrlW 42C7AB2D 5 Bytes JMP 00B90FAF
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1284] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ AB, FA, C3, 83 ]
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00650085
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00650F86
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00650F97
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0065002F
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00650F5A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006500A2
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006500E9
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006500D8
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006500FA
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0065004A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00650F75
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 006500BD
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0064005B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00640F94
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00640FAF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1528] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00620FEF
.text C:\WINDOWS\System32\svchost.exe[3176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[3176] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A00D0
.text C:\WINDOWS\System32\svchost.exe[3176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A00B5
.text C:\WINDOWS\System32\svchost.exe[3176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0098
.te