GMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-05 19:18:48
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF72A21C8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF72A2086]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF72A2020]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF72A2034]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF72A209A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF72A20C6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF72A2134]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF72A211E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF72A214A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72A2208]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF72A2176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF72A2072]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72A1FE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72A1FF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF72A21DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF72A21B2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF72A2108]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF72A20F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF72A20B0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF72A219E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF72A218A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF72A205E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF72A204A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF72A20DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF72A2237]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF72A2160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF72A221E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF72A21F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP F72A21F6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP F72A21CC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP F72A220C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP F72A2222 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP F72A21E0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP F72A1FE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP F72A1FFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP F72A204E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP F72A2038 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP F72A2024 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP F72A2062 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP F72A223B mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP F72A20F6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP F72A20E0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP F72A2164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP F72A210C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP F72A20B4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP F72A208A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP F72A209E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP F72A20CA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP F72A2138 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP F72A2122 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP F72A2076 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP F72A21B6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP F72A218E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 8062559A 7 Bytes JMP F72A214E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP F72A21A2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP F72A217A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700FAF
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007000A4
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700087
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0070005B
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F52
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F6D
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007000DA
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F41
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00700F26
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00700076
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0070001B
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00700F94
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00700040
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007000B5
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 006F0065
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 006F0F9E
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 006F0040
.text C:\WINDOWS\System32\svchost.exe[600] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 006F002F
.text C:\WINDOWS\System32\svchost.exe[600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0FAF
.text C:\WINDOWS\System32\svchost.exe[600] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E003A
.text C:\WINDOWS\System32\svchost.exe[600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0029
.text C:\WINDOWS\System32\svchost.exe[600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\System32\svchost.exe[600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0018
.text C:\WINDOWS\System32\svchost.exe[600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700F65
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0070005A
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F80
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700F91
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0070002C
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F2F
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F40
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007000B7
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F1E
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00700EF9
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0070003D
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0070006B
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0070001B
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0070009C
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 006F001B
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 006F0F8A
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 006F0FA5
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 006F0051
.text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 006F0036
.text C:\WINDOWS\System32\svchost.exe[680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0070
.text C:\WINDOWS\System32\svchost.exe[680] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E005F
.text C:\WINDOWS\System32\svchost.exe[680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0029
.text C:\WINDOWS\System32\svchost.exe[680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E004E
.text C:\WINDOWS\System32\svchost.exe[680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\svchost.exe[680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01220FEF
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01220093
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01220F94
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01220FA5
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01220FC0
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01220051
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01220F68
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01220F79
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012200DC
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01220F43
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01220F28
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01220062
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0122000A
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 012200A4
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0122002C
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0122001B
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 012200CB
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0F79
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0F9E
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0F8B
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0F9C
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FB7
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\services.exe[704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F80
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F9B
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40075
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40058
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40036
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F4009C
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F54
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F0D
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F28
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F400C1
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F40047
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F40F65
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F40F43
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F30FCD
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F30F97
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F30FDE
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F3004A
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00F30039
.text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F30FB2
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F2005F
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F2004E
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD4
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F2000C
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20033
.text C:\WINDOWS\system32\lsass.exe[740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F30
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF002F
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF001E
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F6B
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FA1
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0EFD
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F0E
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0067
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0ED8
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BF0078
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BF0F86
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BF0F1F
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BF0FCD
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BF0056
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BE0F94
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BE0051
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD007F
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0064
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0038
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0053
.text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD001D
.text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90079
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90F7A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F97
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E9004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90039
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F5D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E900A5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E900DB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900CA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E90F1D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E90FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E90FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E90094
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E9001E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E90FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E90F4C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E80FBC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E8004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E80FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E80FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E80F97
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E80FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E80039
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E80028
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70F92
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70027
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FB7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E7000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E1009F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10FAA
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1008E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10073
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F7E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F8F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E1010D
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E100FC
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E10F63
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E10062
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E100B0
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E100EB
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E00FD1
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E00F80
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E00022
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E00011
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E0003D
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E00FA5
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E00FB6
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0033
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FB2
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FCD
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0022
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0000
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 023A000A
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 023A0F8D
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 023A0FA8
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 023A0082
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 023A0065
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 023A0FC3
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 023A00CB
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 023A00BA
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 023A0F57
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 023A00F0
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 023A0F32
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 023A004A
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 023A001B
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 023A0093
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 023A0FD4
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 023A0FE5
.text C:\WINDOWS\System32\svchost.exe[1012] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 023A0F68
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01960FC3
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01960054
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01960FDE
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01960014
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01960F97
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01960FEF
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01960FA8
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [B6, 89] {MOV DH, 0x89}
.text C:\WINDOWS\System32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0196002F
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0195005A
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 01950FD9
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0195002E
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01950000
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0195003F
.text C:\WINDOWS\System32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01950011
.text C:\WINDOWS\System32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0194000A
.text C:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02390000
.text C:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02390FE5
.text C:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0239001B
.text C:\WINDOWS\System32\svchost.exe[1012] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02390036
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B400B6
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B4009B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40FC3
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40080
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40040
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B400EC
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B400D1
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B40F64
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B400FD
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B40F53
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B40065
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B40FDE
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B40FA6
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40025
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40014
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B40F89
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B30025
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30047
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B30FD4
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B30F94
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B30036
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30FB9
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20055
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20044
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B2000C
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20029
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B1000A
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0078
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD005D
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0F83
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0040
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD002F
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F61
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F72
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD00DF
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0F46
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DD0F2B
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DD0F9E
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DD009D
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DD0014
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DD00C4
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DA0FB9
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DA0F68
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DA0F83
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DA002F
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DA0FA8
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D90FB7
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D90042
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90027
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90FD2
.text C:\WINDOWS\system32\svchost.exe[1144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90FE3
.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00DC0FC3
.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00DC0FB2
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90078
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90067
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F8D
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90FA8
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E9002F
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F52
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E9009A
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F2D
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900C6
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E90F12
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E9004A
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E90089
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E90014
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E90FC3
.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E900AB
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E80F9E
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E80F8D
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E80FB9
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E80025
.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70040
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70FB5
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[1556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70FC6
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02570000
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025700BA
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025700A9
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02570098
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02570087
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02570058
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02570FA8
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025700F0
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02570F7C
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0257010B
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02570130
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02570FDB
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02570025
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 025700D5
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02570047
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02570036
.text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02570F8D
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02550FC3
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0255005B
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02550FDE
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0255000A
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02550F9E
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02550FEF
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02550040
.text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0255002F
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02540F92
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!system 77C293C7 5 Bytes JMP 02540FAD
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02540FD2
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02540000
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02540027
.text C:\WINDOWS\Explorer.EXE[1588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02540FE3
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02560FEF
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02560FD4
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0256000A
.text C:\WINDOWS\Explorer.EXE[1588] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02560025
.text C:\WINDOWS\Explorer.EXE[1588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02530000
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650073
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F7E
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F8F
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650058
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F46
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F57
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500BA
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F21
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650F06
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0065008E
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650014
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0065009F
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640036
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0064007D
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0064006C
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0064005B
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630F9A
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FAB
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FD2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01500000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01500F8A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01500089
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0150006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01500FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01500FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01500F48
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01500F63
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015000E1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 015000BC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01500F2D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01500047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01500011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0150009A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0150002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01500FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 015000AB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 014F0FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 014F0FA8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 014F001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 014F0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 014F005B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 014F0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 014F004A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 014F0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_wsystem 77C2931E 3 Bytes JMP 014E0F7F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_wsystem + 4 77C29322 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!system 77C293C7 3 Bytes JMP 014E0F90
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!system + 4 77C293CB 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_creat 77C2D40F 3 Bytes JMP 014E0FBC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_creat + 4 77C2D413 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014E0FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_wcreat 77C2FC9B 3 Bytes JMP 014E0FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_wcreat + 4 77C2FC9F 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014E0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014D0FEF
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F88
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A007D
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A006C
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004A
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00BD
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00A2
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F3F
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D8
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F2E
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F77
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290044
.text C:\WINDOWS\system32\dllhost.exe[3400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290033
.text C:\WINDOWS\system32\dllhost.exe[3400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290018
.text C:\WINDOWS\system32\dllhost.exe[3400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[3400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FC3
.text C:\WINDOWS\system32\dllhost.exe[3400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FDE
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0FC0
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0073
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0FD1
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0062
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\dllhost.exe[3400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A7000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- Files - GMER 1.0.15 ----
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\GlobeTrotting\GlobeTrotting_Bkg.jpg 109490 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\GlobeTrotting\GlobeTrotting_Chp.psd 12230 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\GlobeTrotting\GlobeTrotting_Fol.psd 51669 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\Grape\Grape_Bkg.jpg 36358 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\Grape\Grape_Chp.psd 21333 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\Grape\Grape_Fol.psd 57289 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\Halloween 01\Halloween01_Bkg.jpg 112547 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\Halloween 01\Halloween01_Chp.psd 44997 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\Halloween 01\Halloween01_Fol.psd 71248 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\HollyDay\Hollyday_Bkg.jpg 120655 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\HollyDay\Hollyday_Chp.psd 33037 bytes
File C:\Program Files\Sonic\MyDVD\Styles\PAL\Default Styles\HollyDay\Hollyday_Fol.psd 60338 bytes
---- EOF - GMER 1.0.15 ----