Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
11/25/2009 4:13:11 PM
mbam-log-2009-11-25 (16-13-11).txt
Scan type: Full Scan (C:\|)
Objects scanned: 162034
Time elapsed: 36 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
gmer:
GMER 1.0.15.15252 -
http://www.gmer.netRootkit scan 2009-11-25 17:40:45
Windows 5.1.2600 Service Pack 2
Running: b2m0osis.exe; Driver: C:\DOCUME~1\frankee\LOCALS~1\Temp\kxtdypow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB0A4178A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB0A41821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0A41738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB0A4174C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0A41835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB0A41861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB0A418CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB0A418B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB0A417CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB0A418FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB0A4180D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0A41710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0A41724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB0A4179E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB0A41937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB0A418A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB0A4188D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB0A4184B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0A41923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB0A4190F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB0A41776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB0A41762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB0A41877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB0A417F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB0A418E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB0A417E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB0A417B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AB0 7 Bytes JMP B0A417B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F8E 5 Bytes JMP B0A4178E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E34 7 Bytes JMP B0A417CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C42 5 Bytes JMP B0A417E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7218 7 Bytes JMP B0A417A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA156 5 Bytes JMP B0A41714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3E2 5 Bytes JMP B0A41728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCBA0 5 Bytes JMP B0A41766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE76 7 Bytes JMP B0A41750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFF2C 5 Bytes JMP B0A4173C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0436 5 Bytes JMP B0A4177A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1680 5 Bytes JMP B0A417FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8062065C 7 Bytes JMP B0A41891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806209AA 5 Bytes JMP B0A41913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80620C62 7 Bytes JMP B0A4187B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620F2A 7 Bytes JMP B0A418E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80621770 7 Bytes JMP B0A418A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621FC8 7 Bytes JMP B0A4184F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806225A2 5 Bytes JMP B0A41825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80622A32 7 Bytes JMP B0A41839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622C02 7 Bytes JMP B0A41865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE2 7 Bytes JMP B0A418D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062304C 7 Bytes JMP B0A418BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80623938 5 Bytes JMP B0A41811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80623C5C 7 Bytes JMP B0A4193B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80624182 5 Bytes JMP B0A41927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8062429C 5 Bytes JMP B0A418FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F83
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0078
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0067
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0025
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00C4
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F72
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00F0
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00D5
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F46
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0040
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0093
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F57
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00280036
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00280069
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0028001B
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0028000A
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00280058
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00280FE5
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00280FB6
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [48, 88]
.text C:\WINDOWS\explorer.exe[180] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00280047
.text C:\WINDOWS\explorer.exe[180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FB7
.text C:\WINDOWS\explorer.exe[180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FC8
.text C:\WINDOWS\explorer.exe[180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029002E
.text C:\WINDOWS\explorer.exe[180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290000
.text C:\WINDOWS\explorer.exe[180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FD9
.text C:\WINDOWS\explorer.exe[180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290011
.text C:\WINDOWS\explorer.exe[180] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 002B0000
.text C:\WINDOWS\explorer.exe[180] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[180] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 002B001B
.text C:\WINDOWS\explorer.exe[180] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 002B002C
.text C:\WINDOWS\explorer.exe[180] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B00B8
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B00A7
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0080
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B00DF
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F8D
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0112
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0101
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0123
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B004A
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[396] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B00F0
.text C:\WINDOWS\system32\wuauclt.exe[396] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F8B
.text C:\WINDOWS\system32\wuauclt.exe[396] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290F9C
.text C:\WINDOWS\system32\wuauclt.exe[396] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FB7
.text C:\WINDOWS\system32\wuauclt.exe[396] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[396] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\wuauclt.exe[396] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FDE
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F79
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002A0F94
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [4A, 88]
.text C:\WINDOWS\system32\wuauclt.exe[396] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070067
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F3C
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F17
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700BA
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00070EFC
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00070078
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0007009F
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0006006F
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050042
.text C:\WINDOWS\system32\services.exe[844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FC1
.text C:\WINDOWS\system32\services.exe[844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F30089
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F3006E
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F30F94
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F30FA5
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F3003D
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F30F52
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F300A4
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F300D0
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F300B5
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F300EB
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F30FB6
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F3001B
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F30F79
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F3002C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F30F37
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20014
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20F7C
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F20FC3
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F20039
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00F20F97
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [12, 89]
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F20FA8
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10049
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10FBE
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F1001D
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F1000C
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F1002E
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CF007D
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CF0F88
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CF0F99
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CF0062
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CF0FD1
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CF0F52
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CF0F63
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF00DA
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF00BF
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CF0F26
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CF008E
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CF0047
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CF0F41
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE006C
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00CE0051
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00CE0FAF
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0064
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0053
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0027
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0042
.text C:\WINDOWS\system32\svchost.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009C0F6B
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009C0F86
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009C0F97
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009C0FB2
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009C002F
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009C0F22
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009C0F3F
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009C0EEF
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009C0F00
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009C0EDE
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009C004A
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009C0F50
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009C0F11
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F79
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 009B0F8A
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 009B0F9B
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FD2
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FE3
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0038
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0049
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A001D
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03220FEF
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03220F46
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03220F61
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03220F72
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 03220025
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03220FA8
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03220082
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 03220067
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03220EFD
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03220F0E
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 03220EEC
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 03220F8D
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0322000A
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 03220056
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 03220FB9
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 03220FD4
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 03220F1F
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03050FC0
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03050F94
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03050FDB
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03050011
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 03050047
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 03050000
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 03050FA5
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [25, 8B]
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0305002C
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03040047
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 03040FBC
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03040011
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03040FE3
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0304002C
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03040000
.text C:\WINDOWS\System32\svchost.exe[1180] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 03020FEF
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 03030FE5
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 03030000
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 03030FD4
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 03030FC3
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007E0F61
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007E0F7C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007E0F97
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007E0FB2
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007E0F1F
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007E0071
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007E0F04
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007E009D
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007E0EDF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007E0F50
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007E002C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007E0082
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0FC3
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D0054
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0014
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007D0F97
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 007D0039
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007D0FB2
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C0036
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C0025
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0FB5
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0FE3
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C0FC6
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F0F79
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F006E
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0051
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0F94
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0FAF
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F0F4B
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F0093
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F00C6
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F00B5
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008F0F12
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008F0036
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008F0FE5
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008F0F68
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008F0FC0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008F0011
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008F00A4
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008E0022
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008E0062
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008E0FD1
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008E0011
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 008E0047
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 008E0FA5
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [AE, 88]
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 008E0FB6
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0049
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FB4
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FE3
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D002E
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0011
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007A00A0
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A007B
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007A0FA1
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A0FB2
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A0040
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007A0F62
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007A0F73
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A0F47
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A00E0
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007A0F2C
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007A0FC3
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007A0F90
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007A00C5
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0065004A
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640FAD
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640038
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FC8
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640027
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FE3
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 00630027
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0062000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2008] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A00A4
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0093
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F6D
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00B5
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0106
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00EB
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0117
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F8A
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[4404] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A00D0
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00280FCA
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0028005B
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00280025
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00280FEF
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00280F9E
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00280000
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00280FAF
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [48, 88]
.text C:\WINDOWS\System32\svchost.exe[4404] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00280036
.text C:\WINDOWS\System32\svchost.exe[4404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003D0038
.text C:\WINDOWS\System32\svchost.exe[4404] msvcrt.dll!system 77C293C7 5 Bytes JMP 003D0FAD
.text C:\WINDOWS\System32\svchost.exe[4404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003D0FD2
.text C:\WINDOWS\System32\svchost.exe[4404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003D000C
.text C:\WINDOWS\System32\svchost.exe[4404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003D001D
.text C:\WINDOWS\System32\svchost.exe[4404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003D0FEF
.text C:\WINDOWS\System32\svchost.exe[4404] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00650FE5
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0080
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A006F
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0054
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0039
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0F97
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F53
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A009B
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F24
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00C7
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F09
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A001E
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A0F70
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\explorer.exe[5940] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A00AC
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0028002C
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00280F94
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0028001B
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00280000
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00280051
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00280FE5
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00280FAF
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [48, 88]
.text C:\WINDOWS\explorer.exe[5940] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00280FC0
.text C:\WINDOWS\explorer.exe[5940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290055
.text C:\WINDOWS\explorer.exe[5940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290044
.text C:\WINDOWS\explorer.exe[5940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FDE
.text C:\WINDOWS\explorer.exe[5940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0029000C
.text C:\WINDOWS\explorer.exe[5940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290029
.text C:\WINDOWS\explorer.exe[5940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[5940] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 002B0014
.text C:\WINDOWS\explorer.exe[5940] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[5940] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 002B0031
.text C:\WINDOWS\explorer.exe[5940] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 002B0042
.text C:\WINDOWS\explorer.exe[5940] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00FA0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat AA3ADC8A
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E0000018A0095DA6707A6B.qss 0 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E0000018B0095B4A103EE9.qss 0 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E0000018C0095D7900809A.qss 382864 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E0000018D009594D3089BE.qss 365779 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E0000018E00958D1C07F30.qss 363804 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E0000018F00955BF607275.qss 351222 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E000001900095868204A62.qss 362114 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E000001910095A21506E63.qss 0 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E00000188009601EF059C9.qss 0 bytes
File C:\Documents and Settings\frankee\Application Data\Move Networks\QMCache00\540E2E2FCA1E8B42B4D14F6EEF4D931E000001890095CE67034B8.qss 0 bytes
---- EOF - GMER 1.0.15 ----