I cannot complete the gmer scan, i keep getting blue screen before it finishes but here is a copy of the log mid way through(before bluescreen crash) if it helps. Log is too large for one post so contiues in following post.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2009-12-23 10:01:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB649578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB6495821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB6495738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB649574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB6495835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB6495861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB64958CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB64958B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB64957CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB64958FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB649580D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB6495710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB6495724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB649579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB6495937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB64958A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB649588D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB649584B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB6495923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB649590F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB6495776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB6495762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB6495877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB64957F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB64958E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB64957E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB64957B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B64957B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B649578E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP B64957CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP B64957E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP B64957A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP B6495714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP B6495728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP B6495766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP B6495750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11FA 5 Bytes JMP B649573C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP B649577A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AC 5 Bytes JMP B64957FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP B6495891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D38 7 Bytes JMP B649587B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP B64958E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP B64958A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D4 7 Bytes JMP B649584F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B2 5 Bytes JMP B6495825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C42 7 Bytes JMP B6495839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E12 7 Bytes JMP B6495865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP B64958D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP B64958BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B84 5 Bytes JMP B6495811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP B649593B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP B6495913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP B6495927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP B64958FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9F23380, 0x2FF527, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00000
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00073
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00058
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E00F8A
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E0003D
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00FAF
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E000A6
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00095
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E00F28
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E000B7
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E00F0D
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E0002C
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E00084
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E0001B
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E00F43
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0076
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF001B
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF005B
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF000A
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DF004A
.text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0FC3
.text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD0042
.text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0031
.text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD000C
.text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0FB7
.text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FD2
.text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BE001B
.text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\Explorer.EXE[240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700073
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700062
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F88
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700FA5
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700036
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007000BC
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0070009F
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700F23
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F34
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007000CD
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700047
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0070008E
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700025
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700FCA
.text C:\WINDOWS\System32\svchost.exe[700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F59
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0FA5
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0011
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0062
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006F0051
.text C:\WINDOWS\System32\svchost.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0040
.text C:\WINDOWS\System32\svchost.exe[700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0036
.text C:\WINDOWS\System32\svchost.exe[700] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E001B
.text C:\WINDOWS\System32\svchost.exe[700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FB5
.text C:\WINDOWS\System32\svchost.exe[700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0FD2
.text C:\WINDOWS\System32\svchost.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700044
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700F4F
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700033
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700F80
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FB6
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F28
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700070
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700EFC
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F0D
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007000B0
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700F9B
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700FDB
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0070005F
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700022
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700011
.text C:\WINDOWS\System32\svchost.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700095
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FC0
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F79
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0011
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0F8A
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006F0FA5
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 88]
.text C:\WINDOWS\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F002C
.text C:\WINDOWS\System32\svchost.exe[784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E006E
.text C:\WINDOWS\System32\svchost.exe[784] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E005D
.text C:\WINDOWS\System32\svchost.exe[784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E002E
.text C:\WINDOWS\System32\svchost.exe[784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E001D
.text C:\WINDOWS\System32\svchost.exe[784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00F79
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E0006E
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E0005D
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E00040
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E0001B
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E0009D
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00F57
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E000B8
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E00F1F
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E000D3
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E00F94
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E00F68
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E00FB9
.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E00F3A
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0039
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0F97
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20FB7
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FC8
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E2001D
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20FE3
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20038
.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E2000C
.text C:\WINDOWS\system32\services.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014D0FEF
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014D0F4B
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014D0F5C
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014D0F6D
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 014D0036
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014D0025
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014D008C
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014D0065
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014D0EFD
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014D0F0E
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014D00B1
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 014D0F9E
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 014D000A
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 014D0F3A
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 014D0FB9
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 014D0FD4
.text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014D0F1F
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01500FC0
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01500F8A
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01500011
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01500FDB
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01500051
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01500000
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01500FA5
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [70, 89] {JO 0xffffffffffffff8b}
.text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0150002C
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014F0FA3
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 014F002E
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014F000C
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014F0FE3
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014F001D
.text C:\WINDOWS\system32\lsass.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014F0FD2
.text C:\WINDOWS\system32\lsass.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014E0FEF
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0071
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0FA5
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC008C
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F46
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F0E
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F1F
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0EFD
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F61
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC009D
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0FC0
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0058
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0FA5
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BB0047
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0014
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0F7F
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0FB5
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FA4
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0FD2
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B70F9B
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B7009A
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B70073
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70062
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70036
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B70F5C
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F79
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B700DA
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B70F41
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B70F26
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B70047
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B70F8A
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B700BF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40FC0
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40F8A
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C40047
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C40FA5
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E4, 88] {IN AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C4002C
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30038
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30027
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FC8
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FB7
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C30FE3
.text C:\WINDOWS\system32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00098
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00087
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00076
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00065
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F6B
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F88
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F2B
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F46
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C000DF
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C000B3
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000CE
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30FA5
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30062
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30FC0
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30047
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C2003D
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20022
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FBC
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A60FEF
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A60F58
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A60F69
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A60043
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A60F86
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A60FA1
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A6005E
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A60F22
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A6006F
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A60EE0
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02A60EBB
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02A60028
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02A60FDE
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02A60F3D
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02A60FBC
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02A60FCD
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02A60EF1
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03940FB9
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0394006C
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03940FCA
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03940000
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03940051
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03940FEF
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03940040
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0394002F
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03930067
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 0393004C
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0393000C
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03930FEF
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03930027
.text C:\WINDOWS\System32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03930FD2
.text C:\WINDOWS\System32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03920000
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03910000
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03910011
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03910022
.text C:\WINDOWS\System32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03910033
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F75
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F90
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630FA1
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0063004A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F4E
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006300A0
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630EFD
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F18
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006300B1
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0063008F
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F33
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0065005E
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650F97
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640047
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FBC
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640022
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80F61
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80F72
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80F83
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80F94
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FAF
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F29
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80071
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D80096
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D80EFD
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D800B1
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F46
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D80F0E
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0FCA
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FDB
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0F83
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0FAB
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FC6
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0F5F
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0054
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0F70
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0F8D
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0F9E
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0F42
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D008A
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D00D1
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D00C0
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D0F1D
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0079
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D0FB9
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D00AF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A0004A
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A00FA8
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A00065
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F003D
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F0022
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0FE3
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F0011
.text C:\WINDOWS\system32\svchost.exe[1420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0FC6
.text C:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60051
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60040
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C6002F
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F72
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60014
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60073
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F37
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60EFF
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C6008E
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60EEE
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60F83
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FDE
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60062
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60F9E
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FC3
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F1A
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CA004A
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CA0039
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CA0F8D
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP 50C03388
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CA0FA8
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C90033
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C90018
.text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C70036
.text C:\WINDOWS\system32\svchost.exe[1788] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C70047
.text C:\WINDOWS\system32\svchost.exe[1788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE007D
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE006C
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE005B
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE0F9E
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE0FCA
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE00A9
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE0098
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE0F46
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE00DF
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0104
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE0FB9
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE001B
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE0F6D
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE0FE5
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0036
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE00BA
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B0003D
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00FAC
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B0002C
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B0001B
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B00FBD
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B0005F
.text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B0004E
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF005D
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0042
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF0FE3
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF0FD2
.text C:\WINDOWS\system32\svchost.exe[1900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF001D
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)