Pretty much everything is slow. It takes 10-15 minutes for my computer to start up. I had Paretologic's PC Health Adviser for 2 years and XsoftSpySE for the same time. They just expired last week, but my computer has been slowing down for months. It is killing my productivity. I have to wait at least a minute every time I want to change a tab or open a new page.
MBAM log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.orgDatabase version: 6909
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/21/2011 10:03:12 AM
mbam-log-2011-06-21 (10-03-12).txt
Scan type: Quick scan
Objects scanned: 218736
Time elapsed: 20 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET Log
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=bf42454238833a479edb14e5421d31c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-21 04:02:02
# local_time=2011-06-21 12:02:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 2738116 37820117 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=86185
# found=0
# cleaned=0
# scan_time=6124
GMER Log
GMER 1.0.15.15640 -
http://www.gmer.netRootkit scan 2011-06-21 15:28:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AH rev.00000096
Running: nosrtotw.exe; Driver: C:\DOCUME~1\BRYANH~1.BEA\LOCALS~1\Temp\pxtdqpob.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF726C210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF726C224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF726C250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF726C2A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF726C1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF726C1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF726C1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF726C23A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF726C27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF726C266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF726C2D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF726C2BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF726C290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E60FC3
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E5000A
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F77
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E5006C
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E5005B
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E5004A
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50FB9
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50F38
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F55
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50F13
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E500A2
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E500C7
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E5001B
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F66
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50091
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990025
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00990F79
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990FD4
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990FEF
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990F94
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0099000A
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00990FAF
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B9, 88]
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990036
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00980FA8
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980FB9
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980FDE
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980FEF
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980029
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980018
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00960000
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00960011
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00960022
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0096003D
.text C:\WINDOWS\Explorer.EXE[256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FEF
.text C:\WINDOWS\System32\svchost.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 022C0000
.text C:\WINDOWS\System32\svchost.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 022C0FE5
.text C:\WINDOWS\System32\svchost.exe[284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 022C001B
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 021C0FEF
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 021C0067
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 021C0F72
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 021C004C
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 021C002F
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 021C0F97
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 021C0F57
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 021C009F
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 021C0F2B
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 021C0F3C
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 021C00DF
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 021C001E
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 021C0FDE
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 021C0082
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 021C0FB2
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 021C0FC3
.text C:\WINDOWS\System32\svchost.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 021C00BA
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F9E
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0025
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0014
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0065
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FC3
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\System32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0033
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FA8
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FC3
.text C:\WINDOWS\System32\svchost.exe[284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FE5
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00980FEF
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00980025
.text C:\WINDOWS\System32\svchost.exe[284] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00980FD4
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A7002F
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A70014
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60F43
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A60F5E
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A6002C
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A60078
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60F32
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F0B
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A600AE
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A60EF0
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60F79
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A60053
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60FAF
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A60093
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093004A
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F83
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F94
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F90
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FAB
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD7
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC6
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900011
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FDB
.text C:\WINDOWS\system32\svchost.exe[500] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00850FE5
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00850FD4
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00730000
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007300A4
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00730089
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00730FAF
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00730FC0
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00730047
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00730F8A
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007300DC
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00730119
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00730108
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0073012A
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00730062
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00730FEF
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007300B5
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00730036
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00730025
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007300ED
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00720025
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00720F79
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00720014
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00720FDE
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00720F9E
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00720FB9
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [92, 88]
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00720040
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710053
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710042
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FE3
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0071000C
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710FD2
.text C:\WINDOWS\system32\svchost.exe[580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0071001D
.text C:\WINDOWS\system32\svchost.exe[580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20014
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10078
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10067
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C1004A
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10089
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F4D
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F0B
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100A4
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10EFA
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F5E
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C1002F
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10F30
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F68
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FA6
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF003B
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FD2
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FC1
.text C:\WINDOWS\system32\svchost.exe[812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0081001B
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00810FE5
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E008C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0F97
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E0071
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E004A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0FB9
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E00BD
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F6B
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E00FA
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E00E9
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E0F50
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E0FA8
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E0F7C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0025
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E00CE
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0FAF
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D005B
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0F9E
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007D0040
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0025
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C0FD2
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C005D
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0038
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0FE3
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C001D
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\services.exe[1640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00970FE5
.text C:\WINDOWS\system32\services.exe[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\services.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00720FE5
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00720036
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00720F41
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00720F52
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00720F79
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00720053
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00720F0B
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0072007F
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0072006E
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0072009A
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00720FD4
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00720F1C
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00720F9E
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00720FB9
.text C:\WINDOWS\system32\services.exe[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00720EF0
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00710FCD
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00710F90
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00710FDE
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0071004D
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00710FAB
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [91, 88]
.text C:\WINDOWS\system32\services.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00710FBC
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700FE5
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0070003A
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0070004B
.text C:\WINDOWS\system32\services.exe[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700029
.text C:\WINDOWS\system32\services.exe[1640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\lsass.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\lsass.exe[1652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\lsass.exe[1652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009A0051
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A0F66
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009A0F77
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A0040
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A0F9E
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009A0089
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009A0F41
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A00B8
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A0F15
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A00D3
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A002F
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A0FE5
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009A006C
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\system32\lsass.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009A0F30
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0099008E
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990036
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990073
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00990FD1
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B9, 88]
.text C:\WINDOWS\system32\lsass.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990062
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00980053
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980042
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980FD2
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980027
.text C:\WINDOWS\system32\lsass.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980FE3
.text C:\WINDOWS\system32\lsass.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A70036
.text C:\WINDOWS\system32\svchost.exe[1828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A7001B
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009B0076
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009B005B
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009B0F8D
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009B004A
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009B001E
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009B0F5C
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009B0098
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009B0F30
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009B0F4B
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009B00EE
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009B0039
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009B0087
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009B0FB2
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009B0FC3
.text C:\WINDOWS\system32\svchost.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009B00C9
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009A0040
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009A0FCA
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009A0FDB
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009A0025
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009A0F83
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BA, 88]
.text C:\WINDOWS\system32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009A0F9E
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0099003D
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00990FB2
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00990011
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00990022
.text C:\WINDOWS\system32\svchost.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00990FD7
.text C:\WINDOWS\system32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B500BC
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B500A1
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50086
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50069
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F91
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50FA2
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50108
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F6F
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50F54
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50058
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B5001B
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B500CD
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50036
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F80
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70FB9
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A70062
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A70FDE
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A70051
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A70040
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70025
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60053
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60FC8
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A6001D
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60038
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60FE3
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[3228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[3228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[3228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00980F7E
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00980F99
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00980FB6
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980069
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00980047
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00980F52
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00980F63
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00980F01
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00980F26
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009800B5
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00980058
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0098008E
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00980036
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00980025
.text C:\WINDOWS\system32\svchost.exe[3228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00980F37
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00970FC3
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00970F97
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FDE
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0097004A
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00970039
.text C:\WINDOWS\system32\svchost.exe[3228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970FB2
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00960FA1
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00960FB2
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00960FDE
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00960FC3
.text C:\WINDOWS\system32\svchost.exe[3228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0096000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c691b97d
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010c691b97d (not active ControlSet)
---- EOF - GMER 1.0.15 ----