Okay, done. Thank you.
I'll await further instructions.
--Ryodin
Okay, done. Thank you.
I'll await further instructions.
--Ryodin
Greetings Ryodin,
I need to relay to you that your PC has/had a very serious and difficult infection and not easily fixed. Besides me there are two other senior experts working on our problem.
This next procedure is a bit tricky.
Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or have this page open on another computer for reference as you will not have access to any browsers while you are carrying out portions of these instructions.
===============================================================
Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once
The tool will prompt you to restart the machine and boot into the Recovery Console.
===============================================================
1. Reboot your computer and press any key on the keyboard when prompted.
2. Press R to load the Recovery Console.
3. The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
4. It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter.
5. You should now be presented with a C:\Windows> prompt
At that prompt, type in the following bolded text and press Enter
batch look.bat
(Note - there is a space between the words batch and look.bat)
Reduced: 99% of original size [ 641 x 397 ] - Click to view full image
You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Once back in Windows, click Start > Run, and copy/paste the following then press Enter.
maxlook -sig
Follow the prompts, and attach the C:\looklog.txt in your next reply
My sincerest thanks goes out to all of you working on this problem. I am aware of the tremendous help you and your colleagues are providing me.
I will begin running the processes you outlined above. Hopefully I'll have a log for you in short order.
See you on the other side.
--Ryodin
Okay, I have a question already.
When running Maxlook, after asking me to restart my machine and boot into the Recovery Console, it prompts me to "press any key to continue". I pressed the key, and then maxlook promptly ended. I restarted my machine, but wasn't clear if I was supposed to keep pressing F8 or not upon startup. When I didn't press F8, I booted into normal Windows mode.
Am I supposed to press F8 after startup? If not, how do I get into Recovery Console? There were no other prompts upon startup.
--Ryodin
Never mind, I think I got it now. Will post a follow-up reply shortly.
Okay, here is the log:
=========================================================
=========================================================Code:Run from C:\Documents and Settings\David Batista\Desktop\maxlook.exe on Fri 08/26/2011 at 19:46:43.90 --------- maxlook unsigned files --------- c:\windows\maxdrive\BVRPMPR5.SYS: Verified: Unsigned File date: 11:58 PM 9/8/2008 Publisher: Avanquest Software Description: BVRP NDIS 5.0 MPR Protocol Driver Product: BVRPNDIS Rawether for Windows Version: 2.00.00.01 File version: 2.00.00.01 c:\windows\maxdrive\drvmcdb.sys: Verified: Unsigned File date: 5:21 AM 7/31/2003 Publisher: Sonic Solutions Description: Device Driver Product: n/a Version: n/a File version: 3.21.65a c:\windows\maxdrive\drvnddm.sys: Verified: Unsigned File date: 4:56 AM 6/20/2003 Publisher: Sonic Solutions Description: Device Driver Manager Product: n/a Version: n/a File version: 2.56.38a c:\windows\maxdrive\goprot51.sys: Verified: Unsigned File date: 11:22 PM 12/15/2006 Publisher: Gteko Ltd. Description: Gteko's GoProto protocol driver Product: Gteko Diagnostics Network Module Version: 2, 1, 0, 21 File version: 2, 1, 0, 21 c:\windows\maxdrive\hnm_wrls_pkt.sys: Verified: Unsigned File date: 2:01 AM 7/14/2006 Publisher: SingleClick Systems Description: SCS NDIS 5.0 Wireless Protocol Driver Product: Wireless Protocol Driver Version: 1, 0, 0, 0 File version: 1, 0, 0, 0 c:\windows\maxdrive\iqvw32.sys: Verified: Unsigned File date: 7:39 PM 3/17/2003 Publisher: Intel Corporation Description: Intel(R) Network Adapter Diagnostic Driver Product: Intel(R) iQVW32.SYS Version: 1.00.12.0 File version: 1.00.12.0 built by: WinDDK c:\windows\maxdrive\omci.sys: Verified: Unsigned File date: 3:45 PM 11/8/2002 Publisher: Dell Computer Corporation Description: OMCI Device Driver Product: OMCI Driver Version: 7, 0, 323, 0 File version: 7, 0, 323, 0 c:\windows\maxdrive\packet.sys: Verified: Unsigned File date: 2:00 AM 7/14/2006 Publisher: SingleClick Systems Description: SCS NDIS 5.0 Auto IP Protocol Driver Product: Auto IP Protocol Driver Version: 1, 0, 0, 0 File version: 1, 0, 0, 0 c:\windows\maxdrive\SbcpHid.sys: Verified: Unsigned File date: 10:52 AM 7/19/2001 Publisher: Description: Product: Version: 5,00,21,0 File version: 5,00,21,0 c:\windows\maxdrive\sscdbhk5.sys: Verified: Unsigned File date: 1:28 PM 7/14/2003 Publisher: Sonic Solutions Description: Shared Driver Component Product: n/a Version: n/a File version: 1.10.81a c:\windows\maxdrive\ssrtln.sys: Verified: Unsigned File date: 1:28 PM 7/14/2003 Publisher: Sonic Solutions Description: Shared Driver Component Product: n/a Version: n/a File version: 1.10.81a c:\windows\maxdrive\StMp3Rec.sys: Verified: Unsigned File date: 9:32 PM 12/18/2004 Publisher: Generic Description: Generic MP3 Player USB Driver Product: Generic MP3 Player Version: 139, 0, 551, 1 File version: 1, 551, 0, 139 c:\windows\maxdrive\wsp_pkt.sys: Verified: Unsigned File date: 2:02 AM 7/14/2006 Publisher: SingleClick Systems Description: SCS NDIS 5.0 Wireless Security Protocol Driver Product: Wireless Security Protocol Driver Version: 1, 0, 0, 0 File version: 1, 0, 0, 0 --------- system32\drivers unsigned files --------- c:\windows\system32\drivers\BVRPMPR5.SYS: Verified: Unsigned File date: 11:58 PM 9/8/2008 Publisher: Avanquest Software Description: BVRP NDIS 5.0 MPR Protocol Driver Product: BVRPNDIS Rawether for Windows Version: 2.00.00.01 File version: 2.00.00.01 c:\windows\system32\drivers\drvmcdb.sys: Verified: Unsigned File date: 5:21 AM 7/31/2003 Publisher: Sonic Solutions Description: Device Driver Product: n/a Version: n/a File version: 3.21.65a c:\windows\system32\drivers\drvnddm.sys: Verified: Unsigned File date: 4:56 AM 6/20/2003 Publisher: Sonic Solutions Description: Device Driver Manager Product: n/a Version: n/a File version: 2.56.38a c:\windows\system32\drivers\goprot51.sys: Verified: Unsigned File date: 11:22 PM 12/15/2006 Publisher: Gteko Ltd. Description: Gteko's GoProto protocol driver Product: Gteko Diagnostics Network Module Version: 2, 1, 0, 21 File version: 2, 1, 0, 21 c:\windows\system32\drivers\hnm_wrls_pkt.sys: Verified: Unsigned File date: 2:01 AM 7/14/2006 Publisher: SingleClick Systems Description: SCS NDIS 5.0 Wireless Protocol Driver Product: Wireless Protocol Driver Version: 1, 0, 0, 0 File version: 1, 0, 0, 0 c:\windows\system32\drivers\iqvw32.sys: Verified: Unsigned File date: 7:39 PM 3/17/2003 Publisher: Intel Corporation Description: Intel(R) Network Adapter Diagnostic Driver Product: Intel(R) iQVW32.SYS Version: 1.00.12.0 File version: 1.00.12.0 built by: WinDDK c:\windows\system32\drivers\omci.sys: Verified: Unsigned File date: 3:45 PM 11/8/2002 Publisher: Dell Computer Corporation Description: OMCI Device Driver Product: OMCI Driver Version: 7, 0, 323, 0 File version: 7, 0, 323, 0 c:\windows\system32\drivers\packet.sys: Verified: Unsigned File date: 2:00 AM 7/14/2006 Publisher: SingleClick Systems Description: SCS NDIS 5.0 Auto IP Protocol Driver Product: Auto IP Protocol Driver Version: 1, 0, 0, 0 File version: 1, 0, 0, 0 c:\windows\system32\drivers\SbcpHid.sys: Verified: Unsigned File date: 10:52 AM 7/19/2001 Publisher: Description: Product: Version: 5,00,21,0 File version: 5,00,21,0 c:\windows\system32\drivers\sscdbhk5.sys: Verified: Unsigned File date: 1:28 PM 7/14/2003 Publisher: Sonic Solutions Description: Shared Driver Component Product: n/a Version: n/a File version: 1.10.81a c:\windows\system32\drivers\ssrtln.sys: Verified: Unsigned File date: 1:28 PM 7/14/2003 Publisher: Sonic Solutions Description: Shared Driver Component Product: n/a Version: n/a File version: 1.10.81a c:\windows\system32\drivers\StMp3Rec.sys: Verified: Unsigned File date: 9:32 PM 12/18/2004 Publisher: Generic Description: Generic MP3 Player USB Driver Product: Generic MP3 Player Version: 139, 0, 551, 1 File version: 1, 551, 0, 139 c:\windows\system32\drivers\wsp_pkt.sys: Verified: Unsigned File date: 2:02 AM 7/14/2006 Publisher: SingleClick Systems Description: SCS NDIS 5.0 Wireless Security Protocol Driver Product: Wireless Security Protocol Driver Version: 1, 0, 0, 0 File version: 1, 0, 0, 0
--Ryodin
Hello ryodin,
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot
be uploaded to your post.- Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Sorry for the delay. It took nearly 7 whole hours for the program to scan through everything, but I finally have a log for you.
I'm being told that the log is too long to paste in one post, so I will split in half if I can. Here is the 1st part:
=========================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-27 18:52:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3120026AS rev.8.05
Running: gmer.exe; Driver: C:\DOCUME~1\DAVIDB~1\LOCALS~1\Temp\uwtyapoc.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF745FD86]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF745FDB2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF745FE08]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF745FD5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF745FD34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF745FD48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF745FD9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF745FDDE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF745FE32]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF745FE1E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF745FDF2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01920000
.text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01920022
.text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01920011
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01970FE5
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01970F43
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01970042
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01970031
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01970F68
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01970F83
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0197008B
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0197007A
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01970F0D
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019700A6
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01970EFC
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0197000A
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01970FD4
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01970053
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01970F94
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01970FAF
.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01970F28
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0196001B
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01960058
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01960FCA
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01960FE5
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01960047
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01960000
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01960036
.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01960FAF
.text C:\WINDOWS\system32\svchost.exe[128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0195005F
.text C:\WINDOWS\system32\svchost.exe[128] msvcrt.dll!system 77C293C7 5 Bytes JMP 01950044
.text C:\WINDOWS\system32\svchost.exe[128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01950FEF
.text C:\WINDOWS\system32\svchost.exe[128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0195000C
.text C:\WINDOWS\system32\svchost.exe[128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01950FD4
.text C:\WINDOWS\system32\svchost.exe[128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01950029
.text C:\WINDOWS\system32\svchost.exe[128] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01940000
.text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01930FEF
.text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01930FD4
.text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01930FB9
.text C:\WINDOWS\system32\svchost.exe[128] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0193000A
.text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0000
.text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40000
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C40073
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40062
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C40051
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C40040
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C40084
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C40F48
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40EE1
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40F06
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C40095
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C4002F
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40F63
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40FCA
.text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C40F21
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30F94
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C3002C
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C3001B
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30051
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30FAF
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30FC0
.text C:\WINDOWS\Explorer.EXE[308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\Explorer.EXE[308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C2007A
.text C:\WINDOWS\Explorer.EXE[308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20044
.text C:\WINDOWS\Explorer.EXE[308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20000
.text C:\WINDOWS\Explorer.EXE[308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20055
.text C:\WINDOWS\Explorer.EXE[308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20029
.text C:\WINDOWS\Explorer.EXE[308] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\Explorer.EXE[308] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\Explorer.EXE[308] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[308] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\Explorer.EXE[308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\System32\svchost.exe[492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0054
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0039
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F6B
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F7C
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB008C
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB007B
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00BF
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00AE
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00DA
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0F8D
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F44
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\System32\svchost.exe[492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB009D
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA001B
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA006C
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA0047
.text C:\WINDOWS\System32\svchost.exe[492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA002C
.text C:\WINDOWS\System32\svchost.exe[492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930F93
.text C:\WINDOWS\System32\svchost.exe[492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930FA4
.text C:\WINDOWS\System32\svchost.exe[492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC6
.text C:\WINDOWS\System32\svchost.exe[492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FB5
.text C:\WINDOWS\System32\svchost.exe[492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FE3
.text C:\WINDOWS\System32\svchost.exe[492] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00910FEF
.text C:\WINDOWS\System32\svchost.exe[492] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[492] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0091001B
.text C:\WINDOWS\System32\svchost.exe[492] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00910FCA
.text C:\WINDOWS\System32\svchost.exe[492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[760] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20067
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20056
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F7C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F97
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C2009D
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C2008C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F3A
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200D3
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F29
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20F61
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C2002F
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C200C2
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10F79
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10F94
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00F9C
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FC1
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00027
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FD2
.text C:\WINDOWS\system32\svchost.exe[828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C0000C
.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F00FDE
.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F0000A
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F83
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F9E
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40076
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40051
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F50
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F61
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F400CE
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F35
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40F10
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40F72
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40040
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40025
.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F400B3
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FD1
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30084
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30022
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30011
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30073
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30000
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F30058
.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F3003D
.text C:\WINDOWS\System32\svchost.exe[896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F2002E
.text C:\WINDOWS\System32\svchost.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F2001D
.text C:\WINDOWS\System32\svchost.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FB7
.text C:\WINDOWS\System32\svchost.exe[896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\System32\svchost.exe[896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F2000C
.text C:\WINDOWS\System32\svchost.exe[896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FD2
.text C:\WINDOWS\System32\svchost.exe[896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FDB
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E60085
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E60F90
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E6006A
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E60FA1
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60FC3
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E600CE
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E600BD
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E60F3C
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E60F57
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E600FA
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60FB2
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E600A0
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E6002F
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E600DF
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0006005A
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060049
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060027
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060038
.text C:\WINDOWS\system32\services.exe[1016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0006000C
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC0FCD
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E9007F
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E9006E
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F94
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90051
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FCA
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F37
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F48
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F01
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90F1C
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E900B5
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90011
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F6F
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90FDB
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E9002C
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E9009A
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF009F
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF008E
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0073
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0058
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0031
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0F9C
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE000C
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FB7
.text C:\WINDOWS\system32\lsass.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F8002F
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC00BF
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0098
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0087
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FDB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC0101
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC00E4
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0130
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F8D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC0F7C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC006C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0011
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0FB9
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC003D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC002C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0FA8
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB0051
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB0040
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FB0F9E
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1B, 89]
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA004C
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0031
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA0FD2
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0FC1
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0FE3
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D90025
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0093
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0F94
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0FA5
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0062
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0047
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F52
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F79
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0F30
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0F41
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD00E4
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0FC0
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD00A4
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD002C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD0FDB
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD00BF
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0040
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0F97
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0FB2
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DC0FC3
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FC, 88]
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0FA6
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FB7
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FD2
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0027
.text =========================================================
---Ryodin
Seems I will need to split this into 3 parts -- it's that long!
I think I should have mentioned before, but I've had my machine for almost 8 years now. In that time I think I've accumulated a lot of stuff, some good some bad. That might explain why these scans take so long to run.
Anyway, here is the next segment of the log:
=========================================================
C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0FE3
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02E90000
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02E90022
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02E90011
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 053C0FEF
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 053C0F84
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 053C006F
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 053C005E
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 053C0FA1
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 053C0039
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 053C0F58
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 053C00A0
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 053C0F22
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 053C00BB
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 053C0F07
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 053C0FB2
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 053C0FDE
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 053C0F69
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 053C001E
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 053C0FCD
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 053C0F3D
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 053B0FC0
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 053B0F83
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 053B0FDB
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 053B0011
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 053B0040
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 053B0000
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 053B0F9E
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5B, 8D]
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 053B0FAF
.text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 030E0038
.text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!system 77C293C7 5 Bytes JMP 030E0FAD
.text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 030E0FD2
.text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 030E000C
.text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 030E001D
.text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 030E0FE3
.text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 030D0000
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 030C0FEF
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 030C0FDE
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 030C0FCD
.text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 030C001E
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00690000
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0069002C
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0069001B
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006D0087
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006D0F92
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006D006C
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006D005B
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006D00D0
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006D00B3
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D00F5
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D0F5C
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006D0110
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006D0FB9
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006D001B
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006D00A2
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006D0040
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006D0F77
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0025
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C004A
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006C0F8D
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006C0FE5
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006C0FA8
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8C, 88]
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006C0FB9
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006B0FA4
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!system 77C293C7 5 Bytes JMP 006B0FB5
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006B0FE3
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006B0FD2
.text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006A0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DB0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB002C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 11620000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 11620F43
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 11620F5E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 11620042
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 11620F79
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1162001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 11620069
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 11620F21
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 11620EE4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 11620EF5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1162008E
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 11620F94
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 11620FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 11620F32
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 11620FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 11620FC0
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 11620F06
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 1161001B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 11610058
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 11610FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 11610FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 11610F9B
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 11610000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 5 Bytes JMP 1161003D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 1161002C
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 11290FAF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 11290FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 11290FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 11290000
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 11290044
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 1129001D
.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe[1520] WS2_32.dll!socket 10E64211 5 Bytes JMP 00DC0000
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00890000
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00890FD4
.text C:\WINDOWS\System32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00890FEF
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008D0F83
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008D0F94
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008D006C
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008D0051
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008D002C
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008D00B8
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008D0F66
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008D0F1F
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008D0F3A
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008D0F0E
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008D0FAF
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008D0000
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008D0093
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008D0FCA
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008D001B
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008D0F4B
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008C007D
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008C001B
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008C0062
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008C0000
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008C0051
.text C:\WINDOWS\System32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008C0040
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008B0FB4
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes JMP 008B0049
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008B001D
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008B0038
.text C:\WINDOWS\System32\svchost.exe[1548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008B000C
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\System32\svchost.exe[1556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00690000
.text C:\WINDOWS\System32\svchost.exe[1556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00690036
.text C:\WINDOWS\System32\svchost.exe[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0069001B
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006D0F8A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006D0FA5
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006D0FB6
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006D0073
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006D0047
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006D00CB
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006D00B0
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D0F4D
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D0F5E
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006D010B
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006D0058
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006D001B
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006D0F79
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006D0FDB
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006D002C
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006D00DC
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0FC0
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C0F6F
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C0FD1
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C0011
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006C0F8A
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006C0FA5
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8C, 88]
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006C0036
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006B0F9C
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!system 77C293C7 5 Bytes JMP 006B0FAD
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006B0FE3
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006B000C
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006B0FC8
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006B001D
.text C:\WINDOWS\System32\svchost.exe[1556] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006A0000
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F3D
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80032
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80F4E
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80F6B
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80F8D
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80EFB
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F16
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80EC5
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E8005E
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80EAA
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80F7C
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E8004D
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E80F9E
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80FAF
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80EE0
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E7006C
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E70FAF
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E70051
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E6002E
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E60FA3
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60FD9
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E60FC8
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E6001D
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0025
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0FA3
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0098
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD007D
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD006C
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F77
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD00BF
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F30
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F41
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F1F
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD005B
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0014
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F88
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0036
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0025
.text C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F66
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0F79
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0022
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0011
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BC0FAF
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DC, 88]
.text C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0FC0
.text C:\WINDOWS\System32\svchost.exe[1784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0042
.text C:\WINDOWS\System32\svchost.exe[1784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0027
.text C:\WINDOWS\System32\svchost.exe[1784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FD2
.text C:\WINDOWS\System32\svchost.exe[1784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\System32\svchost.exe[1784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FB7
.text C:\WINDOWS\System32\svchost.exe[1784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB000C
.text C:\WINDOWS\system32\wuauclt.exe[2508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\wuauclt.exe[2508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FD1
.text C:\WINDOWS\system32\wuauclt.exe[2508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C006E
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C005D
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0042
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0F83
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F5E
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00B0
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F17
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0EFC
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0F94
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0089
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C0F28
.text C:\WINDOWS\system32\wuauclt.exe[2508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0062
.text C:\WINDOWS\system32\wuauclt.exe[2508] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0047
.text C:\WINDOWS\system32\wuauclt.exe[2508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[2508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[2508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B002C
.text C:\WINDOWS\system32\wuauclt.exe[2508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0025
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0065
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0014
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0F9E
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88]
.text C:\WINDOWS\system32\wuauclt.exe[2508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0040
.text C:\Program Files\internet explorer\iexplore.exe[3416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\internet explorer\iexplore.exe[3416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FDB
.text C:\Program Files\internet explorer\iexplore.exe[3416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270065
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F70
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270054
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F97
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB9
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F29
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F3A
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700AE
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270093
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EF0
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FA8
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F4B
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FCA
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270025
.text C:\Program Files\internet explorer\iexplore.exe[3416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270082
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036000A
.text =========================================================
And here is the 3rd and final leg of this log:
========================================================
C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360025
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FB9
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FD4
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F68
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FE5
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F83
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\internet explorer\iexplore.exe[3416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F9E
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370051
.text C:\Program Files\internet explorer\iexplore.exe[3416] msvcrt.dll!system 77C293C7 5 Bytes JMP 0037002C
.text C:\Program Files\internet explorer\iexplore.exe[3416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370011
.text C:\Program Files\internet explorer\iexplore.exe[3416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\internet explorer\iexplore.exe[3416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FBC
.text C:\Program Files\internet explorer\iexplore.exe[3416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370000
.text C:\Program Files\internet explorer\iexplore.exe[3416] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 009E0000
.text C:\Program Files\internet explorer\iexplore.exe[3416] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 009E0011
.text C:\Program Files\internet explorer\iexplore.exe[3416] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 009E0FE5
.text C:\Program Files\internet explorer\iexplore.exe[3416] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 009E0FCA
.text C:\Program Files\internet explorer\iexplore.exe[3416] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A10FEF
.text C:\Program Files\internet explorer\iexplore.exe[4020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\internet explorer\iexplore.exe[4020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FD1
.text C:\Program Files\internet explorer\iexplore.exe[4020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270082
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270067
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F8D
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027004A
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270025
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700BA
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700A9
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F57
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700F0
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0027010B
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9E
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FD4
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F72
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270014
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FC3
.text C:\Program Files\internet explorer\iexplore.exe[4020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700D5
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360025
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360051
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FCA
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FE5
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F9E
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360040
.text C:\Program Files\internet explorer\iexplore.exe[4020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FB9
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037005D
.text C:\Program Files\internet explorer\iexplore.exe[4020] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FC8
.text C:\Program Files\internet explorer\iexplore.exe[4020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037001D
.text C:\Program Files\internet explorer\iexplore.exe[4020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\internet explorer\iexplore.exe[4020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370038
.text C:\Program Files\internet explorer\iexplore.exe[4020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037000C
.text C:\Program Files\internet explorer\iexplore.exe[4020] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4020] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01180000
.text C:\Program Files\internet explorer\iexplore.exe[4020] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01180FDB
.text C:\Program Files\internet explorer\iexplore.exe[4020] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01180FCA
.text C:\Program Files\internet explorer\iexplore.exe[4020] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01180FB9
.text C:\Program Files\internet explorer\iexplore.exe[4020] ws2_32.dll!socket 71AB4211 5 Bytes JMP 03D00000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
=========================================================
---Ryodin
Posting Permissions
