1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem Removing GenericPUP.x!eq from PC

Discussion in 'Virus & Other Malware Removal' started by ratzmoose, Jan 20, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. ratzmoose

    ratzmoose Thread Starter

    Joined:
    Feb 27, 2008
    Messages:
    60
    Hi i need help removing GenericPUP.x!eq from my PC. McAfee detects the unwanted program but is unable to remove it. Here is all the info you require and thank you for your time:

    Hijack this Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:10:05 AM, on 20/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - (no file)
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101107104050.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{554224AC-2D31-4234-86A9-75BC717552D5}: NameServer = 204.194.232.200,204.194.234.200
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Rob\AppData\Local\TVersity\Media Server\MediaServer.exe

    --
    End of file - 12706 bytes

    DDS File:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Rob at 1:18:25.76 on 20/01/2011
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3069.1840 [GMT -6:00]

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\libusbd-nt.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Users\Rob\AppData\Local\TVersity\Media Server\MediaServer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Rob\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant =
    uURLSearchHooks: H - No File
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101107104050.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
    TB: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    uRun: [uTorrent] "c:\program files\utorrent\utorrent.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: {554224AC-2D31-4234-86A9-75BC717552D5} = 204.194.232.200,204.194.234.200
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\ymaziua2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox
    FF - prefs.js: keyword.URL - hxxp://www.smartwebsearch.net/index.php?form=5&q=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlc\npvlc.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\users\rob\appdata\roaming\move networks\plugins\npqmp071500000347.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: [email protected] - c:\users\rob\appdata\roaming\Move Networks

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-7 386840]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-7 64304]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-7 164840]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-4 176128]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 93320]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-7 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-7 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-7 141792]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-2-19 14976]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 6096384]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 214016]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-7 55840]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-9-23 33792]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-7 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-7 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-7 313288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-7 84264]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-13 20080]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-20 07:08:52 388096 ----a-r- c:\users\rob\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-14 15:15:26 -------- d-----w- c:\users\rob\appdata\local\Sony
    2011-01-14 15:13:22 -------- d-----w- c:\users\rob\Podcasts
    2011-01-14 15:13:05 -------- d-----w- c:\program files\common files\Sony Shared
    2011-01-14 15:12:33 -------- d-----w- c:\users\rob\appdata\local\Downloaded Installations
    2011-01-14 15:12:23 -------- d-----w- c:\program files\Sony
    2011-01-14 15:12:23 -------- d-----w- c:\progra~2\Sony Corporation
    2011-01-14 15:11:45 -------- d-----w- c:\program files\Sony Media Go Install
    2011-01-12 10:56:58 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-12 10:56:58 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-01-12 10:56:58 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 10:56:58 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-12 10:56:58 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-12 10:56:58 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-12 10:56:54 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-25 01:04:57 -------- d-----w- c:\program files\iPod
    2010-12-25 01:04:55 -------- d-----w- c:\program files\iTunes
    2010-12-25 00:58:19 -------- d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2010-12-14 07:30:21 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

    ============= FINISH: 1:20:00.55 ===============
     
  2. ratzmoose

    ratzmoose Thread Starter

    Joined:
    Feb 27, 2008
    Messages:
    60
    Here is the Ark file as well (post was too big before):

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-20 11:22:37
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.VT10
    Running: w010sn68.exe; Driver: C:\Users\Rob\AppData\Local\Temp\pwldrpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A98C0B8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A98C0E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A98C0CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A98C0A4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 826709D2 5 Bytes JMP 8A98C0A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 82835DA3 5 Bytes JMP 8A98C0E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 828554FA 7 Bytes JMP 8A98C0BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 828557BD 5 Bytes JMP 8A98C0D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA10000, 0x331A84, 0xE8000020]
    .text USBPORT.SYS!DllUnload 8F1DE41B 2 Bytes JMP 87398520
    .text USBPORT.SYS!DllUnload + 3 8F1DE41E 2 Bytes [1B, F8] {SBB EDI, EAX}
    .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F2F3300, 0x3AE88, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F3C8300, 0x1B7E, 0xE8000020]
    ? C:\Users\Rob\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[436] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 03330000
    .text C:\Windows\Explorer.EXE[436] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 03330FCA
    .text C:\Windows\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 03330FE5
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 03320F3C
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 03320F57
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 03320F1A
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 03320F2B
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 03320060
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 03320FC3
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 0332001E
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 0332008C
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 03320F7C
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 03320F8D
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 0332002F
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 03320FA8
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 0332007B
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 033200C2
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 03320FD4
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 03320FEF
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 0332009D
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 03340F94
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 0334002C
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 03340000
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 03340FA5
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 03340047
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 03340011
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 03340FDB
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 03340FC0
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 03350FA1
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!system 764F804B 5 Bytes JMP 03350FB2
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 03350FCD
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_open 764FD106 5 Bytes JMP 03350000
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 03350022
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 03350011
    .text C:\Windows\Explorer.EXE[436] SHELL32.dll!SHFileOperationW 766268E8 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
    .text C:\Windows\Explorer.EXE[436] WS2_32.dll!socket 770F36D1 5 Bytes JMP 0336000A
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenA 7714D690 5 Bytes JMP 03370FEF
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenW 7714DB09 5 Bytes JMP 0337000A
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenUrlA 7714F3A4 5 Bytes JMP 0337001B
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenUrlW 77196D77 5 Bytes JMP 03370FCA
    .text C:\Windows\system32\services.exe[828] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 001B000A
    .text C:\Windows\system32\services.exe[828] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 001B002C
    .text C:\Windows\system32\services.exe[828] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 001B001B
    .text C:\Windows\system32\services.exe[828] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001C00A1
    .text C:\Windows\system32\services.exe[828] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001C0F5B
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001C0F14
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001C0F25
    .text C:\Windows\system32\services.exe[828] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001C007F
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001C002C
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001C003D
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001C0F76
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001C006E
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001C0FB6
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001C0FA5
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001C0FD1
    .text C:\Windows\system32\services.exe[828] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001C0090
    .text C:\Windows\system32\services.exe[828] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001C00D0
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001C0011
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001C0000
    .text C:\Windows\system32\services.exe[828] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001C0F40
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 001D0F94
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 001D0FAF
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 001D0FEF
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 001D0036
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 001D0051
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 001D0FD4
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 001D000A
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 001D001B
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 001E0F92
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!system 764F804B 5 Bytes JMP 001E0FAD
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 001E001D
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_open 764FD106 5 Bytes JMP 001E0000
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 001E0FBE
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 001E0FE3
    .text C:\Windows\system32\services.exe[828] WS2_32.dll!socket 770F36D1 5 Bytes JMP 001F0FEF
    .text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00100FEF
    .text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 0010000A
    .text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00100FD4
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00110F43
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00110F54
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00110F03
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00110F28
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 0011006E
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 0011001B
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00110FCA
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00110089
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00110F94
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00110051
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00110FA5
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00110036
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00110F6F
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001100BF
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00110FE5
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00110000
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001100A4
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00120FCA
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00120FE5
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00120000
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 0012006C
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00120FAF
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00120036
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0012001B
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00120047
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00130F92
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!system 764F804B 5 Bytes JMP 00130FAD
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 0013001D
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_open 764FD106 5 Bytes JMP 00130000
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00130FC8
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00130FE3
    .text C:\Windows\system32\lsass.exe[844] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00150000
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 005E000A
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 005E0FEF
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 005E0025
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 007600EC
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00760FB0
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00760F8B
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00760118
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 007600AC
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00760FEF
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 0076004A
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 007600D1
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 0076009B
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00760065
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 0076008A
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00760FDE
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00760FC1
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00760147
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00760025
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 0076000A
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00760107
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00900F8B
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!system 764F804B 5 Bytes JMP 00900016
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00900FC1
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_open 764FD106 5 Bytes JMP 00900FEF
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00900FB0
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00900FDE
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 008B0036
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 008B0FB9
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 008B0FEF
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 008B0F94
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 008B0F83
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 008B0FCA
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 008B000A
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 008B0025
    .text C:\Windows\system32\svchost.exe[1024] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00910000
    .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 001D0000
    .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 001D0022
    .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 001D0011
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001E0069
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001E0F23
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001E0EE3
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001E0F08
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001E0F48
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001E0FC0
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001E0011
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001E0058
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001E0F65
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001E0F80
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001E0022
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001E0F9B
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001E003D
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001E0095
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001E0FDB
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001E0000
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001E0084
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00240F92
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 764F804B 5 Bytes JMP 00240027
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00240FC1
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 764FD106 5 Bytes JMP 00240FEF
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00240016
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00240FD2
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00230FC3
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00230040
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00230FEF
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00230065
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00230FA8
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 0023000A
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00230FD4
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 0023002F
    .text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 770F36D1 5 Bytes JMP 002D0FEF
    .text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00880FE5
    .text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00880FC3
    .text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00880FD4
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 005E00AB
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 005E0090
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 005E00DE
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 005E00CD
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 005E0064
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 005E0FC0
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 005E0011
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 005E007F
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 005E0F8A
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 005E0FA5
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 005E0047
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 005E002C
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 005E0F65
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 005E0F36
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 005E0FE5
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 005E0000
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 005E00BC
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 008E0F92
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!system 764F804B 5 Bytes JMP 008E0FA3
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 008E001D
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_open 764FD106 5 Bytes JMP 008E000C
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 008E0FBE
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 008E0FE3
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00600025
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00600F9E
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00600FEF
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00600F8D
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00600036
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00600FB9
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00600FD4
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00600014
    .text C:\Windows\System32\svchost.exe[1244] WS2_32.dll!socket 770F36D1 5 Bytes JMP 008F0FEF
    .text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 016E000A
    .text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 016E002C
    .text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 016E001B
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 016F00B3
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 016F00A2
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 016F0F3E
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 016F00DF
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 016F007D
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 016F0FEF
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 016F0FD4
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 016F0F6D
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 016F006C
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 016F005B
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 016F0FAF
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 016F004A
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 016F0F7E
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 016F0F2D
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 016F001B
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 016F000A
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 016F00C4
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 01760025
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!system 764F804B 5 Bytes JMP 01760F90
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 01760000
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_open 764FD106 5 Bytes JMP 01760FEF
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 01760FAB
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 01760FC6
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 01750073
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 01750058
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 01750000
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 01750FD1
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 01750FB6
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 0175002C
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0175001B
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 0175003D
    .text C:\Windows\System32\svchost.exe[1276] WS2_32.dll!socket 770F36D1 5 Bytes JMP 01770FEF
    .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00FB0FEF
    .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00FB0014
    .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00FB0FDE
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00FA0F6F
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00FA0F80
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00FA00FC
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00FA00E1
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00FA0090
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00FA0FCA
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00FA001B
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00FA0F91
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00FA007F
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00FA0051
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00FA0062
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00FA0036
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00FA00AB
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00FA0117
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00FA0FE5
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00FA0000
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00FA00D0
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 01250F9C
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!system 764F804B 5 Bytes JMP 01250031
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 01250FD2
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_open 764FD106 5 Bytes JMP 01250FEF
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 01250FC1
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 01250000
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 01200FA9
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 01200044
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 01200000
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 01200055
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 01200070
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 01200022
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 01200011
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 01200033
    .text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!socket 770F36D1 5 Bytes JMP 01260FEF
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00330FEF
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00330FC3
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00330FDE
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001D0EE2
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001D0EFD
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001D005E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001D0ED1
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001D0F44
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001D0FB9
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001D0F9E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001D0F0E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001D0F61
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001D001E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001D0F7C
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001D0F8D
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001D0F1F
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001D006F
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001D0FCA
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001D0FE5
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001D0043
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 0089005B
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system 764F804B 5 Bytes JMP 00890FC6
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 0089001B
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open 764FD106 5 Bytes JMP 00890000
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 0089002C
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00890FD7
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00880F8A
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 0088001B
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00880FEF
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 0088002C
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00880047
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00880FD4
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0088000A
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00880FAF
    .text C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket 770F36D1 5 Bytes JMP 008A0FEF
    .text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00E90FEF
    .text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00E90FDE
    .text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00E9000A
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00E70F49
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00E70F5A
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00E70F13
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00E700A0
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00E70F86
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00E70FCD
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00E7001E
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00E70085
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00E70F97
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00E7004A
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00E70FA8
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00E7002F
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00E70F75
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00E70EF8
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00E70FDE
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00E70FEF
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00E70F24
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 01480F72
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!system 764F804B 5 Bytes JMP 01480F97
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 01480FC3
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_open 764FD106 5 Bytes JMP 01480FEF
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 01480FB2
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 01480FDE
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00EE0F94
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00EE0FB9
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00EE0FEF
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00EE0040
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00EE0051
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00EE0FD4
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00EE000A
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00EE0025
    .text C:\Windows\system32\svchost.exe[1504] WS2_32.dll!socket 770F36D1 5 Bytes JMP 01490FE5
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenA 7714D690 5 Bytes JMP 01520FEF
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenW 7714DB09 5 Bytes JMP 01520FCA
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenUrlA 7714F3A4 5 Bytes JMP 01520000
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenUrlW 77196D77 5 Bytes JMP 01520FAF
    .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00CD0FE5
    .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00CD0000
    .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00CD0FD4
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00CC0F3A
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00CC0F55
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00CC0EF3
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00CC0F04
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00CC0065
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00CC0FD4
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00CC0FC3
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00CC0F66
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00CC0054
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00CC0F97
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00CC0043
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00CC0FA8
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00CC0076
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00CC00A5
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00CC000A
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00CC0FEF
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00CC0F1F
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00CF0049
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!system 764F804B 5 Bytes JMP 00CF0FC8
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00CF0038
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_open 764FD106 5 Bytes JMP 00CF0000
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00CF0FD9
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00CF001D
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00CE0039
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00CE0FB2
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00CE000A
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00CE0F97
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00CE004A
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00CE0FD4
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00CE0FE5
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00CE0FC3
    .text C:\Windows\system32\svchost.exe[1708] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00D40FEF
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1728] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 69109AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1728] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 69109A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 007B0FE5
    .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 007B0011
    .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 007B0000
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001A00AB
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001A009A
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001A0F28
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001A0F39
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001A005D
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001A0FB9
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001A0014
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001A0089
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001A0040
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001A0FA8
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001A0F83
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001A0025
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001A006E
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001A0F17
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001A0FDE
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001A0FEF
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001A0F54
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00930049
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!system 764F804B 5 Bytes JMP 00930038
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 0093000C
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_open 764FD106 5 Bytes JMP 00930FE3
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 0093001D
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00930FD2
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 001C0F94
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 001C002C
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 001C0FE5
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 001C0FA5
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 001C0F83
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 001C0000
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 001C0FD4
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 001C0011
    .text C:\Windows\system32\svchost.exe[1984] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00940FE5
    .text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00300FE5
    .text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00300FB9
    .text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00300FD4
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 002F0F46
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 002F008C
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 002F00B8
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 002F0F21
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 002F005D
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 002F0FDE
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 002F0FC3
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 002F0F57
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 002F0040
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 002F0FA8
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 002F0F83
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 002F002F
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 002F0F72
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 002F0F06
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 002F000A
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 002F0FEF
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 002F00A7
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00D80066
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!system 764F804B 5 Bytes JMP 00D8004B
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_creat 764FBBE1 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00D80FE5
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_open 764FD106 5 Bytes JMP 00D80000
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00D8003A
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00D80029
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00310076
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00310047
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00310000
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00310FCA
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00310FB9
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00310FE5
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0031001B
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00310036
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3504] USER32.dll!TrackPopupMenu 75B614F3 5 Bytes JMP 5D0B2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Windows\System32\svchost.exe[3576] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 001A0FEF
    .text C:\Windows\System32\svchost.exe[3576] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 001A001B
    .text C:\Windows\System32\svchost.exe[3576] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 001A000A
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001500BA
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00150F74
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001500DF
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00150F48
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 0015007D
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00150FE5
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00150036
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 0015009F
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 0015006C
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00150051
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00150FAF
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00150FC0
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 0015008E
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001500F0
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 0015001B
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00150000
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00150F59
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 001C0FB7
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!system 764F804B 5 Bytes JMP 001C0FD2
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 001C0FE3
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_open 764FD106 5 Bytes JMP 001C000C
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 001C0042
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 001C001D
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 001B0F8D
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 001B0FC3
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 001B0FE5
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 001B0FB2
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 001B0F7C
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 001B000A
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 001B0FD4
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 001B0025
    .text C:\Windows\System32\svchost.exe[3576] WS2_32.dll!socket 770F36D1 5 Bytes JMP 001D0000
    .text C:\Windows\System32\svchost.exe[3604] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00280FEF
    .text C:\Windows\System32\svchost.exe[3604] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 0028000A
    .text C:\Windows\System32\svchost.exe[3604] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00280FDE
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 002700BA
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00270F7E
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateProcessW 75BE1BF3 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 002700F7
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 002700E6
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00270098
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 0027002C
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00270FE5
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00270F99
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00270087
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00270065
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00270076
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00270FD4
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 002700A9
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00270112
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00270011
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00270000
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 002700D5
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 002A0FB7
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!system 764F804B 5 Bytes JMP 002A0038
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 002A0FC8
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_open 764FD106 5 Bytes JMP 002A0000
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 002A0027
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 002A0FE3
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00290058
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00290047
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00290000
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00290FB6
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00290073
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00290FE5
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0029001B
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00290036
    .text C:\Windows\System32\svchost.exe[3604] WS2_32.dll!socket 770F36D1 5 Bytes JMP 002B0000
    .text C:\Windows\system32\svchost.exe[3636] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00270000
    .text C:\Windows\system32\svchost.exe[3636] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 0027001B
    .text C:\Windows\system32\svchost.exe[3636] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00270FE5
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001300BC
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00130F76
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001300E8
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001300CD
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 0013006B
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00130FDB
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 0013002C
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001300A1
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 0013005A
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00130FB6
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00130F91
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 0013003D
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00130086
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00130F40
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00130011
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00130000
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00130F5B
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 002A004A
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!system 764F804B 5 Bytes JMP 002A0FB5
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 002A001B
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_open 764FD106 5 Bytes JMP 002A0000
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 002A0FC6
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 002A0FE3
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 0029006C
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00290FD4
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00290FEF
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 0029005B
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00290087
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 0029001B
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0029000A
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00290040
    .text C:\Windows\system32\svchost.exe[3636] WS2_32.dll!socket 770F36D1 5 Bytes JMP 002B000A
    .text C:\Windows\system32\svchost.exe[3656] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 009A0000
    .text C:\Windows\system32\svchost.exe[3656] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 009A0022
    .text C:\Windows\system32\svchost.exe[3656] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 009A0011
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00990F50
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 0099008C
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 009900C5
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00990F2E
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00990F6B
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00990FD4
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00990FC3
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 0099007B
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00990F86
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00990039
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00990F97
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00990FA8
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00990060
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00990F1D
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 0099000A
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00990FEF
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00990F3F
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 009C004C
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!system 764F804B 5 Bytes JMP 009C0FC1
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 009C000C
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_open 764FD106 5 Bytes JMP 009C0FEF
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 009C0027
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 009C0FD2
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 009B006C
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 009B0040
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 009B000A
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 009B0051
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 009B0FAF
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 009B0FEF
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 009B001B
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 009B0FDE
    .text C:\Windows\system32\svchost.exe[3656] WS2_32.dll!socket 770F36D1 5 Bytes JMP 009D0FEF
    .text C:\Windows\System32\svchost.exe[3844] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00060FEF
    .text C:\Windows\System32\svchost.exe[3844] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00060FDE
    .text C:\Windows\System32\svchost.exe[3844] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 0006000A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 000500C0
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00050F7A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 000500F9
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00050F58
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00050079
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 0005000A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00050025
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 000500AF
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00050FA1
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00050FB2
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00050054
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00050FC3
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 0005008A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00050F47
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00050FD4
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00050FEF
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00050F69
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wsystem 764F7F2F 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00080033
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!system 764F804B 5 Bytes JMP 00080022
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00080000
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_open 764FD106 5 Bytes JMP 00080FEF
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00080011
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00080FC6
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00070058
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 0007002C
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00070000
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00070047
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00070073
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00070011
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00070FE5
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00070FCA
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5260] ntdll.dll!LdrLoadDll 77349390 5 Bytes JMP 011813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 851731E8

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device \FileSystem\fastfat \FatCdrom 88C087A0
    Device \Driver\volmgr \Device\VolMgrControl 851701E8
    Device \Driver\usbuhci \Device\USBPDO-0 873A91E8
    Device \Driver\usbuhci \Device\USBPDO-1 873A91E8
    Device \Driver\usbehci \Device\USBPDO-2 85B4C7A0
    Device \Driver\usbuhci \Device\USBPDO-3 873A91E8
    Device \Driver\usbuhci \Device\USBPDO-4 873A91E8

    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBPDO-5 873A91E8
    Device \Driver\usbehci \Device\USBPDO-6 85B4C7A0
    Device \Driver\netbt \Device\NetBT_Tcpip_{554224AC-2D31-4234-86A9-75BC717552D5} 87DF51E8
    Device \Driver\volmgr \Device\HarddiskVolume1 851701E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

    Device \Driver\volmgr \Device\HarddiskVolume2 851701E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

    Device \Driver\cdrom \Device\CdRom0 85B447A0
    Device \Driver\volmgr \Device\HarddiskVolume3 851701E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

    Device \Driver\iaStor \Device\Ide\iaStor0 851721E8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 851721E8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 851721E8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 851721E8
    Device \Driver\cdrom \Device\CdRom1 85B447A0
    Device \Driver\netbt \Device\NetBt_Wins_Export 87DF51E8
    Device \Driver\iScsiPrt \Device\RaidPort0 8757C1E8

    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBFDO-0 873A91E8
    Device \Driver\usbuhci \Device\USBFDO-1 873A91E8
    Device \Driver\usbehci \Device\USBFDO-2 85B4C7A0
    Device \Driver\usbuhci \Device\USBFDO-3 873A91E8
    Device \Driver\usbuhci \Device\USBFDO-4 873A91E8
    Device \Driver\usbuhci \Device\USBFDO-5 873A91E8
    Device \Driver\usbehci \Device\USBFDO-6 85B4C7A0
    Device \FileSystem\fastfat \Fat 88C087A0

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xEC 0x41 0xB7 0x3B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0xE4 0x41 0x4C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xEF 0xC1 0xFE 0xD2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x2C 0x66 0x34 0xF1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0xE4 0x41 0x4C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xEF 0xC1 0xFE 0xD2 ...

    ---- EOF - GMER 1.0.15 ----
     
  3. ratzmoose

    ratzmoose Thread Starter

    Joined:
    Feb 27, 2008
    Messages:
    60
    Here is the Ark file as well (post was too big before):

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-20 11:22:37
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.VT10
    Running: w010sn68.exe; Driver: C:\Users\Rob\AppData\Local\Temp\pwldrpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A98C0B8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A98C0E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A98C0CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A98C0A4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 826709D2 5 Bytes JMP 8A98C0A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 82835DA3 5 Bytes JMP 8A98C0E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 828554FA 7 Bytes JMP 8A98C0BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 828557BD 5 Bytes JMP 8A98C0D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA10000, 0x331A84, 0xE8000020]
    .text USBPORT.SYS!DllUnload 8F1DE41B 2 Bytes JMP 87398520
    .text USBPORT.SYS!DllUnload + 3 8F1DE41E 2 Bytes [1B, F8] {SBB EDI, EAX}
    .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F2F3300, 0x3AE88, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F3C8300, 0x1B7E, 0xE8000020]
    ? C:\Users\Rob\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[436] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 03330000
    .text C:\Windows\Explorer.EXE[436] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 03330FCA
    .text C:\Windows\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 03330FE5
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 03320F3C
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 03320F57
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 03320F1A
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 03320F2B
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 03320060
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 03320FC3
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 0332001E
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 0332008C
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 03320F7C
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 03320F8D
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 0332002F
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 03320FA8
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 0332007B
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 033200C2
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 03320FD4
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 03320FEF
    .text C:\Windows\Explorer.EXE[436] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 0332009D
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 03340F94
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 0334002C
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 03340000
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 03340FA5
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 03340047
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 03340011
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 03340FDB
    .text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 03340FC0
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 03350FA1
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!system 764F804B 5 Bytes JMP 03350FB2
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 03350FCD
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_open 764FD106 5 Bytes JMP 03350000
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 03350022
    .text C:\Windows\Explorer.EXE[436] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 03350011
    .text C:\Windows\Explorer.EXE[436] SHELL32.dll!SHFileOperationW 766268E8 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
    .text C:\Windows\Explorer.EXE[436] WS2_32.dll!socket 770F36D1 5 Bytes JMP 0336000A
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenA 7714D690 5 Bytes JMP 03370FEF
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenW 7714DB09 5 Bytes JMP 0337000A
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenUrlA 7714F3A4 5 Bytes JMP 0337001B
    .text C:\Windows\Explorer.EXE[436] WININET.dll!InternetOpenUrlW 77196D77 5 Bytes JMP 03370FCA
    .text C:\Windows\system32\services.exe[828] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 001B000A
    .text C:\Windows\system32\services.exe[828] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 001B002C
    .text C:\Windows\system32\services.exe[828] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 001B001B
    .text C:\Windows\system32\services.exe[828] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001C00A1
    .text C:\Windows\system32\services.exe[828] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001C0F5B
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001C0F14
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001C0F25
    .text C:\Windows\system32\services.exe[828] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001C007F
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001C002C
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001C003D
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001C0F76
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001C006E
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001C0FB6
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001C0FA5
    .text C:\Windows\system32\services.exe[828] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001C0FD1
    .text C:\Windows\system32\services.exe[828] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001C0090
    .text C:\Windows\system32\services.exe[828] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001C00D0
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001C0011
    .text C:\Windows\system32\services.exe[828] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001C0000
    .text C:\Windows\system32\services.exe[828] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001C0F40
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 001D0F94
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 001D0FAF
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 001D0FEF
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 001D0036
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 001D0051
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 001D0FD4
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 001D000A
    .text C:\Windows\system32\services.exe[828] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 001D001B
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 001E0F92
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!system 764F804B 5 Bytes JMP 001E0FAD
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 001E001D
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_open 764FD106 5 Bytes JMP 001E0000
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 001E0FBE
    .text C:\Windows\system32\services.exe[828] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 001E0FE3
    .text C:\Windows\system32\services.exe[828] WS2_32.dll!socket 770F36D1 5 Bytes JMP 001F0FEF
    .text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00100FEF
    .text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 0010000A
    .text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00100FD4
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00110F43
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00110F54
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00110F03
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00110F28
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 0011006E
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 0011001B
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00110FCA
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00110089
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00110F94
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00110051
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00110FA5
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00110036
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00110F6F
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001100BF
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00110FE5
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00110000
    .text C:\Windows\system32\lsass.exe[844] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001100A4
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00120FCA
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00120FE5
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00120000
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 0012006C
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00120FAF
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00120036
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0012001B
    .text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00120047
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00130F92
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!system 764F804B 5 Bytes JMP 00130FAD
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 0013001D
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_open 764FD106 5 Bytes JMP 00130000
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00130FC8
    .text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00130FE3
    .text C:\Windows\system32\lsass.exe[844] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00150000
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 005E000A
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 005E0FEF
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 005E0025
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 007600EC
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00760FB0
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00760F8B
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00760118
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 007600AC
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00760FEF
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 0076004A
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 007600D1
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 0076009B
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00760065
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 0076008A
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00760FDE
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00760FC1
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00760147
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00760025
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 0076000A
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00760107
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00900F8B
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!system 764F804B 5 Bytes JMP 00900016
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00900FC1
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_open 764FD106 5 Bytes JMP 00900FEF
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00900FB0
    .text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00900FDE
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 008B0036
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 008B0FB9
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 008B0FEF
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 008B0F94
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 008B0F83
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 008B0FCA
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 008B000A
    .text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 008B0025
    .text C:\Windows\system32\svchost.exe[1024] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00910000
    .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 001D0000
    .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 001D0022
    .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 001D0011
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001E0069
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001E0F23
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001E0EE3
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001E0F08
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001E0F48
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001E0FC0
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001E0011
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001E0058
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001E0F65
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001E0F80
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001E0022
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001E0F9B
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001E003D
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001E0095
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001E0FDB
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001E0000
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001E0084
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00240F92
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!system 764F804B 5 Bytes JMP 00240027
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00240FC1
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_open 764FD106 5 Bytes JMP 00240FEF
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00240016
    .text C:\Windows\system32\svchost.exe[1084] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00240FD2
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00230FC3
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00230040
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00230FEF
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00230065
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00230FA8
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 0023000A
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00230FD4
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 0023002F
    .text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 770F36D1 5 Bytes JMP 002D0FEF
    .text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00880FE5
    .text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00880FC3
    .text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00880FD4
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 005E00AB
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 005E0090
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 005E00DE
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 005E00CD
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 005E0064
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 005E0FC0
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 005E0011
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 005E007F
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 005E0F8A
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 005E0FA5
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 005E0047
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 005E002C
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 005E0F65
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 005E0F36
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 005E0FE5
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 005E0000
    .text C:\Windows\System32\svchost.exe[1244] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 005E00BC
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 008E0F92
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!system 764F804B 5 Bytes JMP 008E0FA3
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 008E001D
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_open 764FD106 5 Bytes JMP 008E000C
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 008E0FBE
    .text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 008E0FE3
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00600025
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00600F9E
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00600FEF
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00600F8D
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00600036
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00600FB9
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00600FD4
    .text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00600014
    .text C:\Windows\System32\svchost.exe[1244] WS2_32.dll!socket 770F36D1 5 Bytes JMP 008F0FEF
    .text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 016E000A
    .text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 016E002C
    .text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 016E001B
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 016F00B3
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 016F00A2
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 016F0F3E
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 016F00DF
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 016F007D
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 016F0FEF
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 016F0FD4
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 016F0F6D
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 016F006C
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 016F005B
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 016F0FAF
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 016F004A
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 016F0F7E
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 016F0F2D
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 016F001B
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 016F000A
    .text C:\Windows\System32\svchost.exe[1276] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 016F00C4
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 01760025
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!system 764F804B 5 Bytes JMP 01760F90
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 01760000
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_open 764FD106 5 Bytes JMP 01760FEF
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 01760FAB
    .text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 01760FC6
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 01750073
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 01750058
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 01750000
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 01750FD1
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 01750FB6
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 0175002C
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0175001B
    .text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 0175003D
    .text C:\Windows\System32\svchost.exe[1276] WS2_32.dll!socket 770F36D1 5 Bytes JMP 01770FEF
    .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00FB0FEF
    .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00FB0014
    .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00FB0FDE
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00FA0F6F
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00FA0F80
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00FA00FC
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00FA00E1
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00FA0090
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00FA0FCA
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00FA001B
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00FA0F91
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00FA007F
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00FA0051
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00FA0062
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00FA0036
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00FA00AB
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00FA0117
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00FA0FE5
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00FA0000
    .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00FA00D0
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 01250F9C
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!system 764F804B 5 Bytes JMP 01250031
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 01250FD2
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_open 764FD106 5 Bytes JMP 01250FEF
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 01250FC1
    .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 01250000
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 01200FA9
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 01200044
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 01200000
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 01200055
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 01200070
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 01200022
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 01200011
    .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 01200033
    .text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!socket 770F36D1 5 Bytes JMP 01260FEF
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00330FEF
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00330FC3
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00330FDE
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001D0EE2
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001D0EFD
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001D005E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001D0ED1
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001D0F44
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001D0FB9
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001D0F9E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001D0F0E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001D0F61
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001D001E
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001D0F7C
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001D0F8D
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001D0F1F
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001D006F
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001D0FCA
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001D0FE5
    .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001D0043
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 0089005B
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system 764F804B 5 Bytes JMP 00890FC6
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 0089001B
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open 764FD106 5 Bytes JMP 00890000
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 0089002C
    .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00890FD7
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00880F8A
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 0088001B
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00880FEF
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 0088002C
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00880047
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00880FD4
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0088000A
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00880FAF
    .text C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket 770F36D1 5 Bytes JMP 008A0FEF
    .text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00E90FEF
    .text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00E90FDE
    .text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00E9000A
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00E70F49
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00E70F5A
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00E70F13
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00E700A0
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00E70F86
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00E70FCD
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00E7001E
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00E70085
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00E70F97
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00E7004A
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00E70FA8
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00E7002F
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00E70F75
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00E70EF8
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00E70FDE
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00E70FEF
    .text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00E70F24
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 01480F72
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!system 764F804B 5 Bytes JMP 01480F97
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 01480FC3
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_open 764FD106 5 Bytes JMP 01480FEF
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 01480FB2
    .text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 01480FDE
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00EE0F94
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00EE0FB9
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00EE0FEF
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00EE0040
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00EE0051
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00EE0FD4
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00EE000A
    .text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00EE0025
    .text C:\Windows\system32\svchost.exe[1504] WS2_32.dll!socket 770F36D1 5 Bytes JMP 01490FE5
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenA 7714D690 5 Bytes JMP 01520FEF
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenW 7714DB09 5 Bytes JMP 01520FCA
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenUrlA 7714F3A4 5 Bytes JMP 01520000
    .text C:\Windows\system32\svchost.exe[1504] WinInet.dll!InternetOpenUrlW 77196D77 5 Bytes JMP 01520FAF
    .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00CD0FE5
    .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00CD0000
    .text C:\Windows\system32\svchost.exe[1708] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00CD0FD4
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00CC0F3A
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00CC0F55
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 00CC0EF3
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00CC0F04
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00CC0065
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00CC0FD4
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00CC0FC3
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00CC0F66
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00CC0054
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00CC0F97
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00CC0043
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00CC0FA8
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00CC0076
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00CC00A5
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00CC000A
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00CC0FEF
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00CC0F1F
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00CF0049
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!system 764F804B 5 Bytes JMP 00CF0FC8
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00CF0038
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_open 764FD106 5 Bytes JMP 00CF0000
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00CF0FD9
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00CF001D
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00CE0039
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00CE0FB2
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00CE000A
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00CE0F97
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00CE004A
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00CE0FD4
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00CE0FE5
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00CE0FC3
    .text C:\Windows\system32\svchost.exe[1708] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00D40FEF
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1728] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 69109AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1728] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 69109A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 007B0FE5
    .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 007B0011
    .text C:\Windows\system32\svchost.exe[1984] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 007B0000
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001A00AB
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 001A009A
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001A0F28
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001A0F39
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 001A005D
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 001A0FB9
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 001A0014
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001A0089
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 001A0040
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 001A0FA8
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 001A0F83
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 001A0025
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 001A006E
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001A0F17
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 001A0FDE
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 001A0FEF
    .text C:\Windows\system32\svchost.exe[1984] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 001A0F54
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00930049
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!system 764F804B 5 Bytes JMP 00930038
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 0093000C
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_open 764FD106 5 Bytes JMP 00930FE3
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 0093001D
    .text C:\Windows\system32\svchost.exe[1984] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00930FD2
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 001C0F94
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 001C002C
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 001C0FE5
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 001C0FA5
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 001C0F83
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 001C0000
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 001C0FD4
    .text C:\Windows\system32\svchost.exe[1984] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 001C0011
    .text C:\Windows\system32\svchost.exe[1984] WS2_32.dll!socket 770F36D1 5 Bytes JMP 00940FE5
    .text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00300FE5
    .text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00300FB9
    .text C:\Windows\system32\svchost.exe[3092] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00300FD4
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 002F0F46
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 002F008C
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 002F00B8
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 002F0F21
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 002F005D
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 002F0FDE
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 002F0FC3
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 002F0F57
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 002F0040
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 002F0FA8
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 002F0F83
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 002F002F
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 002F0F72
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 002F0F06
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 002F000A
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 002F0FEF
    .text C:\Windows\system32\svchost.exe[3092] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 002F00A7
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00D80066
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!system 764F804B 5 Bytes JMP 00D8004B
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_creat 764FBBE1 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00D80FE5
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_open 764FD106 5 Bytes JMP 00D80000
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00D8003A
    .text C:\Windows\system32\svchost.exe[3092] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00D80029
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00310076
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00310047
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00310000
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00310FCA
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00310FB9
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00310FE5
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0031001B
    .text C:\Windows\system32\svchost.exe[3092] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00310036
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3504] USER32.dll!TrackPopupMenu 75B614F3 5 Bytes JMP 5D0B2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Windows\System32\svchost.exe[3576] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 001A0FEF
    .text C:\Windows\System32\svchost.exe[3576] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 001A001B
    .text C:\Windows\System32\svchost.exe[3576] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 001A000A
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001500BA
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00150F74
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001500DF
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00150F48
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 0015007D
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00150FE5
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00150036
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 0015009F
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 0015006C
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00150051
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00150FAF
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00150FC0
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 0015008E
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 001500F0
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 0015001B
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00150000
    .text C:\Windows\System32\svchost.exe[3576] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00150F59
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 001C0FB7
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!system 764F804B 5 Bytes JMP 001C0FD2
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 001C0FE3
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_open 764FD106 5 Bytes JMP 001C000C
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 001C0042
    .text C:\Windows\System32\svchost.exe[3576] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 001C001D
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 001B0F8D
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 001B0FC3
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 001B0FE5
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 001B0FB2
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 001B0F7C
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 001B000A
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 001B0FD4
    .text C:\Windows\System32\svchost.exe[3576] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 001B0025
    .text C:\Windows\System32\svchost.exe[3576] WS2_32.dll!socket 770F36D1 5 Bytes JMP 001D0000
    .text C:\Windows\System32\svchost.exe[3604] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00280FEF
    .text C:\Windows\System32\svchost.exe[3604] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 0028000A
    .text C:\Windows\System32\svchost.exe[3604] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00280FDE
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 002700BA
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00270F7E
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateProcessW 75BE1BF3 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 002700F7
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 002700E6
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00270098
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 0027002C
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00270FE5
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 00270F99
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00270087
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00270065
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00270076
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00270FD4
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 002700A9
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00270112
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00270011
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00270000
    .text C:\Windows\System32\svchost.exe[3604] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 002700D5
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 002A0FB7
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!system 764F804B 5 Bytes JMP 002A0038
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 002A0FC8
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_open 764FD106 5 Bytes JMP 002A0000
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 002A0027
    .text C:\Windows\System32\svchost.exe[3604] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 002A0FE3
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00290058
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00290047
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00290000
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00290FB6
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00290073
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00290FE5
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0029001B
    .text C:\Windows\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00290036
    .text C:\Windows\System32\svchost.exe[3604] WS2_32.dll!socket 770F36D1 5 Bytes JMP 002B0000
    .text C:\Windows\system32\svchost.exe[3636] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00270000
    .text C:\Windows\system32\svchost.exe[3636] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 0027001B
    .text C:\Windows\system32\svchost.exe[3636] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 00270FE5
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 001300BC
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00130F76
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 001300E8
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 001300CD
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 0013006B
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00130FDB
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 0013002C
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 001300A1
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 0013005A
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00130FB6
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00130F91
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 0013003D
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00130086
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00130F40
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00130011
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00130000
    .text C:\Windows\system32\svchost.exe[3636] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00130F5B
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 002A004A
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!system 764F804B 5 Bytes JMP 002A0FB5
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 002A001B
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_open 764FD106 5 Bytes JMP 002A0000
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 002A0FC6
    .text C:\Windows\system32\svchost.exe[3636] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 002A0FE3
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 0029006C
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 00290FD4
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00290FEF
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 0029005B
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00290087
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 0029001B
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 0029000A
    .text C:\Windows\system32\svchost.exe[3636] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00290040
    .text C:\Windows\system32\svchost.exe[3636] WS2_32.dll!socket 770F36D1 5 Bytes JMP 002B000A
    .text C:\Windows\system32\svchost.exe[3656] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 009A0000
    .text C:\Windows\system32\svchost.exe[3656] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 009A0022
    .text C:\Windows\system32\svchost.exe[3656] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 009A0011
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 00990F50
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 0099008C
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 009900C5
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00990F2E
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00990F6B
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 00990FD4
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00990FC3
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 0099007B
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00990F86
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00990039
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00990F97
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00990FA8
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 00990060
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00990F1D
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 0099000A
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00990FEF
    .text C:\Windows\system32\svchost.exe[3656] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00990F3F
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 009C004C
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!system 764F804B 5 Bytes JMP 009C0FC1
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 009C000C
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_open 764FD106 5 Bytes JMP 009C0FEF
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 009C0027
    .text C:\Windows\system32\svchost.exe[3656] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 009C0FD2
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 009B006C
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 009B0040
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 009B000A
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 009B0051
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 009B0FAF
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 009B0FEF
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 009B001B
    .text C:\Windows\system32\svchost.exe[3656] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 009B0FDE
    .text C:\Windows\system32\svchost.exe[3656] WS2_32.dll!socket 770F36D1 5 Bytes JMP 009D0FEF
    .text C:\Windows\System32\svchost.exe[3844] ntdll.dll!NtCreateFile 773843D4 5 Bytes JMP 00060FEF
    .text C:\Windows\System32\svchost.exe[3844] ntdll.dll!NtCreateProcess 77384494 5 Bytes JMP 00060FDE
    .text C:\Windows\System32\svchost.exe[3844] ntdll.dll!NtProtectVirtualMemory 77384D34 5 Bytes JMP 0006000A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!GetStartupInfoW 75BE1929 5 Bytes JMP 000500C0
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!GetStartupInfoA 75BE19C9 5 Bytes JMP 00050F7A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateProcessW 75BE1BF3 5 Bytes JMP 000500F9
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateProcessA 75BE1C28 5 Bytes JMP 00050F58
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!VirtualProtect 75BE1DC3 5 Bytes JMP 00050079
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateNamedPipeA 75BE2EF5 5 Bytes JMP 0005000A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateNamedPipeW 75BE5C0C 5 Bytes JMP 00050025
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreatePipe 75C08E6E 5 Bytes JMP 000500AF
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryExW 75C09109 5 Bytes JMP 00050FA1
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryW 75C09362 5 Bytes JMP 00050FB2
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryExA 75C094B4 5 Bytes JMP 00050054
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!LoadLibraryA 75C094DC 5 Bytes JMP 00050FC3
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!VirtualProtectEx 75C0DBDA 5 Bytes JMP 0005008A
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!GetProcAddress 75C2903B 5 Bytes JMP 00050F47
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateFileW 75C2AECB 5 Bytes JMP 00050FD4
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!CreateFileA 75C2CE5F 5 Bytes JMP 00050FEF
    .text C:\Windows\System32\svchost.exe[3844] kernel32.dll!WinExec 75C75CF7 5 Bytes JMP 00050F69
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wsystem 764F7F2F 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wsystem 764F7F2F 5 Bytes JMP 00080033
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!system 764F804B 5 Bytes JMP 00080022
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_creat 764FBBE1 5 Bytes JMP 00080000
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_open 764FD106 5 Bytes JMP 00080FEF
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wcreat 764FD326 5 Bytes JMP 00080011
    .text C:\Windows\System32\svchost.exe[3844] msvcrt.dll!_wopen 764FD501 5 Bytes JMP 00080FC6
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyExA 763F39AB 5 Bytes JMP 00070058
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyA 763F3BA9 5 Bytes JMP 0007002C
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyA 763F89C7 5 Bytes JMP 00070000
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyW 7640391E 5 Bytes JMP 00070047
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegCreateKeyExW 764041F1 5 Bytes JMP 00070073
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyExA 76407C42 5 Bytes JMP 00070011
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyW 7640E2B5 5 Bytes JMP 00070FE5
    .text C:\Windows\System32\svchost.exe[3844] ADVAPI32.dll!RegOpenKeyExW 76417BA1 5 Bytes JMP 00070FCA
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5260] ntdll.dll!LdrLoadDll 77349390 5 Bytes JMP 011813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 851731E8

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device \FileSystem\fastfat \FatCdrom 88C087A0
    Device \Driver\volmgr \Device\VolMgrControl 851701E8
    Device \Driver\usbuhci \Device\USBPDO-0 873A91E8
    Device \Driver\usbuhci \Device\USBPDO-1 873A91E8
    Device \Driver\usbehci \Device\USBPDO-2 85B4C7A0
    Device \Driver\usbuhci \Device\USBPDO-3 873A91E8
    Device \Driver\usbuhci \Device\USBPDO-4 873A91E8

    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBPDO-5 873A91E8
    Device \Driver\usbehci \Device\USBPDO-6 85B4C7A0
    Device \Driver\netbt \Device\NetBT_Tcpip_{554224AC-2D31-4234-86A9-75BC717552D5} 87DF51E8
    Device \Driver\volmgr \Device\HarddiskVolume1 851701E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

    Device \Driver\volmgr \Device\HarddiskVolume2 851701E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

    Device \Driver\cdrom \Device\CdRom0 85B447A0
    Device \Driver\volmgr \Device\HarddiskVolume3 851701E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

    Device \Driver\iaStor \Device\Ide\iaStor0 851721E8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 851721E8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 851721E8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 851721E8
    Device \Driver\cdrom \Device\CdRom1 85B447A0
    Device \Driver\netbt \Device\NetBt_Wins_Export 87DF51E8
    Device \Driver\iScsiPrt \Device\RaidPort0 8757C1E8

    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBFDO-0 873A91E8
    Device \Driver\usbuhci \Device\USBFDO-1 873A91E8
    Device \Driver\usbehci \Device\USBFDO-2 85B4C7A0
    Device \Driver\usbuhci \Device\USBFDO-3 873A91E8
    Device \Driver\usbuhci \Device\USBFDO-4 873A91E8
    Device \Driver\usbuhci \Device\USBFDO-5 873A91E8
    Device \Driver\usbehci \Device\USBFDO-6 85B4C7A0
    Device \FileSystem\fastfat \Fat 88C087A0

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xEC 0x41 0xB7 0x3B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0xE4 0x41 0x4C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xEF 0xC1 0xFE 0xD2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x2C 0x66 0x34 0xF1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0xE4 0x41 0x4C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xEF 0xC1 0xFE 0xD2 ...

    ---- EOF - GMER 1.0.15 ----
     
  4. ratzmoose

    ratzmoose Thread Starter

    Joined:
    Feb 27, 2008
    Messages:
    60
    Crap I thought my other post didn't get posted sorry about that just remove this thread (plus I forgot to attach the attach file where the other thread has it).
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975836

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice