1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Scripts not completing, slow running comp

Discussion in 'Virus & Other Malware Removal' started by PrettyGeek2011, Jan 27, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. PrettyGeek2011

    PrettyGeek2011 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    6
    I am running Windows XP sp3. I currently have issues with the computer constantly popping up dialog boxes asking if I want to stop or keep running scripts on my browser pages. This seems to happen a lot with Facebook, high graphic gaming sites, etc. and if I click to continue script it will close the box and continue to load the page (not always) but will load pages EXTREMELY slow, sometimes not at all. It also seems to run EXTREMELY slow and my computer is loading REALLY slow. It takes up to 10 mins to get everything to load (i.e., McAfee) before I can click on an icon (i.e. Mozilla Firefix) and then that might even take a couple minutes to load and open a webpage. I've run CCleaner, disk cleanup, virus scans and cleaned it out to no avail. Any suggestions you might be able to offer would be appreciated!! Thanks!
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Please click HERE to download and install HijackThis.

    Run it and select Do a system scan and save a logfile from the Main Menu.

    The log will be saved in Notepad. Copy and paste the log in your next reply.

    IMPORTANT: Do not fix anything
     
  3. PrettyGeek2011

    PrettyGeek2011 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    6
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:05:23 PM, on 1/27/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\DOCUME~1\Brian\LOCALS~1\Temp\AMPing.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.swagbucks.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101122193148.dll
    O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247356696681
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: AMPingService - Automated Programming Technologies, Inc. - C:\DOCUME~1\Brian\LOCALS~1\Temp\AMPing.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: Remote Access Connection Manager (RasMan32) - Unknown owner - C:\WINDOWS\system32\d3dramp32.exe (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: ThreatFire - Unknown owner - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (file missing)

    --
    End of file - 9061 bytes
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Do you know what Automated Programming Technologies, Inc. does?

    C:\DOCUME~1\Brian\LOCALS~1\Temp\AMPing.exe

    O23 - Service: AMPingService - Automated Programming Technologies, Inc. - C:\DOCUME~1\Brian\LOCALS~1\Temp\AMPing.exe
     
  5. PrettyGeek2011

    PrettyGeek2011 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    6
    Not too sure, but I think it was something that came along when I downloaded Driver Detect onto my computer. Weird part is I tried uninstalling and removing this program via Control Panel, Add/Remove programs... and it will uninstall main prog. but it won't allow me to remove it from my programs list. That and CarambisDriverUpdater, this was a few months ago when I was trying to fix my ATI driver and display drivers...
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    You do have a few suspicious entries in your log.

    I would ask a malware removal expert's advice. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
     
  7. PrettyGeek2011

    PrettyGeek2011 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    6
    Ok thanks for you help. I have Malwarebytes on my comp and run that scan as well as my general antivirus McAfee, AND i have Spybot S&D, ran all 3 usually one if not all will detect something but none of them have. I'll post in the other section and hope we can resolve this! Again thanks for your help! :)
     
  8. PrettyGeek2011

    PrettyGeek2011 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    6
    My computer doesn't fully run DDS, it freezes or lags and it never pops up with a log file. I disable my McAfee, and make sure scripts arent disabled.. maybe I'm missing something somewhere?
     
  9. PrettyGeek2011

    PrettyGeek2011 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    6
    Please see above for HJT log, DDS won't run properly, doesn't allow me to dave any files or doesn't pop up with files after a scan. I am pasting the GMER/ark.txt file here now. Thanks.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-27 23:37:15
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK3017GAP rev.A0.02_H
    Running: 1fbsj1rb.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\ffxyikog.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF83FF0E0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF83FF0F4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF83FF120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF83FF176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF83FF0CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF83FF0A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF83FF0B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF83FF10A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF83FF14C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF83FF136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF83FF1A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF83FF18C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF83FF160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F83FF164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP F83FF0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP F83FF0E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP F83FF0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP F83FF13A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP F83FF190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP F83FF17A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP F83FF1A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP F83FF0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP F83FF124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP F83FF0F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetSecurityObject 8059B1F3 5 Bytes JMP F83FF150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP F83FF10E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FE5
    .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FC3
    .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FD4
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F50
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0045
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F61
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F7C
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0F8D
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA007B
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F33
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00A7
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F04
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00B8
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0014
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0060
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0F9E
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
    .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA008C
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FCD
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F89
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDE
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F9A
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FAB
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[140] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FBC
    .text C:\WINDOWS\system32\svchost.exe[140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920025
    .text C:\WINDOWS\system32\svchost.exe[140] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920F9A
    .text C:\WINDOWS\system32\svchost.exe[140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FB5
    .text C:\WINDOWS\system32\svchost.exe[140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
    .text C:\WINDOWS\system32\svchost.exe[140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920014
    .text C:\WINDOWS\system32\svchost.exe[140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FC6
    .text C:\WINDOWS\system32\svchost.exe[140] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
    .text C:\WINDOWS\system32\svchost.exe[140] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090001B
    .text C:\WINDOWS\system32\svchost.exe[140] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900036
    .text C:\WINDOWS\system32\svchost.exe[140] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00900047
    .text C:\WINDOWS\system32\svchost.exe[140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\Explorer.EXE[956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0680000A
    .text C:\WINDOWS\Explorer.EXE[956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 06800025
    .text C:\WINDOWS\Explorer.EXE[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 06800FEF
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 067F0FEF
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 067F0062
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 067F0F6D
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 067F0047
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 067F0036
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 067F0F9E
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 067F0F2D
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 067F0F48
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 067F0F01
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 067F0090
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 067F0EE6
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 067F0025
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 067F0FCA
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 067F0073
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 067F0FB9
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 067F0000
    .text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 067F0F1C
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 067E0047
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 067E0FAC
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 067E002C
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 067E001B
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 067E0FC7
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 067E0000
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 067E0069
    .text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 067E0058
    .text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 067D0FB7
    .text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 067D0FD2
    .text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 067D0FE3
    .text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 067D0000
    .text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 067D0038
    .text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 067D0011
    .text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 044A0FEF
    .text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 044A000A
    .text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 044A0025
    .text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 044A0FD4
    .text C:\WINDOWS\Explorer.EXE[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 065C0FE5
    .text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00980FEF
    .text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00980FC3
    .text C:\WINDOWS\system32\services.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00980FD4
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070091
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007006C
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F92
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007005B
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FB9
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700C2
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F70
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F4E
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700E7
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F33
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0007004A
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070014
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F81
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FCA
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070025
    .text C:\WINDOWS\system32\services.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F5F
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FAF
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0006003D
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FC0
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060000
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060022
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F8A
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
    .text C:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060011
    .text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F9C
    .text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB7
    .text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
    .text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FE3
    .text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050027
    .text C:\WINDOWS\system32\services.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005000C
    .text C:\WINDOWS\system32\services.exe[1060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
    .text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90000
    .text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E9002C
    .text C:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90011
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0FEF
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF007B
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F7C
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F97
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0054
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF002F
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF00C4
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF00B3
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF010B
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00F0
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF011C
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FA8
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF000A
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0096
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FC3
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FD4
    .text C:\WINDOWS\system32\lsass.exe[1072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF00DF
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE004A
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0080
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0025
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0014
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0FC3
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CE0FD4
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 88]
    .text C:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0065
    .text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0031
    .text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0F9C
    .text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD000C
    .text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FE3
    .text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FB7
    .text C:\WINDOWS\system32\lsass.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0FD2
    .text C:\WINDOWS\system32\lsass.exe[1072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0000
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F4000A
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F40FDE
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F40FEF
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10000
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B10FA3
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B10098
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B1007D
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B1006C
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10051
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B10F7C
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B100C4
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B100F3
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B10F5A
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B10104
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B10FCA
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B1001B
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B100B3
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B10036
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B10FE5
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B10F6B
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B00036
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00073
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B0001B
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B0000A
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B00062
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B00FEF
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B00FC0
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D0, 88]
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B00047
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF0FA6
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0031
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF0FC1
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0FEF
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF000C
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF0FD2
    .text C:\WINDOWS\system32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AF0000
    .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AF0FDB
    .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AF0011
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70FE5
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A700A4
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A70089
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A7006C
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A70051
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70FCA
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A70F79
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70F8A
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A700FA
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A70F57
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A70F46
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70FAF
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A7000A
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A700B5
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A7002C
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A7001B
    .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A70F68
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60FC0
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A60058
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A6001B
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A60000
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A60FA5
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A60FE5
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A60047
    .text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A60036
    .text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50049
    .text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FBE
    .text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A5001D
    .text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50000
    .text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A5002E
    .text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50FE3
    .text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40000
    .text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 027E0000
    .text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 027E001B
    .text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 027E0FDB
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026F0000
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026F0087
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026F0F88
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026F006C
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026F0FAF
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026F0051
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026F00BA
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026F00A9
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026F0104
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026F00DF
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026F0115
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026F0FCA
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026F0FE5
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026F0098
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026F0036
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026F001B
    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026F0F61
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 023F0FE5
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 023F0076
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 023F0036
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 023F0011
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 023F0FB9
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 023F0000
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 023F0FCA
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5F, 8A]
    .text C:\WINDOWS\System32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 023F005B
    .text C:\WINDOWS\System32\svchost.exe[1500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 023E0077
    .text C:\WINDOWS\System32\svchost.exe[1500] msvcrt.dll!system 77C293C7 5 Bytes JMP 023E0066
    .text C:\WINDOWS\System32\svchost.exe[1500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 023E0044
    .text C:\WINDOWS\System32\svchost.exe[1500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 023E000C
    .text C:\WINDOWS\System32\svchost.exe[1500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 023E0055
    .text C:\WINDOWS\System32\svchost.exe[1500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 023E001D
    .text C:\WINDOWS\System32\svchost.exe[1500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 023D0000
    .text C:\WINDOWS\System32\svchost.exe[1500] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 023C000A
    .text C:\WINDOWS\System32\svchost.exe[1500] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 023C001B
    .text C:\WINDOWS\System32\svchost.exe[1500] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 023C0036
    .text C:\WINDOWS\System32\svchost.exe[1500] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 023C0FEF
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0000
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0011
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FE5
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660065
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F7A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F8B
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660FA8
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0066002F
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F31
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F4E
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600CA
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006600B9
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006600DB
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0066004A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0066000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660F5F
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660FC3
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FD4
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660094
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650FD1
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650F91
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0065002C
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0065001B
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650058
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650000
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FB6
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0065003D
    .text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640FA3
    .text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!system 77C293C7 5 Bytes JMP 0064002E
    .text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FE3
    .text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0064000C
    .text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FC8
    .text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0064001D
    .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630000
    .text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE0FE5
    .text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE001B
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F92
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0087
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0FA3
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD006C
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0040
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F5C
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD00A2
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F26
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F41
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F15
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0051
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FDE
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F77
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD002F
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0014
    .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD00BF
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FCA
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0051
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0025
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0000
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0F9E
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0040
    .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0FB9
    .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0F9C
    .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FAD
    .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB001D
    .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FBE
    .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB000C
    .text C:\WINDOWS\system32\svchost.exe[1816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs C:\WINDOWS\system32\odexl3232.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

    ---- EOF - GMER 1.0.15 ----
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Scripts completing slow
  1. lovemypeaches
    Replies:
    1
    Views:
    488
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977337

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice