1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Search Redirect malware

Discussion in 'Virus & Other Malware Removal' started by mrbaker, Nov 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. mrbaker

    mrbaker Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    4
    Problem: When doing a search (both Google and Yahoo) then select the link I want, an entirely different page is presented. As an example if I do a search for "malware" and select the link for www.microsoft.com/security/pc-security/malware-removal.aspx I am redirected to http://landings.stopzilla.com/_lega.../malwareremover.do.html?aid=10376&cid=malware. Other searches take me various sites such as http://63.209.69.107/search/web.
    This is only effecting Firefox which is the default browser.

    Dell Dimension 4600
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz, x86 Family 15 Model 2 Stepping 9
    Processor Count: 1
    RAM: 510 Mb
    Graphics Card: NVIDIA GeForce4 MX 440 with AGP8X (Microsoft Corporation), 64 Mb
    Hard Drives: C: Total - 76285 MB, Free - 24853 MB;
    Motherboard: Dell Computer Corp., 02Y832
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:21:42 PM, on 11/23/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files\ZooskMessenger\ZooskMessenger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111110230120.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - Startup: ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\mspmsnsv32.dll
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

    --
    End of file - 6417 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29
    Run by may at 16:37:35 on 2011-11-23
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.99 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files\ZooskMessenger\ZooskMessenger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111110230120.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\may\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
    TCP: Interfaces\{0506F4B7-6E25-4824-A6E5-D416CC5A09BE} : DhcpNameServer = 24.116.2.50 24.116.2.34
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: TPSvc - TPSvc.dll
    AppInit_DLLs: c:\windows\system32\mspmsnsv32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\may\application data\mozilla\firefox\profiles\sy8e6dvc.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
    FF - plugin: c:\documents and settings\may\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: XUL Cache: {ff65a136-edac-47f5-8210-693c264e193b} - %profile%\extensions\{ff65a136-edac-47f5-8210-693c264e193b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-28 464176]
    R0 TheStubwareDriver;TheStubware Driver;c:\windows\system32\drivers\TheStubwareDriver.SYS [2011-11-22 9728]
    R1 ActiveMonitor;ActiveMonitor Driver;c:\windows\system32\drivers\ActiveMonitor.SYS [2011-11-22 44032]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-28 89792]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-28 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-28 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-28 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-28 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-28 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-28 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-28 150856]
    R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-28 57600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-28 180816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-28 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-28 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-28 83856]
    S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-10-28 203080]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-28 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-28 87656]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-2-18 272128]
    S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-28 214904]
    .
    =============== Created Last 30 ================
    .
    2011-11-23 06:39:26 9728 ----a-w- c:\windows\system32\drivers\TheStubwareDriver.SYS
    2011-11-23 06:39:26 44032 ----a-w- c:\windows\system32\drivers\ActiveMonitor.SYS
    2011-11-23 06:39:24 -------- d-----w- c:\program files\TheStubware
    2011-11-23 03:33:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-22 16:12:13 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-11-22 08:53:25 -------- d-----w- c:\documents and settings\may\local settings\application data\PCHealth
    2011-11-22 07:47:52 -------- d-----w- c:\windows\system32\XPSViewer
    2011-11-22 07:47:12 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-11-22 07:46:52 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-22 07:46:52 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-22 07:46:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-11-22 07:46:52 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-11-22 07:46:51 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-11-22 07:46:51 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-11-22 07:46:51 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-11-22 07:46:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-11-22 07:46:49 -------- d-----w- C:\9039149bbf3b462b9b
    2011-11-22 07:39:14 -------- d-----w- c:\program files\MSXML 6.0
    2011-11-22 07:13:39 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-11-22 07:10:52 388096 ----a-r- c:\documents and settings\may\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-22 04:49:00 -------- d-----w- c:\windows\system32\KB905474
    2011-11-22 04:41:04 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-11-22 04:36:09 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-11-22 04:33:59 352640 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-11-22 04:33:12 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-11-22 04:33:01 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-11-22 04:32:58 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-11-22 04:29:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-11-22 04:29:10 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-11-22 04:29:01 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-11-22 04:24:39 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2011-11-22 04:24:15 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-11-22 04:21:12 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-11-22 04:18:29 -------- d-----w- c:\windows\system32\PreInstall
    2011-11-22 04:18:24 -------- d--h--w- c:\windows\$hf_mig$
    2011-11-22 04:15:00 -------- d-s---w- c:\documents and settings\may\UserData
    2011-11-22 04:14:14 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-11-21 23:54:26 -------- d-----w- c:\program files\common files\iS3
    2011-11-21 23:26:11 -------- d-----w- c:\program files\CCleaner
    2011-11-21 22:53:13 -------- d-----w- c:\windows\system32\LogFiles
    2011-11-21 21:28:16 -------- d-----w- c:\documents and settings\may\application data\Malwarebytes
    2011-11-21 21:27:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-21 21:27:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-21 21:26:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-29 05:12:19 28760 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
    2011-10-29 05:12:15 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-29 05:11:56 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-10-29 05:11:56 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-29 05:11:56 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-10-29 05:11:56 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-10-29 05:11:56 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-29 05:11:56 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-29 05:11:56 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-29 05:11:47 -------- d-----w- c:\program files\common files\Mcafee
    2011-10-29 05:11:43 -------- d-----w- c:\program files\McAfee.com
    2011-10-29 05:11:21 -------- d-----w- c:\program files\McAfee
    2011-10-29 04:25:13 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-29 04:25:09 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-29 04:25:06 150856 ----a-w- c:\windows\system32\mfevtps.exe
    2011-10-29 04:25:06 148520 ----a-r- c:\windows\system32\mfevtps.exe.9a15.deleteme
    .
    ==================== Find3M ====================
    .
    2011-10-24 02:31:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    ============= FINISH: 16:39:50.35 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-23 19:17:19
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75CAA0 rev.16.06V16
    Running: o85ykr82[1].exe; Driver: C:\DOCUME~1\may\LOCALS~1\Temp\agrcafod.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF86994C0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF86994D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8699500]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF8699556]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF86994AC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8699484]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8699498]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF86994EA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF869952C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8699516]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF8699580]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF869956C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF8699540]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F8B9D 7 Bytes JMP F8699544 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80567D6A 5 Bytes JMP F86994B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 8056EA01 5 Bytes JMP F86994C4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80572159 5 Bytes JMP F8699570 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 805725D4 7 Bytes JMP F869955A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 80572F6E 5 Bytes JMP F8699488 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80573EF5 7 Bytes JMP F869951A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805849B4 5 Bytes JMP F8699584 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 8058FCDD 5 Bytes JMP F869949C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 8059295F 7 Bytes JMP F8699504 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 80594F21 7 Bytes JMP F86994D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetSecurityObject 8059CE17 5 Bytes JMP F8699530 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8064D48B 7 Bytes JMP F86994EE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF730CF80]
    ? C:\DOCUME~1\may\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[496] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[496] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\System32\svchost.exe[724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00880FE5
    .text C:\WINDOWS\System32\svchost.exe[724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00880000
    .text C:\WINDOWS\System32\svchost.exe[724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00880FCA
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B0000
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008B0F6F
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008B006E
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008B0F94
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008B0FA5
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008B0036
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008B0F43
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008B007F
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008B0EFC
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008B0F0D
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008B0EE1
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008B0047
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008B001B
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008B0F5E
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008B0FC0
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008B0FE5
    .text C:\WINDOWS\System32\svchost.exe[724] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008B0F28
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008A0FB2
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008A0F8D
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008A0FC3
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008A0FD4
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008A004A
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008A0FEF
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008A0039
    .text C:\WINDOWS\System32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008A001E
    .text C:\WINDOWS\System32\svchost.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0089004C
    .text C:\WINDOWS\System32\svchost.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00890031
    .text C:\WINDOWS\System32\svchost.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0089000C
    .text C:\WINDOWS\System32\svchost.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00890FEF
    .text C:\WINDOWS\System32\svchost.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00890FC1
    .text C:\WINDOWS\System32\svchost.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00890FD2
    .text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FEF
    .text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0004000A
    .text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FD4
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E0FEF
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009E0076
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009E0F81
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009E005B
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009E004A
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009E0025
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009E009B
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009E0F49
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009E0F38
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009E00D1
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009E0F27
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009E0F9E
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009E0FD4
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009E0F66
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009E0FB9
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009E000A
    .text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009E00B6
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00070FB9
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00070051
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00070FD4
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0007000A
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00070040
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00070FEF
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00070F9E
    .text C:\WINDOWS\system32\services.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00070025
    .text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F97
    .text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FB2
    .text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FC3
    .text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060018
    .text C:\WINDOWS\system32\services.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FDE
    .text C:\WINDOWS\system32\services.exe[1048] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00050000
    .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B10FEF
    .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B1001B
    .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B1000A
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E7000A
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E70F63
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E70062
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E70051
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E70F94
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E70FCA
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E70073
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E70F2B
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E70F1A
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E700A9
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E70F09
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E70FA5
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E7001B
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E70F48
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E70FDB
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E7002C
    .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E70098
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00B40036
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B40FB6
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00B4001B
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00B40000
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B40073
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00B40FEF
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00B40062
    .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00B40047
    .text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B3003B
    .text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30FB0
    .text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B30FD2
    .text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FEF
    .text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30FC1
    .text C:\WINDOWS\system32\lsass.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B3000C
    .text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20000
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C30000
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C30025
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C30FEF
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C70000
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C70081
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C70F96
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C70070
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C70055
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C70FC7
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C700B9
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C700A8
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C70F45
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C70F56
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C70F2A
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C70044
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C70011
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C70F7B
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C70033
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C70022
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C700D4
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C60FDE
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C60F8D
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C60FEF
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C60025
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C60F9E
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C60000
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C6004A
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C60FC3
    .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50044
    .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50033
    .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50FCD
    .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C50000
    .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50022
    .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50011
    .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C40FE5
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008F0FEF
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008F0014
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008F0FDE
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930F52
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930F6D
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930F94
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930051
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930FB9
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0093007D
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0093006C
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00930F1A
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009300A9
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009300CE
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00930036
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00930F41
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00930FCA
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0093001B
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00930098
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00920FCA
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00920076
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00920FDB
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0092001B
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00920051
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00920FAF
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00920040
    .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910FD4
    .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910055
    .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910029
    .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0091000C
    .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910044
    .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0090000A
    .text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 044F0000
    .text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 044F001B
    .text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 044F0FE5
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 04710FE5
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 04710078
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 04710F8D
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 04710F9E
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0471005B
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0471002F
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0471009A
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 04710089
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 04710F0B
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 04710F1C
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 04710EFA
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 04710040
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 04710FD4
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 04710F5E
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 04710FC3
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 04710014
    .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 04710F41
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 04700FCA
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 04700F80
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0470001B
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 04700FE5
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 04700047
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 04700000
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 04700036
    .text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 04700FAF
    .text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04650038
    .text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!system 77C293C7 5 Bytes JMP 0465001D
    .text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0465000C
    .text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04650FEF
    .text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04650FAD
    .text C:\WINDOWS\System32\svchost.exe[1420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04650FDE
    .text C:\WINDOWS\System32\svchost.exe[1420] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 04500000
    .text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 04510011
    .text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 04510000
    .text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 04510FE5
    .text C:\WINDOWS\System32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 0451002C
    .text C:\WINDOWS\System32\svchost.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00620000
    .text C:\WINDOWS\System32\svchost.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00620FCA
    .text C:\WINDOWS\System32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00620FDB
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00720FEF
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0072005A
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00720049
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00720F6F
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00720F8A
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0072002C
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0072009C
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00720081
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007200C8
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007200B7
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00720F14
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00720F9B
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00720000
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00720F4A
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00720011
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00720FCA
    .text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00720F39
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0065002F
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00650051
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00650FD4
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0065000A
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00650040
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00650FEF
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00650F9E
    .text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00650FB9
    .text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0064003B
    .text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FB0
    .text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FD2
    .text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
    .text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FC1
    .text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0064000C
    .text C:\WINDOWS\System32\svchost.exe[1468] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00630FEF
    .text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80000
    .text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F80FCA
    .text C:\WINDOWS\Explorer.EXE[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FE5
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01170FEF
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01170F92
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01170091
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01170080
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01170FC3
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0117004A
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01170F77
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011700B3
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01170F4B
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01170F5C
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01170F3A
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01170065
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01170FDE
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 011700A2
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01170039
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01170014
    .text C:\WINDOWS\Explorer.EXE[1604] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 011700DA
    .text C:\WINDOWS\Explorer.EXE[1604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01150FCD
    .text C:\WINDOWS\Explorer.EXE[1604] msvcrt.dll!system 77C293C7 5 Bytes JMP 0115004E
    .text C:\WINDOWS\Explorer.EXE[1604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01150029
    .text C:\WINDOWS\Explorer.EXE[1604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0115000C
    .text C:\WINDOWS\Explorer.EXE[1604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01150FDE
    .text C:\WINDOWS\Explorer.EXE[1604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01150FEF
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01160FDB
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01160F8D
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0116002C
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0116001B
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01160FA8
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0116000A
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01160FB9
    .text C:\WINDOWS\Explorer.EXE[1604] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01160FCA
    .text C:\WINDOWS\Explorer.EXE[1604] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 01140FDE
    .text C:\WINDOWS\Explorer.EXE[1604] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 01140FEF
    .text C:\WINDOWS\Explorer.EXE[1604] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 01140020
    .text C:\WINDOWS\Explorer.EXE[1604] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 01140FCD
    .text C:\WINDOWS\Explorer.EXE[1604] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01290FEF
    .text C:\WINDOWS\System32\svchost.exe[1716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006A0FEF
    .text C:\WINDOWS\System32\svchost.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006A0FD4
    .text C:\WINDOWS\System32\svchost.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A0000
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00720000
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0072007F
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0072006E
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00720F94
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00720051
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00720036
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00720F48
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0072009A
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007200D0
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00720F37
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00720F1C
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00720FAF
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0072001B
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00720F6F
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00720FCA
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00720FE5
    .text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007200AB
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006D002F
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006D0F8D
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006D0014
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006D0FDE
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006D0F9E
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006D0FEF
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006D004A
    .text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006D0FC3
    .text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0042
    .text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FB7
    .text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0FD2
    .text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FEF
    .text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0027
    .text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C000C
    .text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006B0000
    .text C:\WINDOWS\System32\svchost.exe[1992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062000A
    .text C:\WINDOWS\System32\svchost.exe[1992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00620036
    .text C:\WINDOWS\System32\svchost.exe[1992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0062001B
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760000
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760F92
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760087
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760076
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0076005B
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760FC3
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007600CE
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007600B3
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00760F50
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007600E9
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00760F3F
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0076004A
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00760FE5
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007600A2
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0076002F
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00760FD4
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00760F61
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00750040
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0075007D
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00750FE5
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0075001B
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0075006C
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0075000A
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00750FCA
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00750051
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FA6
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650031
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FD2
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FE3
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FB7
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0065000C
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 0064001B
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00640000
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00640036
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00640051
    .text C:\WINDOWS\System32\svchost.exe[1992] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00630FE5
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] kernel32.dll!FindResourceW 7C80BBDE 5 Bytes JMP 00440980 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] kernel32.dll!FindResourceA 7C80BE99 5 Bytes JMP 00440930 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] USER32.dll!LoadStringW 77D49C36 5 Bytes JMP 00440FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] USER32.dll!LoadMenuW 77D51B2C 5 Bytes JMP 00440B40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] USER32.dll!CreateDialogParamA 77D65EA0 5 Bytes JMP 004409D0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] USER32.dll!CreateDialogParamW 77D6629F 5 Bytes JMP 00440A50 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] USER32.dll!LoadStringA 77D6EC98 5 Bytes JMP 00441110 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2568] USER32.dll!LoadMenuA 77D7F7A3 5 Bytes JMP 00440AD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\WINDOWS\System32\svchost.exe[3972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
    .text C:\WINDOWS\System32\svchost.exe[3972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090036
    .text C:\WINDOWS\System32\svchost.exe[3972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0067
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F72
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F83
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F94
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FAF
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B009F
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F57
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00C4
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F2B
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B00DF
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0040
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FDE
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0082
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0025
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B000A
    .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B0F3C
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00290FB9
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0029002F
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00290FD4
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0029000A
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00290F7C
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00290F8D
    .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00290F9E
    .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0044
    .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FB9
    .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FEF
    .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
    .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FDE
    .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0029
    .text C:\WINDOWS\System32\svchost.exe[3972] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003C0FEF

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  2. mrbaker

    mrbaker Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    4
    Couldn't upload an attachment on the original.
     

    Attached Files:

  3. mrbaker

    mrbaker Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    4
  4. mrbaker

    mrbaker Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    4
    Reinstalled Windows
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028229

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice