1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Website redirect virus-rundll

Discussion in 'Virus & Other Malware Removal' started by PrestigeWW, Dec 20, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. PrestigeWW

    PrestigeWW Thread Starter

    Joined:
    Dec 20, 2011
    Messages:
    5
    Hello Techs,

    My computer recently became infected with malware. Windows Host Process prompts kept popping up asking me to authorize the running of rundll.exe and each time I denied access the prompt would reappear. In addition, while using google, I was being redirected to random web pages. Some of these seemed like legitimate web pages but others were mostly blank white pages with very long and seemingly random urls.

    I rebooted my computer in safe mode and ran an (updated) version of malwarebytes, which found 9 pieces of malware (I've pasted the log below). I have since run malware bytes 2 more times (once again in safe mode and once in normal mode) and the program is no longer finding malware.

    The Windows Host Process prompts have stopped. However, I am still being redirected to random websites. I'm not sure where to go from here since my knowledge of malware removal unfortunately does not go beyond malwarebytes.

    I have a Dell Inspiron 1520 with Vista and I use firefox version 3.6.24, if this helps.

    I would very much appreciate any help you could give me!




    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8394

    Windows 6.0.6001 Service Pack 1 (Safe Mode)
    Internet Explorer 7.0.6001.18000

    12/18/2011 11:57:53 PM
    mbam-log-2011-12-18 (23-57-53).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 332171
    Time elapsed: 1 hour(s), 5 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 4
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DirectxTrayVerifier (Trojan.SHarpro.PGen) -> Value: DirectxTrayVerifier -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PokerStarsData (Trojan.SHarpro.PGen) -> Value: PokerStarsData -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Logitech Update (Trojan.SHarpro.PGen) -> Value: Logitech Update -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-1738796624 (Trojan.Agent.Gen) -> Value: -1738796624 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\directxtrayverifier.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
    c:\Users\Dan\AppData\Local\pokerstars\pokerstarsdata\pokerstarsdata.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
    c:\Users\Dan\AppData\Local\pokerstars\pokerstarsupdate\pokerstarsupdt32.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
    c:\Users\Dan\AppData\Local\temp\nssE0E.tmp\vfpngjr.mbx (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
     
  2. PrestigeWW

    PrestigeWW Thread Starter

    Joined:
    Dec 20, 2011
    Messages:
    5
    Here are the requested scans:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:26:13 PM, on 12/20/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18639)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Dan\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11988 bytes







    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
    Run by Dan at 19:29:51 on 2011-12-20
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.923 [GMT -5:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\runservice.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Dan\Downloads\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\dan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stupas~1.lnk - c:\program files\common files\nikon\utilities\StupAssist.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{18B79DC5-6020-453C-A618-CCD108883895} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{95D20DC5-4C43-418D-9680-78610928AA08} : DhcpNameServer = 196.40.3.8 196.40.3.9
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\wcvk3gxy.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 63111
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: XUL Cache: {304a3614-3c69-4509-a6cd-bd28e93ed062} - %profile%\extensions\{304a3614-3c69-4509-a6cd-bd28e93ed062}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-5 344712]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-11-26 2560]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-6 366152]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-7-5 69192]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-6 22216]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-5 91896]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-5 43192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-28 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-5 66536]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-12-19 20:35:07 825 --sha-w- c:\windows\system32\mmf.sys
    .
    ============= FINISH: 19:31:40.82 ===============






    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-20 20:31:55
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9160821AS rev.3.CDD
    Running: rdxoopcq.exe; Driver: C:\Users\Dan\AppData\Local\Temp\ugloapog.sys


    ---- System - GMER 1.0.15 ----

    INT 0x01 \??\C:\Users\Dan\AppData\Local\Temp\mbr.sys 9D262C42

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x88188918]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8818892C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88188992]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8818896A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x88188956]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x881889C1]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x881889A8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8818897E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x88188942]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 81E621A0 5 Bytes JMP 88188982 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateUserProcess 82003E26 5 Bytes JMP 88188946 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 8201E2F0 5 Bytes JMP 881889C5 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 8205FAFE 7 Bytes JMP 88188996 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82060155 5 Bytes JMP 881889AC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 8206FA24 5 Bytes JMP 8818895A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 820CF72B 5 Bytes JMP 8818891C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 820CF776 7 Bytes JMP 88188930 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 820D0233 5 Bytes JMP 8818896E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC02340, 0x345217, 0xE8000020]
    ? C:\Users\Dan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[344] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 004A0FE5
    .text C:\Windows\system32\svchost.exe[344] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 004A0011
    .text C:\Windows\system32\svchost.exe[344] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 004A0000
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 0048006C
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 0048005B
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 0048009B
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00480EFA
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 0048002C
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00480F94
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 0048001B
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00480000
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00480F41
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00480F5E
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00480F83
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00480F30
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 004800B6
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00480FCA
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00480FE5
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00480FAF
    .text C:\Windows\system32\svchost.exe[344] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 00480F15
    .text C:\Windows\system32\svchost.exe[344] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 0036003B
    .text C:\Windows\system32\svchost.exe[344] msvcrt.dll!system 766D8B63 5 Bytes JMP 00360FB0
    .text C:\Windows\system32\svchost.exe[344] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 0036000C
    .text C:\Windows\system32\svchost.exe[344] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00360FEF
    .text C:\Windows\system32\svchost.exe[344] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00360FC1
    .text C:\Windows\system32\svchost.exe[344] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00360FD2
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00490F72
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00490F9E
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00490000
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00490F83
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00490F57
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00490FD4
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00490FE5
    .text C:\Windows\system32\svchost.exe[344] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00490FB9
    .text C:\Windows\System32\svchost.exe[376] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00170FEF
    .text C:\Windows\System32\svchost.exe[376] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 0017000A
    .text C:\Windows\System32\svchost.exe[376] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00170FD4
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00150F52
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 00150F63
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 001500D1
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00150F30
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 0015007D
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00150025
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 0015006C
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 0015004A
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00150F88
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 0015005B
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00150FC3
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 0015008E
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 00150F1F
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00150FE5
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00150000
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00150FD4
    .text C:\Windows\System32\svchost.exe[376] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 00150F41
    .text C:\Windows\System32\svchost.exe[376] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00130047
    .text C:\Windows\System32\svchost.exe[376] msvcrt.dll!system 766D8B63 5 Bytes JMP 00130036
    .text C:\Windows\System32\svchost.exe[376] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00130000
    .text C:\Windows\System32\svchost.exe[376] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00130FEF
    .text C:\Windows\System32\svchost.exe[376] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 0013001B
    .text C:\Windows\System32\svchost.exe[376] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00130FC6
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00160040
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00160FB9
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00160000
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00160F9E
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00160051
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00160FCA
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00160FE5
    .text C:\Windows\System32\svchost.exe[376] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 0016001B
    .text C:\Windows\System32\svchost.exe[376] WS2_32.dll!socket 769536D1 5 Bytes JMP 00140FEF
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!TrackPopupMenu 77A31417 2 Bytes JMP 65E76996 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[496] USER32.dll!TrackPopupMenu + 3 77A3141A 2 Bytes [44, EE] {INC ESP; OUT DX, AL }
    .text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 000A0FEF
    .text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 000A0FC3
    .text C:\Windows\system32\services.exe[664] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 000A0FD4
    .text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00080F72
    .text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 000800B8
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 000800E4
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 000800C9
    .text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00080F94
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00080036
    .text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 00080FA5
    .text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00080062
    .text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00080F83
    .text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00080FB6
    .text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00080051
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00080093
    .text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 00080F32
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00080FEF
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 0008000A
    .text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00080025
    .text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 00080F4D
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00090065
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00090036
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00090000
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00090FB9
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00090FA8
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00090025
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00090FEF
    .text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00090FCA
    .text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00060031
    .text C:\Windows\system32\services.exe[664] msvcrt.dll!system 766D8B63 5 Bytes JMP 00060FA6
    .text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00060FC1
    .text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00060FEF
    .text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00060020
    .text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00060FD2
    .text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 769536D1 5 Bytes JMP 00070000
    .text C:\Windows\system32\lsass.exe[676] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00830000
    .text C:\Windows\system32\lsass.exe[676] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00830FE5
    .text C:\Windows\system32\lsass.exe[676] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00830011
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 000E009F
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 000E008E
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 000E00CB
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 000E00B0
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 000E0F63
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 000E0FD4
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 000E0F7E
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 000E0047
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 000E0058
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 000E0FA5
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 000E0036
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 000E0073
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 000E00DC
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 000E0025
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 000E0000
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 000E0FEF
    .text C:\Windows\system32\lsass.exe[676] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 000E0F34
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00820F8A
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 0082001B
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00820000
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 0082002C
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00820F79
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00820FC0
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00820FDB
    .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00820FAF
    .text C:\Windows\system32\lsass.exe[676] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 000C0FB7
    .text C:\Windows\system32\lsass.exe[676] msvcrt.dll!system 766D8B63 5 Bytes JMP 000C0038
    .text C:\Windows\system32\lsass.exe[676] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 000C0FD2
    .text C:\Windows\system32\lsass.exe[676] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 000C0FEF
    .text C:\Windows\system32\lsass.exe[676] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 000C0027
    .text C:\Windows\system32\lsass.exe[676] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 000C000C
    .text C:\Windows\system32\lsass.exe[676] WS2_32.dll!socket 769536D1 5 Bytes JMP 000D0000
    .text C:\Windows\system32\svchost.exe[824] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 0090000A
    .text C:\Windows\system32\svchost.exe[824] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00900FCA
    .text C:\Windows\system32\svchost.exe[824] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00900FE5
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 008E0F54
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 008E0F6F
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 008E0F03
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 008E0F1E
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 008E0F9B
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 008E0FC7
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 008E0075
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 008E004E
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 008E0090
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 008E0FAC
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 008E0033
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 008E0F80
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 008E00BF
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 008E0011
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 008E0000
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 008E0022
    .text C:\Windows\system32\svchost.exe[824] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 008E0F39
    .text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 0035004E
    .text C:\Windows\system32\svchost.exe[824] msvcrt.dll!system 766D8B63 5 Bytes JMP 00350FB9
    .text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00350018
    .text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00350FEF
    .text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00350029
    .text C:\Windows\system32\svchost.exe[824] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00350FDE
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 008F0F94
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 008F0025
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 008F0000
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 008F0040
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 008F0F83
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 008F0FCA
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 008F0FE5
    .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 008F0FB9
    .text C:\Windows\system32\svchost.exe[824] WS2_32.dll!socket 769536D1 5 Bytes JMP 00360FEF
    .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00350000
    .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00350FCA
    .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00350FDB
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 002E00AC
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 002E0091
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 002E00C7
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 002E0F30
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 002E0F5C
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 002E0FAF
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 002E0036
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 002E001B
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 002E005B
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 002E0F79
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 002E0F94
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 002E0076
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 002E0F1F
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 002E0FDB
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 002E0000
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 002E0FC0
    .text C:\Windows\system32\svchost.exe[888] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 002E0F41
    .text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 002C0FC8
    .text C:\Windows\system32\svchost.exe[888] msvcrt.dll!system 766D8B63 5 Bytes JMP 002C0053
    .text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 002C0FE3
    .text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 002C0000
    .text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 002C0038
    .text C:\Windows\system32\svchost.exe[888] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 002C0011
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00340F97
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00340FA8
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00340FEF
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00340039
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00340F86
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00340FDE
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 0034000A
    .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00340FCD
    .text C:\Windows\system32\svchost.exe[888] WS2_32.dll!socket 769536D1 5 Bytes JMP 002D0000
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 003B0000
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 003B0022
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 003B0011
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00390F4B
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 00390087
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 00390F26
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 003900C7
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00390F77
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00390FCA
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 00390051
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00390FAF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00390076
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00390F94
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00390036
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00390F66
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 003900D8
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 0039000A
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00390FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 0039001B
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 003900AC
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00250033
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] msvcrt.dll!system 766D8B63 5 Bytes JMP 00250FA8
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00250018
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00250FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00250FB9
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00250FDE
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 003A0036
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 003A0F94
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 003A0FE5
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 003A001B
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 003A0F79
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 003A0000
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 3 Bytes JMP 003A0FD4
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegOpenKeyW + 4 77AE3CB4 1 Byte [88]
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 3 Bytes JMP 003A0FAF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] ADVAPI32.dll!RegOpenKeyExW + 4 77AEF0A1 1 Byte [88]
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1004] WS2_32.dll!socket 769536D1 5 Bytes JMP 00280FEF
    .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 01020000
    .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 01020FEF
    .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 01020025
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 0100006A
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 01000F2E
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 0100007B
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 01000EE4
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 01000F7F
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 0100001E
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 01000F90
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 01000043
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 01000F5A
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 01000FA1
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 01000FB2
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 01000F3F
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 0100008C
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 01000FDE
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 01000FEF
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 01000FCD
    .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 01000EFF
    .text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00D60051
    .text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!system 766D8B63 5 Bytes JMP 00D60FBC
    .text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00D6002C
    .text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00D60000
    .text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00D60FD7
    .text C:\Windows\System32\svchost.exe[1032] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00D60011
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 01010F9E
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 0101002F
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 01010FEF
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 0101004A
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 01010F8D
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 01010FC3
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 01010FDE
    .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 0101001E
    .text C:\Windows\System32\svchost.exe[1032] WS2_32.dll!socket 769536D1 5 Bytes JMP 00D70000
    .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 016C0FEF
    .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 016C0FD4
    .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 016C000A
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 01660087
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 0166006C
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 016600A2
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 01660F0B
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 01660F5C
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 01660FAF
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 01660036
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 01660F9E
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 01660F41
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 01660F83
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 01660025
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 0166005B
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 01660EF0
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 01660FDB
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 01660000
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 01660FC0
    .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 01660F26
    .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 01600F7F
    .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!system 766D8B63 5 Bytes JMP 01600F9A
    .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 01600000
    .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 01600FEF
    .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 01600FAB
    .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 01600FD2
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 01670F8D
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 0167002F
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 01670FEF
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 01670FA8
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 01670F7C
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 01670FC3
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 01670FDE
    .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 01670014
    .text C:\Windows\System32\svchost.exe[1100] WS2_32.dll!socket 769536D1 5 Bytes JMP 01650FEF
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 01290FE5
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 01290FD4
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 01290000
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00DF0F44
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 00DF0F55
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 00DF00C0
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00DF00AF
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00DF0F81
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00DF0040
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 00DF0065
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00DF0FB9
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00DF0076
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00DF0FA8
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00DF0FCA
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00DF0F70
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 00DF0F04
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00DF001B
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00DF000A
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00DF0FEF
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 00DF0F33
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00DD0051
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!system 766D8B63 5 Bytes JMP 00DD0040
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00DD0FD7
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00DD0000
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00DD0FC6
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00DD0011
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 01280051
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 01280FC0
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 01280000
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 01280FAF
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 01280062
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 0128001B
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 01280FE5
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 0128002C
    .text C:\Windows\system32\svchost.exe[1112] WS2_32.dll!socket 769536D1 5 Bytes JMP 00DE0FEF
    .text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenA 76E30A4D 5 Bytes JMP 02000FEF
    .text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlA 76E32713 5 Bytes JMP 02000014
    .text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenW 76E330C8 5 Bytes JMP 02000FDE
    .text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlW 76E88515 5 Bytes JMP 02000FC3
    .text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00E60FE5
    .text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00E60FCA
    .text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00E60000
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00E200D8
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 00E200BD
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 00E20F5C
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00E20F6D
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00E20091
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00E20047
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 00E20FB9
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00E20FCA
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00E20F9C
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00E2006C
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00E20FE5
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00E200AC
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 00E20F4B
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00E2001B
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00E2000A
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00E2002C
    .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 00E200F3
    .text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 0010002F
    .text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!system 766D8B63 5 Bytes JMP 00100FA4
    .text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00100FB5
    .text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00100FE3
    .text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 0010000A
    .text C:\Windows\system32\svchost.exe[1316] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00100FD2
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00E40FB2
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00E40FC3
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00E40000
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00E4004A
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00E40079
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00E40025
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00E40FEF
    .text C:\Windows\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00E40FD4
    .text C:\Windows\system32\svchost.exe[1316] WS2_32.dll!socket 769536D1 5 Bytes JMP 00E10FEF
    .text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenA 76E30A4D 5 Bytes JMP 00E30000
    .text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenUrlA 76E32713 5 Bytes JMP 00E3001B
    .text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenW 76E330C8 5 Bytes JMP 00E30FE5
    .text C:\Windows\system32\svchost.exe[1316] WinInet.dll!InternetOpenUrlW 76E88515 5 Bytes JMP 00E30036
    .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 0097000A
    .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00970FDE
    .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00970FEF
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 007F0079
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 007F0F33
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 007F00B6
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 007F00A5
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 007F0F44
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 007F0FB2
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 007F0F61
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 007F0F97
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 007F0039
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 007F0F72
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 007F001E
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 007F0054
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 007F00D1
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 007F0FD4
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 007F0FEF
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 007F0FC3
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 007F008A
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00790073
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!system 766D8B63 5 Bytes JMP 00790058
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00790022
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00790000
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00790033
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00790011
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00960F8D
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00960FB9
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00960000
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00960FA8
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00960F72
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00960FDE
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00960FEF
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00960025
    .text C:\Windows\system32\svchost.exe[1500] WS2_32.dll!socket 769536D1 5 Bytes JMP 007E0FEF
    .text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 01780FEF
    .text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 01780000
    .text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 01780FCA
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 014D0082
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 014D0067
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 014D00AE
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 014D0F17
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 014D0F72
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 014D0FAF
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 014D0F83
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 014D0036
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 014D0F57
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 014D0F94
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 014D001B
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 014D0F3C
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 014D0F06
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 014D0FD4
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 014D0FEF
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 014D0000
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 014D0093
    .text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 014B0FBE
    .text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!system 766D8B63 5 Bytes JMP 014B0049
    .text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 014B002E
    .text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 014B0000
    .text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 014B0FD9
    .text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 014B001D
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 0177006C
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 01770051
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 01770FEF
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 01770FCA
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 0177007D
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 0177001B
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 01770000
    .text C:\Windows\system32\svchost.exe[1776] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 0177002C
    .text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!socket 769536D1 5 Bytes JMP 014C0000
    .text C:\Windows\system32\svchost.exe[2080] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 001D0FEF
    .text C:\Windows\system32\svchost.exe[2080] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 001D001B
    .text C:\Windows\system32\svchost.exe[2080] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 001D000A
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 001B0F44
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 001B008A
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 001B0F1F
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 001B00C0
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 001B0F8B
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 001B002F
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 001B0FA8
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 001B0FB9
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 001B0F70
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 001B0065
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 001B004A
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 001B0F5F
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 001B00D1
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 001B0000
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 001B0FEF
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 001B0FD4
    .text C:\Windows\system32\svchost.exe[2080] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 001B00A5
    .text C:\Windows\system32\svchost.exe[2080] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00110F9C
    .text C:\Windows\system32\svchost.exe[2080] msvcrt.dll!system 766D8B63 5 Bytes JMP 00110027
    .text C:\Windows\system32\svchost.exe[2080] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 0011000C
    .text C:\Windows\system32\svchost.exe[2080] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00110FEF
    .text C:\Windows\system32\svchost.exe[2080] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00110FB7
    .text C:\Windows\system32\svchost.exe[2080] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00110FD2
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 001C002C
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 001C0F8A
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 001C0FE5
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 001C0011
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 001C0047
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 001C0FC0
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 001C0000
    .text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 001C0FA5
    .text C:\Windows\system32\svchost.exe[2080] WS2_32.dll!socket 769536D1 5 Bytes JMP 00120000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00A50FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00A50FDE
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00A50014
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 009E00A7
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 009E0F61
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 009E00E7
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 009E0F46
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 009E0F97
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 009E0FCA
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 009E0071
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 009E0FB9
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 009E0F7C
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 009E0FA8
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 009E0036
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 009E008C
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 009E0F35
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 009E0000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 009E0FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 009E001B
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 009E00C2
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 003E005D
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!system 766D8B63 5 Bytes JMP 003E004C
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 003E0027
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 003E0000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 003E0FD2
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 003E0FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00A40036
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00A40FB9
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00A40FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00A40F94
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00A40F6F
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00A40FD4
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00A4000A
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00A40025
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] WS2_32.dll!socket 769536D1 5 Bytes JMP 003F0000
    .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00DB000A
    .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00DB0FEF
    .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00DB001B
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00D90F52
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 00D90F6D
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 00D900CE
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00D900BD
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00D9007D
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00D90033
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 00D90F99
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00D90FD1
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00D9008E
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00D90FB6
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00D90058
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00D90F7E
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 00D900E9
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00D90011
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00D90000
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00D90022
    .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 00D90F41
    .text C:\Windows\system32\svchost.exe[2456] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00720FB2
    .text C:\Windows\system32\svchost.exe[2456] msvcrt.dll!system 766D8B63 5 Bytes JMP 00720FC3
    .text C:\Windows\system32\svchost.exe[2456] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00720033
    .text C:\Windows\system32\svchost.exe[2456] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00720000
    .text C:\Windows\system32\svchost.exe[2456] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00720FD4
    .text C:\Windows\system32\svchost.exe[2456] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00720FEF
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00DA001E
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00DA0F97
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00DA0FEF
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00DA0F72
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 00DA0F61
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 00DA0FC3
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00DA0FD4
    .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00DA0FA8
    .text C:\Windows\system32\svchost.exe[2456] WS2_32.dll!socket 769536D1 5 Bytes JMP 0078000A
    .text C:\Windows\System32\svchost.exe[2492] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00080000
    .text C:\Windows\System32\svchost.exe[2492] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00080FCA
    .text C:\Windows\System32\svchost.exe[2492] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00080FDB
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00060064
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 00060053
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 000600A4
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00060F03
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00060038
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00060FC0
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 00060F5E
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 00060F8A
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00060F43
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00060F79
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00060FAF
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00060F28
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 000600B5
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00060FE5
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00060000
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00060011
    .text C:\Windows\System32\svchost.exe[2492] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 0006007F
    .text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00050F81
    .text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!system 766D8B63 5 Bytes JMP 00050F92
    .text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00050FC8
    .text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00050FEF
    .text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 00050FAD
    .text C:\Windows\System32\svchost.exe[2492] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 0005000C
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00070FAF
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00070FCA
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 0007000A
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00070047
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 0007006C
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 0007002C
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 0007001B
    .text C:\Windows\System32\svchost.exe[2492] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00070FDB
    .text C:\Windows\System32\svchost.exe[2492] WS2_32.dll!socket 769536D1 5 Bytes JMP 00130000
    .text C:\Windows\Explorer.EXE[3524] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 02F30000
    .text C:\Windows\Explorer.EXE[3524] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 02F30FDB
    .text C:\Windows\Explorer.EXE[3524] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 02F30011
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 02E40F5F
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 02E4009B
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 02E40F44
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 02E400DB
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 02E40F8B
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 02E40FD4
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 02E40065
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 02E4004A
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 02E40080
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 02E40FA8
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 02E40FC3
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 02E40F70
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 02E400F6
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 02E4000A
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 02E40FEF
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 02E4001B
    .text C:\Windows\Explorer.EXE[3524] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 02E400CA
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 02F20FCA
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 02F20047
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 02F20FE5
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 02F2006C
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 02F20087
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 02F2001B
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 02F2000A
    .text C:\Windows\Explorer.EXE[3524] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 02F2002C
    .text C:\Windows\Explorer.EXE[3524] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 01C7004E
    .text C:\Windows\Explorer.EXE[3524] msvcrt.dll!system 766D8B63 5 Bytes JMP 01C7003D
    .text C:\Windows\Explorer.EXE[3524] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 01C70018
    .text C:\Windows\Explorer.EXE[3524] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 01C70FEF
    .text C:\Windows\Explorer.EXE[3524] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 01C70FC3
    .text C:\Windows\Explorer.EXE[3524] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 01C70FDE
    .text C:\Windows\Explorer.EXE[3524] WS2_32.dll!socket 769536D1 5 Bytes JMP 02B1000A
    .text C:\Windows\Explorer.EXE[3524] WININET.dll!InternetOpenA 76E30A4D 5 Bytes JMP 00840000
    .text C:\Windows\Explorer.EXE[3524] WININET.dll!InternetOpenUrlA 76E32713 5 Bytes JMP 00840FCA
    .text C:\Windows\Explorer.EXE[3524] WININET.dll!InternetOpenW 76E330C8 5 Bytes JMP 00840FE5
    .text C:\Windows\Explorer.EXE[3524] WININET.dll!InternetOpenUrlW 76E88515 5 Bytes JMP 0084001B
    .text C:\Windows\system32\wuauclt.exe[4156] ntdll.dll!NtCreateFile 77BD7C78 5 Bytes JMP 00040000
    .text C:\Windows\system32\wuauclt.exe[4156] ntdll.dll!NtCreateProcess 77BD7D38 5 Bytes JMP 00040FDE
    .text C:\Windows\system32\wuauclt.exe[4156] ntdll.dll!NtProtectVirtualMemory 77BD85D8 5 Bytes JMP 00040FEF
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!GetStartupInfoW 76981929 5 Bytes JMP 00010F46
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!GetStartupInfoA 769819C9 5 Bytes JMP 0001008C
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreateProcessW 76981C01 5 Bytes JMP 000100D6
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreateProcessA 76981C36 5 Bytes JMP 00010F35
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!VirtualProtect 76981DD1 5 Bytes JMP 00010F7C
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreateNamedPipeW 76985C44 5 Bytes JMP 00010FC3
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!LoadLibraryExW 769A374A 5 Bytes JMP 0001004A
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!LoadLibraryW 769A382D 5 Bytes JMP 0001002F
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!VirtualProtectEx 769A8F5E 5 Bytes JMP 00010071
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!LoadLibraryExA 769A9649 5 Bytes JMP 00010F8D
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!LoadLibraryA 769A9671 5 Bytes JMP 00010FA8
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreatePipe 769B0474 5 Bytes JMP 00010F61
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!GetProcAddress 769CBAC6 5 Bytes JMP 000100E7
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreateFileW 769CCE4E 5 Bytes JMP 00010FE5
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreateFileA 769CD171 5 Bytes JMP 00010000
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!CreateNamedPipeA 76A1462E 5 Bytes JMP 00010FD4
    .text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!WinExec 76A1580B 5 Bytes JMP 000100A7
    .text C:\Windows\system32\wuauclt.exe[4156] msvcrt.dll!_wsystem 766D8A47 5 Bytes JMP 00070069
    .text C:\Windows\system32\wuauclt.exe[4156] msvcrt.dll!system 766D8B63 5 Bytes JMP 00070058
    .text C:\Windows\system32\wuauclt.exe[4156] msvcrt.dll!_creat 766DC6F1 5 Bytes JMP 00070022
    .text C:\Windows\system32\wuauclt.exe[4156] msvcrt.dll!_open 766DDA7E 5 Bytes JMP 00070000
    .text C:\Windows\system32\wuauclt.exe[4156] msvcrt.dll!_wcreat 766DDC9E 5 Bytes JMP 0007003D
    .text C:\Windows\system32\wuauclt.exe[4156] msvcrt.dll!_wopen 766DDE79 5 Bytes JMP 00070011
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegCreateKeyExA 77ACB5E7 5 Bytes JMP 00080FA1
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegCreateKeyA 77ACB8AE 5 Bytes JMP 00080FBC
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegOpenKeyA 77AD0BF5 5 Bytes JMP 00080FEF
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegCreateKeyW 77ADB83D 5 Bytes JMP 00080043
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegCreateKeyExW 77ADBCE1 5 Bytes JMP 0008005E
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegOpenKeyExA 77ADD4E8 5 Bytes JMP 0008001E
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegOpenKeyW 77AE3CB0 5 Bytes JMP 00080FDE
    .text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!RegOpenKeyExW 77AEF09D 5 Bytes JMP 00080FCD
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5952] ntdll.dll!LdrLoadDll 77BA79B3 5 Bytes JMP 002F131F C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\mfevtps.exe[612] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040567A] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004056B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Skype\Phone\Skype.exe[2664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02172F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Skype\Phone\Skype.exe[2664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [02172CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Skype\Phone\Skype.exe[2664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02172C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Skype\Phone\Skype.exe[2664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02172CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74CD8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D19855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74CDB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74CCFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74CD7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74CCEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D0B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74CDBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74CD0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74CD06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74CC71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D5D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74CF7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74CCE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74CC697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74CC69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74CD2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  3. PrestigeWW

    PrestigeWW Thread Starter

    Joined:
    Dec 20, 2011
    Messages:
    5
    Bump, please

    I'm still having trouble ridding my computer of this virus. I've since run superantispyware and tdsskiller to no avail. McAfee scans have been revealing tojans:

    12/21/2011 7:07:00 PM Deleted Dan ODS c:\Documents and Settings\Dan\AppData\Local\temp\nssE0E.tmp\z4eixg7.uqn Generic Dropper!1g3 (Trojan)

    12/22/2011 8:26:58 PM Deleted DANCO-PC\Dan C:\Windows\Explorer.EXE C:\Users\Dan\AppData\Local\temp\slp1475694741777846153.tmp Generic Dropper!1gc (Trojan)

    However, the problem persists exactly as before.

    I've been searching around the forum and other sites and have seen other people with the same problem, but I am afraid to run other programs I've heard about (such as ComboFix) without an expert's help for fear of deleting some important registry object or an important windows file.

    If any other logs/info is needed, please let me know.

    Thanks!
     
  4. PrestigeWW

    PrestigeWW Thread Starter

    Joined:
    Dec 20, 2011
    Messages:
    5
    Bump. Still looking for some help please, didn't get everything I wanted for Christmas-this virus is still here :(
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the following and post the log:

    Download RogueKiller to your desktop

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 1 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next Reply.

    Kevin
     
  6. PrestigeWW

    PrestigeWW Thread Starter

    Joined:
    Dec 20, 2011
    Messages:
    5
    Thank you for the reply, but I have received help on a different forum and the issue has been resolved. Please feel free to delete this thread.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Good to hear and thanks for letting us know....
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Website redirect virus
  1. OncomingStorm
    Replies:
    11
    Views:
    719
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1032137

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice