1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Internet Explorer error message

Discussion in 'Virus & Other Malware Removal' started by boffo1234567, Sep 22, 2010.

Thread Status:
Not open for further replies.
  1. boffo1234567

    boffo1234567 Thread Starter

    Joined:
    Nov 13, 2007
    Messages:
    6
    Hello Sir;


    I am running Micro-Soft windows operating system XP and have Internet Explorer 8 as my Internet browser. Recently I have been getting this Windows Internet Explorer error message. Stating that “Internet Explorer cannot open the Internet site (some internet site) Operation aborted” This has been happening much more frequently. I used my Yahoo Browser to go to the same site with the same result. These are Internet sites I have beento before and had no problem with. I have to close IE 8 because the browser seems stuck/busy. This happens about 8 out of 10 Web sites - but not all. I have MaCaffe antivirus and superanti-spy ware. Both find nothing when I use them.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:57:32 AM, on 9/22/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flickr.com/activity/photostream/?beta_toto_2=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gapethatass.net/entry1.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: (no name) - {33973600-925A-11D9-A1F6-9234C84D2622} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195591567296
    O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

    --
    End of file - 9665 bytes


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by HP_Administrator at 11:58:50.07 on Wed 09/22/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2433 [GMT -5:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    svchost.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\antivirus software new and logs\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.flickr.com/activity/photostream/?beta_toto_2=1
    uInternet Connection Wizard,ShellNext = hxxp://www.gapethatass.net/entry1.html
    uInternet Settings,ProxyOverride = 127.0.0.1
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
    BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    TB: {33973600-925A-11D9-A1F6-9234C84D2622} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591567296
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-18 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-18 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-18 144704]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-18 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-18 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-18 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-18 40552]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-18 34248]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

    =============== Created Last 30 ================

    2010-09-22 16:24:16 0 d-----w- C:\antivirus software new and logs
    2010-09-22 16:21:54 525824 ----a-w- C:\dds.scr
    2010-09-22 15:32:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-22 04:00:10 0 d-----w- c:\windows\system32\wbem\Repository
    2010-09-08 17:04:42 0 d-----w- C:\Bears schedule
    2010-09-08 17:04:29 0 d-----w- C:\New Folder
    2010-09-01 16:15:38 0 d-----w- C:\Pic Camera 7
    2010-08-27 16:41:28 0 d-----w- C:\Mpeg to dvd aurora
    2010-08-27 03:37:57 0 d-----w- C:\aaa mpg 3 files
    2010-08-25 17:47:06 0 d-----w- C:\Pano tools

    ==================== Find3M ====================

    2010-09-22 16:53:29 40902 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
    2010-09-19 20:19:42 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
    2006-07-18 22:36:47 22 --sha-w- c:\windows\sminst\HPCD.sys
    2010-04-06 20:01:37 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2009-05-19 15:36:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051920090520\index.dat

    ============= FINISH: 11:59:36.18 ===============





    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-22 15:09:45
    Windows 5.1.2600 Service Pack 3
    Running: bl9tg3cj.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kfwyafod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB4AA978A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB4AA9821]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB4AA9738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB4AA974C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB4AA9835]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB4AA9861]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB4AA98CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB4AA98B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB4AA97CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB4AA98FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB4AA980D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB4AA9710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB4AA9724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB4AA979E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB4AA9937]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB4AA98A3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB4AA988D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB4AA984B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB4AA9923]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB4AA990F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB4AA9776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB4AA9762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB4AA9877]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB4AA97F9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB4AA98E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB4AA97E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB4AA97B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B4AA97B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B4AA978E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B4AA97CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B4AA97E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B4AA97A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B4AA9714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B4AA9728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B4AA9766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B4AA9750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B4AA973C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B4AA977A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B4AA97FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP B4AA9891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP B4AA987B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP B4AA98E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP B4AA98A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP B4AA984F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP B4AA9825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 3 Bytes JMP B4AA9839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey + 4 80623C44 3 Bytes [34, 90, 90] {XOR AL, 0x90; NOP }
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP B4AA9865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP B4AA98D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP B4AA98BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP B4AA9811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP B4AA993B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP B4AA9913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP B4AA9927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP B4AA98FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F6F
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F8A
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070064
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FA5
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC7
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F37
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0007007F
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700B5
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700A4
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070EF7
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB6
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F54
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007003D
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007002C
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F26
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FD1
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F9B
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002C
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060058
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060047
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FC0
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050047
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005002C
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC6
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005001B
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050000
    .text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20F66
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D2005B
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F81
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20F9E
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20025
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D20F2E
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20076
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F13
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D200AC
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20F02
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20040
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20FEF
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20F4B
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FB9
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FDE
    .text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D2009B
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D1000A
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10F68
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FB9
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10FD4
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10F79
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10FE5
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D10F94
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F1, 88]
    .text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D1001B
    .text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00056
    .text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FC1
    .text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FD2
    .text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00000
    .text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00031
    .text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FE3
    .text C:\WINDOWS\system32\lsass.exe[744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0062
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F77
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0051
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0040
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FAF
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD009F
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD008E
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00B0
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0F17
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD00D5
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F9E
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FE5
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0073
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FCA
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD001B
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F32
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0036
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0F97
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0025
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC0FEF
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC0FB2
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC000A
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FC0FC3
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1C, 89] {SBB AL, 0x89}
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0FD4
    .text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0064
    .text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB003F
    .text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB001D
    .text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FEF
    .text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB002E
    .text C:\WINDOWS\system32\svchost.exe[896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB000C
    .text C:\WINDOWS\system32\svchost.exe[896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA00A4
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0089
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0FAF
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0FC0
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA005B
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F6D
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F7E
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0106
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00F5
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA012B
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA006C
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0025
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA00B5
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0036
    .text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00D0
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FB6
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90F80
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90011
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90FE5
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90F91
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90000
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B90033
    .text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90022
    .text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80011
    .text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80F86
    .text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FBC
    .text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80000
    .text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80FAB
    .text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FD7
    .text C:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05E90000
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05E9008E
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05E9007D
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05E9006C
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 05E9005B
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05E90FB9
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05E900D5
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05E900BA
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05E90F57
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05E90F68
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 05E90F46
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 05E9004A
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 05E90FE5
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 05E900A9
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 05E90FD4
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 05E90025
    .text C:\WINDOWS\System32\svchost.exe[1020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 05E900E6
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05E80022
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05E80F9E
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05E80011
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05E80000
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05E80051
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05E80FEF
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 05E80FAF
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 8E]
    .text C:\WINDOWS\System32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05E80FC0
    .text C:\WINDOWS\System32\svchost.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05A3005F
    .text C:\WINDOWS\System32\svchost.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 05A30044
    .text C:\WINDOWS\System32\svchost.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05A30FDE
    .text C:\WINDOWS\System32\svchost.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05A30FEF
    .text C:\WINDOWS\System32\svchost.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05A30033
    .text C:\WINDOWS\System32\svchost.exe[1020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05A3000C
    .text C:\WINDOWS\System32\svchost.exe[1020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 059D0FEF
    .text C:\WINDOWS\System32\svchost.exe[1020] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 059C0FE5
    .text C:\WINDOWS\System32\svchost.exe[1020] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 059C0FCA
    .text C:\WINDOWS\System32\svchost.exe[1020] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 059C0000
    .text C:\WINDOWS\System32\svchost.exe[1020] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 059C0FAF
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FEF
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F55
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A0004A
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F66
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F8D
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FAF
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F24
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A0006C
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00EF8
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00091
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000AC
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F9E
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FD4
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0005B
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0001B
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0000A
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F13
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0047
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F009F
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F002C
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F001B
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F008E
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0000
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F0073
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0062
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FA6
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FC1
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0027
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FD2
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FE3
    .text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F83
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0078
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F9E
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0FAF
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FC0
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE009A
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F5E
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F30
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00BF
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0F15
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0051
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE001B
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0089
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FD1
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE002C
    .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F41
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FA8
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930054
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FB9
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F8D
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FE5
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930025
    .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930014
    .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA5
    .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!system 77C293C7 5 Bytes JMP 0092003A
    .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FEF
    .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD4
    .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920029
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00900FEF
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00900FDE
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00900FCD
    .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00900014
    .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B9000A
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B900BA
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B900A9
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9008E
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B9007D
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FD1
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B900D5
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F99
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F5A
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F6B
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F49
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90062
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B9001B
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90FAA
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B9003D
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B9002C
    .text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F7C
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80000
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80022
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FB9
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FD4
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80F65
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FE5
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80011
    .text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80F8A
    .text C:\WINDOWS\system32\svchost.exe[1608] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FAD
    .text C:\WINDOWS\system32\svchost.exe[1608] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70038
    .text C:\WINDOWS\system32\svchost.exe[1608] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7000C
    .text C:\WINDOWS\system32\svchost.exe[1608] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FE3
    .text C:\WINDOWS\system32\svchost.exe[1608] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70027
    .text C:\WINDOWS\system32\svchost.exe[1608] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FD2
    .text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60FEF
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F55
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F7A
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0054
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F97
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0025
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0076
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F2E
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0EFB
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F0C
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0ED6
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FA8
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FD4
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0065
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0014
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FC3
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F1D
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0FB9
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB006C
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FD4
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FE5
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB005B
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB000A
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BB0040
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0025
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0049
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0038
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0FE3
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FC8
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0011
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015E0000
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 015E006C
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 015E0F77
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 015E005B
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 015E004A
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 015E0FAF
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 015E0F5C
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 015E00A4
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015E0F26
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 015E0F41
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 015E0F0B
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 015E0F9E
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 015E0FE5
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 015E0087
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 015E0FD4
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 015E001B
    .text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 015E00BF
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014C0FE5
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014C0F9B
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014C0036
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014C0011
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014C0062
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014C0000
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 014C0051
    .text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014C0FCA
    .text C:\WINDOWS\Explorer.EXE[2016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01490049
    .text C:\WINDOWS\Explorer.EXE[2016] msvcrt.dll!system 77C293C7 5 Bytes JMP 01490FBE
    .text C:\WINDOWS\Explorer.EXE[2016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01490027
    .text C:\WINDOWS\Explorer.EXE[2016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01490FE3
    .text C:\WINDOWS\Explorer.EXE[2016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01490038
    .text C:\WINDOWS\Explorer.EXE[2016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01490000
    .text C:\WINDOWS\Explorer.EXE[2016] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00BE0FE5
    .text C:\WINDOWS\Explorer.EXE[2016] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00BE0FD4
    .text C:\WINDOWS\Explorer.EXE[2016] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00BE0014
    .text C:\WINDOWS\Explorer.EXE[2016] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00BE0025
    .text C:\WINDOWS\Explorer.EXE[2016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D7000A
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013E0000
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013E00AB
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013E0090
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013E007F
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013E0058
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013E003D
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013E0F8A
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013E0F9B
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013E0F54
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013E0F65
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013E0F39
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013E0FB6
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013E0011
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013E00C6
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013E0FDB
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013E0022
    .text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013E00ED
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013D0FAF
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013D0040
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013D0000
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013D0FCA
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013D0F8D
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013D0FEF
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 013D0025
    .text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013D0F9E
    .text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 013C0031
    .text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!system 77C293C7 5 Bytes JMP 013C0FA6
    .text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013C0016
    .text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 013C0FEF
    .text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 013C0FB7
    .text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 013C0FD2
    .text C:\WINDOWS\system32\svchost.exe[2068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013B0FEF
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F0000A
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F0007D
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F88
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00062
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FA5
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FCA
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F50
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00098
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000CB
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000BA
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F21
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00051
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F0001B
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F77
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FDB
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0002C
    .text C:\WINDOWS\system32\dllhost.exe[2576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000A9
    .text C:\WINDOWS\system32\dllhost.exe[2576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0042
    .text C:\WINDOWS\system32\dllhost.exe[2576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0031
    .text C:\WINDOWS\system32\dllhost.exe[2576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FC1
    .text C:\WINDOWS\system32\dllhost.exe[2576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FE3
    .text C:\WINDOWS\system32\dllhost.exe[2576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0020
    .text C:\WINDOWS\system32\dllhost.exe[2576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FD2
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF003D
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0FA2
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF002C
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0011
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0069
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF004E
    .text C:\WINDOWS\system32\dllhost.exe[2576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FC7
    .text C:\WINDOWS\system32\dllhost.exe[2576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----


    Hope You can help
    Ed
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/951754

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice