1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows update cannot check for updates service not running

Discussion in 'Virus & Other Malware Removal' started by pill2u, Jul 22, 2012.

Thread Status:
Not open for further replies.
  1. pill2u

    pill2u Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    5
    Hi all, whole system has gone flaky, takes 5 plus min to boot if at all, Win update and more are unavailable. TSG sysinfo came up blank..
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:27:12 PM, on 7/22/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19272)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    E:\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {053F9267-DC04-4294-A72C-58F732D338C0} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120505185804.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [Windows Mobile-based device management] rem C:\Windows\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] rem C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [IE Privacy Keeper] "E:\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-21-2287909422-836270424-3213729299-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-21-2287909422-836270424-3213729299-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - E:\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
    O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - E:\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    O16 - DPF: vzTCPConfig - http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: Filesystem Watcher (FilesystemWatcher) - DigiData Corp. - C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: Online Backup Scheduler (OnlineBackupSchedulerService) - Unknown owner - C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

    --
    End of file - 10728 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0
    Run by dad at 20:59:09 on 2012-07-16
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070209
    mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070209
    mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070209
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120505185804.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [IE Privacy Keeper] "e:\ie privacy keeper\IEPrivacyKeeper.exe" -startup
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11g_ActiveX.exe -update activex
    mRun: [Windows Mobile-based device management] rem c:\windows\windowsmobile\wmdSync.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
    mRun: [ISUSPM Startup] rem c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [VX3000] c:\windows\vVX3000.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
    TCP: Interfaces\{FD470029-2C71-4321-8081-BA982060A7B8} : DhcpNameServer = 192.168.1.1 71.242.0.12
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2012-07-14 15:21:42 -------- d-----w- c:\users\dad\pplication data\FixZeroAccess
    2012-07-14 15:21:41 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-07-14 14:57:11 -------- d-----w- C:\_OTL
    2012-06-30 15:15:54 -------- d-----w- c:\program files\AMD APP
    2012-06-24 21:44:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-24 21:43:43 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-24 21:43:32 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-24 21:43:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 10:35:31 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-21 10:35:30 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-21 10:35:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    .
    ==================== Find3M ====================
    .
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-19 04:52:06 194048 ----a-w- c:\windows\system32\drvinst.exe
    2012-06-11 17:50:42 159232 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 17:50:24 65024 ----a-w- c:\windows\system32\OpenVideo.dll
    2012-06-11 17:50:14 56320 ----a-w- c:\windows\system32\OVDecode.dll
    2012-06-11 17:49:22 13008896 ----a-w- c:\windows\system32\amdocl.dll
    2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
    2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-10 16:50:16 129880 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
    2012-05-10 16:30:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    1997-08-06 05:00:00 5639440 ----a-w- c:\program files\MSMONEY.EXE
    1997-08-06 05:00:00 21504 ----a-w- c:\program files\MNYREG.EXE
    2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 21:06:08.84 ===============
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-16 21:54:47
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.VT10
    Running: gmer.exe; Driver: C:\Users\dad\AppData\Local\Temp\pwldapow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x01 \??\C:\Users\dad\AppData\Local\Temp\mbr.sys B864DC42

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BD49498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BD494C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BD494AE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BD49484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 8387B992 5 Bytes JMP 8BD49488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9040B000, 0x3DBAA0, 0xE8000020]
    ? C:\Users\dad\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\services.exe[1180] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00130000
    .text C:\Windows\system32\services.exe[1180] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00130FDB
    .text C:\Windows\system32\services.exe[1180] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00130011
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 001200B3
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00120F6D
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00120F52
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 001200E9
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 0012007D
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00120FE5
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00120036
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00120F88
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00120F99
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00120FCA
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00120062
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00120051
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00120098
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 001200FA
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 0012001B
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00120000
    .text C:\Windows\system32\services.exe[1180] kernel32.dll!WinExec 756760CF 5 Bytes JMP 001200D8
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 007B0FB9
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 007B0FE5
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 007B000A
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 007B0FCA
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 007B0080
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 007B0036
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 007B001B
    .text C:\Windows\system32\services.exe[1180] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 007B0047
    .text C:\Windows\system32\services.exe[1180] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00140044
    .text C:\Windows\system32\services.exe[1180] msvcrt.dll!system 758F805B 5 Bytes JMP 00140033
    .text C:\Windows\system32\services.exe[1180] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00140022
    .text C:\Windows\system32\services.exe[1180] msvcrt.dll!_open 758FD116 5 Bytes JMP 00140FEF
    .text C:\Windows\system32\services.exe[1180] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00140FCD
    .text C:\Windows\system32\services.exe[1180] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00140FDE
    .text C:\Windows\system32\services.exe[1180] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 007C000A
    ? C:\Windows\system32\services.exe[1180] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
    .text C:\Windows\system32\lsass.exe[1196] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00870000
    .text C:\Windows\system32\lsass.exe[1196] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00870022
    .text C:\Windows\system32\lsass.exe[1196] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00870011
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 003A00AB
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 003A0090
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 003A0F4A
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 003A00D7
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 003A006E
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 003A0FB9
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 003A000A
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 003A0F6F
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 003A005D
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 003A0F9E
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 003A0036
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 003A0025
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 003A007F
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 003A0F39
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 003A0FDE
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 003A0FEF
    .text C:\Windows\system32\lsass.exe[1196] kernel32.dll!WinExec 756760CF 5 Bytes JMP 003A00BC
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00890033
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00890022
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00890000
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00890F9B
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 0089004E
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00890011
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00890FDB
    .text C:\Windows\system32\lsass.exe[1196] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00890FC0
    .text C:\Windows\system32\lsass.exe[1196] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00880062
    .text C:\Windows\system32\lsass.exe[1196] msvcrt.dll!system 758F805B 5 Bytes JMP 00880051
    .text C:\Windows\system32\lsass.exe[1196] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00880FD7
    .text C:\Windows\system32\lsass.exe[1196] msvcrt.dll!_open 758FD116 5 Bytes JMP 00880000
    .text C:\Windows\system32\lsass.exe[1196] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 0088002C
    .text C:\Windows\system32\lsass.exe[1196] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00880011
    .text C:\Windows\system32\lsass.exe[1196] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 008E0FEF
    .text C:\Windows\system32\svchost.exe[1384] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00880FEF
    .text C:\Windows\system32\svchost.exe[1384] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00880FCA
    .text C:\Windows\system32\svchost.exe[1384] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 0088000A
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00870FAD
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 008700E9
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00870F81
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00870F9C
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00870098
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 0087000A
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 0087002F
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 008700CE
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00870087
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 0087005B
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00870076
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 0087004A
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 008700BD
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00870129
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00870FD4
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00870FE5
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!WinExec 756760CF 5 Bytes JMP 0087010E
    .text C:\Windows\system32\svchost.exe[1384] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 0089003F
    .text C:\Windows\system32\svchost.exe[1384] msvcrt.dll!system 758F805B 5 Bytes JMP 00890FB4
    .text C:\Windows\system32\svchost.exe[1384] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 0089001D
    .text C:\Windows\system32\svchost.exe[1384] msvcrt.dll!_open 758FD116 5 Bytes JMP 00890FEF
    .text C:\Windows\system32\svchost.exe[1384] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 0089002E
    .text C:\Windows\system32\svchost.exe[1384] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 0089000C
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 008A0062
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 008A0040
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 008A0FEF
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 008A0051
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 008A0073
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 008A0FDE
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 008A000A
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 008A002F
    .text C:\Windows\system32\svchost.exe[1384] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 008B0000
    .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00640000
    .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 0064002F
    .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00640FEF
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00630082
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00630071
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 006300B8
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00630F21
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00630F72
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00630FCA
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 0063001B
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00630F3C
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00630F83
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00630F94
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00630040
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00630FAF
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00630F61
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00630F06
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00630000
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00630FEF
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!WinExec 756760CF 5 Bytes JMP 0063009D
    .text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00650F9A
    .text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!system 758F805B 5 Bytes JMP 0065001B
    .text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00650FB5
    .text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_open 758FD116 5 Bytes JMP 00650FEF
    .text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 0065000A
    .text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00650FC6
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00910FBC
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00910039
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 0091000A
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 0091005E
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 0091006F
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00910FDE
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00910FEF
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00910FCD
    .text C:\Windows\system32\svchost.exe[1488] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00920FEF
    .text C:\Windows\System32\svchost.exe[1608] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00DE0000
    .text C:\Windows\System32\svchost.exe[1608] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00DE0FDB
    .text C:\Windows\System32\svchost.exe[1608] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00DE0011
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00DC0F54
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00DC009A
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00DC0F0D
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00DC0F1E
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00DC0064
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00DC0FC0
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00DC0FAF
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00DC0F79
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00DC0053
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00DC002C
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00DC0F8A
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00DC001B
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00DC0089
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00DC00BF
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00DC0FE5
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00DC0000
    .text C:\Windows\System32\svchost.exe[1608] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00DC0F39
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00DF0FB9
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!system 758F805B 5 Bytes JMP 00DF0FCA
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00DF0FE5
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!_open 758FD116 5 Bytes JMP 00DF0000
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!_wcreat 758FD336 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00DF003A
    .text C:\Windows\System32\svchost.exe[1608] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00DF001D
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00DD006C
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00DD0036
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00DD000A
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00DD005B
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00DD0FB9
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00DD0FD4
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00DD0FE5
    .text C:\Windows\System32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00DD001B
    .text C:\Windows\System32\svchost.exe[1608] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 01440FEF
    .text C:\Windows\System32\svchost.exe[1696] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00E50000
    .text C:\Windows\System32\svchost.exe[1696] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00E50011
    .text C:\Windows\System32\svchost.exe[1696] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00E50FE5
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00BF00B5
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00BF00A4
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00BF0F28
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00BF0F39
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00BF0064
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00BF000A
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00BF0FB9
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00BF0F6F
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00BF0053
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00BF0F9E
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00BF0036
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00BF0025
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00BF007F
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00BF00E4
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00BF0FD4
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00BF0FEF
    .text C:\Windows\System32\svchost.exe[1696] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00BF0F54
    .text C:\Windows\System32\svchost.exe[1696] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00E60038
    .text C:\Windows\System32\svchost.exe[1696] msvcrt.dll!system 758F805B 5 Bytes JMP 00E60FAD
    .text C:\Windows\System32\svchost.exe[1696] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00E6000C
    .text C:\Windows\System32\svchost.exe[1696] msvcrt.dll!_open 758FD116 5 Bytes JMP 00E60FE3
    .text C:\Windows\System32\svchost.exe[1696] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00E6001D
    .text C:\Windows\System32\svchost.exe[1696] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00E60FD2
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00E0002F
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00E00F8D
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00E00FEF
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00E00014
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00E0004A
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00E00FB9
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00E00FD4
    .text C:\Windows\System32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00E00FA8
    .text C:\Windows\System32\svchost.exe[1696] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00F30000
    .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00D80FEF
    .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00D80025
    .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00D8000A
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00CE0F0E
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00CE004A
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00CE0EDB
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00CE0EEC
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00CE0039
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00CE000A
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00CE0FB9
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00CE0F29
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00CE0F55
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00CE0F8D
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00CE0F72
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00CE0F9E
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00CE0F44
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00CE0ECA
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00CE0FD4
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00CE0FE5
    .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00CE0EFD
    .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00D90FC3
    .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!system 758F805B 5 Bytes JMP 00D90FDE
    .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00D90033
    .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!_open 758FD116 5 Bytes JMP 00D90FEF
    .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00D9004E
    .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00D90018
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00D70F79
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00D70FA5
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00D70000
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00D70F94
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00D70F68
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00D70FDB
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00D70011
    .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00D70FB6
    .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00DE0FE5
    .text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00250FEF
    .text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00250FD4
    .text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 0025000A
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00090F37
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 0009007D
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 000900B3
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 000900A2
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00090051
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00090FB9
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00090FA8
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 0009006C
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00090040
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00090F83
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 0009002F
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 0009000A
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00090F5C
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00090EF7
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00090FD4
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00090FEF
    .text C:\Windows\system32\svchost.exe[1820] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00090F26
    .text C:\Windows\system32\svchost.exe[1820] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 002A0066
    .text C:\Windows\system32\svchost.exe[1820] msvcrt.dll!system 758F805B 5 Bytes JMP 002A0055
    .text C:\Windows\system32\svchost.exe[1820] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 002A0033
    .text C:\Windows\system32\svchost.exe[1820] msvcrt.dll!_open 758FD116 5 Bytes JMP 002A0000
    .text C:\Windows\system32\svchost.exe[1820] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 002A0044
    .text C:\Windows\system32\svchost.exe[1820] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 002A0FEF
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 000A0047
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 000A0FB9
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 000A0FEF
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 000A0036
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 000A0058
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 000A0FD4
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 000A0014
    .text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 000A0025
    .text C:\Windows\system32\svchost.exe[1820] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 002B0000
    .text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00900FE5
    .text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00900FC3
    .text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00900FD4
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 008A0060
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 008A0F24
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 008A0EEE
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 008A007B
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 008A0F61
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 008A0FC0
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 008A0FA5
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 008A0F35
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 008A0F72
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 008A0F94
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 008A0F83
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 008A001B
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 008A0F50
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 008A0EDD
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 008A0000
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 008A0FE5
    .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!WinExec 756760CF 5 Bytes JMP 008A0EFF
    .text C:\Windows\system32\svchost.exe[1900] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00950044
    .text C:\Windows\system32\svchost.exe[1900] msvcrt.dll!system 758F805B 5 Bytes JMP 00950033
    .text C:\Windows\system32\svchost.exe[1900] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00950011
    .text C:\Windows\system32\svchost.exe[1900] msvcrt.dll!_open 758FD116 5 Bytes JMP 00950000
    .text C:\Windows\system32\svchost.exe[1900] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00950022
    .text C:\Windows\system32\svchost.exe[1900] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00950FE3
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 008B0F83
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 008B0F9E
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 008B0FEF
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 008B0025
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 008B004A
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 008B0014
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 008B0FD4
    .text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 008B0FB9
    .text C:\Windows\system32\svchost.exe[1900] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 009F0FEF
    .text C:\Windows\system32\svchost.exe[2040] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 03690000
    .text C:\Windows\system32\svchost.exe[2040] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 03690FCA
    .text C:\Windows\system32\svchost.exe[2040] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 03690FE5
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 01130F1A
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 01130F35
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 01130EE7
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 01130EF8
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 01130060
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 01130FD4
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 01130FB9
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 01130F50
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 01130039
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 01130F8D
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 01130F7C
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 01130F9E
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 01130F61
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 01130ED6
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 0113000A
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 01130FEF
    .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!WinExec 756760CF 5 Bytes JMP 01130F09
    .text C:\Windows\system32\svchost.exe[2040] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 03AE0F9C
    .text C:\Windows\system32\svchost.exe[2040] msvcrt.dll!system 758F805B 5 Bytes JMP 03AE0027
    .text C:\Windows\system32\svchost.exe[2040] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 03AE000C
    .text C:\Windows\system32\svchost.exe[2040] msvcrt.dll!_open 758FD116 5 Bytes JMP 03AE0FE3
    .text C:\Windows\system32\svchost.exe[2040] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 03AE0FB7
    .text C:\Windows\system32\svchost.exe[2040] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 03AE0FD2
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 03630FA8
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 03630FC3
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 03630FEF
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 0363004A
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 03630F8D
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 0363001E
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 03630FDE
    .text C:\Windows\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 0363002F
    .text C:\Windows\system32\svchost.exe[2040] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 03C80FEF
    .text C:\Windows\System32\svchost.exe[2184] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 01200FE5
    .text C:\Windows\System32\svchost.exe[2184] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 0120001B
    .text C:\Windows\System32\svchost.exe[2184] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 01200000
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 01190F5C
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 011900AC
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 011900E9
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 011900D8
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 01190F8B
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 01190FD4
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 01190025
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 0119009B
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 01190065
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 01190FC3
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 01190FA8
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 0119004A
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 01190080
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 01190F41
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 01190000
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 01190FEF
    .text C:\Windows\System32\svchost.exe[2184] kernel32.dll!WinExec 756760CF 5 Bytes JMP 011900BD
    .text C:\Windows\System32\svchost.exe[2184] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 011E0FC1
    .text C:\Windows\System32\svchost.exe[2184] msvcrt.dll!system 758F805B 5 Bytes JMP 011E0FD2
    .text C:\Windows\System32\svchost.exe[2184] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 011E0FE3
    .text C:\Windows\System32\svchost.exe[2184] msvcrt.dll!_open 758FD116 5 Bytes JMP 011E0000
    .text C:\Windows\System32\svchost.exe[2184] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 011E0042
    .text C:\Windows\System32\svchost.exe[2184] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 011E0011
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyExA 76C239AB 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 011F0FAF
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 011F0036
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 011F000A
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 011F0051
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 011F0062
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 011F0FDB
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 011F001B
    .text C:\Windows\System32\svchost.exe[2184] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 011F0FC0
    .text C:\Windows\Explorer.EXE[2284] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00040000
    .text C:\Windows\Explorer.EXE[2284] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00040FCA
    .text C:\Windows\Explorer.EXE[2284] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00040FE5
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 0001008C
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00010F46
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 000100B8
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00010F21
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00010F86
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00010FD4
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00010FC3
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00010F61
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00010054
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00010039
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00010F97
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00010FB2
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00010071
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 000100C9
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 0001000A
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00010FEF
    .text C:\Windows\Explorer.EXE[2284] kernel32.dll!WinExec 756760CF 5 Bytes JMP 0001009D
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 0006007A
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00060058
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00060000
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00060069
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00060FBD
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 0006002C
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00060011
    .text C:\Windows\Explorer.EXE[2284] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 0006003D
    .text C:\Windows\Explorer.EXE[2284] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00070FB7
    .text C:\Windows\Explorer.EXE[2284] msvcrt.dll!system 758F805B 5 Bytes JMP 00070038
    .text C:\Windows\Explorer.EXE[2284] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00070FD2
    .text C:\Windows\Explorer.EXE[2284] msvcrt.dll!_open 758FD116 5 Bytes JMP 00070FEF
    .text C:\Windows\Explorer.EXE[2284] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00070027
    .text C:\Windows\Explorer.EXE[2284] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 0007000C
    .text C:\Windows\Explorer.EXE[2284] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 03790000
    .text C:\Windows\Explorer.EXE[2284] WININET.dll!InternetOpenA 7551D6A8 5 Bytes JMP 02380FE5
    .text C:\Windows\Explorer.EXE[2284] WININET.dll!InternetOpenW 7551DB21 5 Bytes JMP 02380000
    .text C:\Windows\Explorer.EXE[2284] WININET.dll!InternetOpenUrlA 7551F3BC 5 Bytes JMP 02380FCA
    .text C:\Windows\Explorer.EXE[2284] WININET.dll!InternetOpenUrlW 75566DFF 5 Bytes JMP 02380FB9
    .text C:\Windows\System32\svchost.exe[2584] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00150FEF
    .text C:\Windows\System32\svchost.exe[2584] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00150FDE
    .text C:\Windows\System32\svchost.exe[2584] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00150014
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00120F3E
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00120F4F
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 001200B3
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00120F1C
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00120069
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00120FCA
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00120011
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00120084
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 0012004E
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 0012003D
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00120F9B
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 0012002C
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00120F74
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00120EF7
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00120000
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00120FE5
    .text C:\Windows\System32\svchost.exe[2584] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00120F2D
    .text C:\Windows\System32\svchost.exe[2584] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00130F9C
    .text C:\Windows\System32\svchost.exe[2584] msvcrt.dll!system 758F805B 5 Bytes JMP 00130FAD
    .text C:\Windows\System32\svchost.exe[2584] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 0013001D
    .text C:\Windows\System32\svchost.exe[2584] msvcrt.dll!_open 758FD116 5 Bytes JMP 00130000
    .text C:\Windows\System32\svchost.exe[2584] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00130FC8
    .text C:\Windows\System32\svchost.exe[2584] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00130FE3
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00140051
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00140FAF
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00140FE5
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00140040
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00140F94
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00140011
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00140000
    .text C:\Windows\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00140FC0
    .text C:\Windows\System32\svchost.exe[2584] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00160FEF
    .text C:\Windows\System32\svchost.exe[2760] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 001E0000
    .text C:\Windows\System32\svchost.exe[2760] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 001E0FD4
    .text C:\Windows\System32\svchost.exe[2760] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 001E0FE5
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00160093
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00160082
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00160EFC
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 00160F17
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00160071
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00160014
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00160FCD
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00160F57
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00160054
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00160FB2
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00160FA1
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00160043
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00160F7C
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 001600AE
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00160FDE
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00160FEF
    .text C:\Windows\System32\svchost.exe[2760] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00160F28
    .text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00180F92
    .text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!system 758F805B 5 Bytes JMP 0018001D
    .text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 0018000C
    .text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_open 758FD116 5 Bytes JMP 00180FEF
    .text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00180FB7
    .text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00180FD2
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00190F8D
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00190FB2
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00190FEF
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00190039
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00190054
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00190014
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00190FDE
    .text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00190FC3
    .text C:\Windows\System32\svchost.exe[2760] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 002B0FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00040000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 0004002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00040FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 000100A7
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 0001008C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 000100DD
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 000100C2
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00010071
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00010FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00010FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00010F61
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00010F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00010039
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 0001004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00010FA8
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00010F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 000100EE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateFileW 7562B0EB 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00010FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00010000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00010F3C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00050051
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00050025
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00050FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00050040
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00050062
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00050FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00050000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00050FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!SetWindowsHookExW 75A387AD 5 Bytes JMP 69059A65 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!CallNextHookEx 75A38E3B 5 Bytes JMP 6904D0DD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!UnhookWindowsHookEx 75A398DB 5 Bytes JMP 68FC466C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!CreateWindowExW 75A41305 5 Bytes JMP 6905DAD4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!DialogBoxParamW 75A610B0 5 Bytes JMP 68F85505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!DialogBoxIndirectParamW 75A62EF5 5 Bytes JMP 69157207 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!DialogBoxParamA 75A78152 5 Bytes JMP 691571A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!DialogBoxIndirectParamA 75A7847D 5 Bytes JMP 6915726A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!MessageBoxIndirectA 75A8D4D9 5 Bytes JMP 69157139 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!MessageBoxIndirectW 75A8D5D3 5 Bytes JMP 691570CE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!MessageBoxExA 75A8D639 5 Bytes JMP 6915706C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] USER32.dll!MessageBoxExW 75A8D65D 5 Bytes JMP 6915700A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00060055
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!system 758F805B 5 Bytes JMP 00060FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00060029
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!_open 758FD116 5 Bytes JMP 00060FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!_wcreat 758FD336 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 0006003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00060018
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ole32.dll!OleLoadFromStream 756E1E80 5 Bytes JMP 6915756F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] ole32.dll!CoCreateInstance 75719F3E 5 Bytes JMP 6905DB30 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00E20FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] WININET.dll!InternetOpenA 7551D6A8 5 Bytes JMP 01010000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] WININET.dll!InternetOpenW 7551DB21 5 Bytes JMP 01010FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] WININET.dll!InternetOpenUrlA 7551F3BC 5 Bytes JMP 0101001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[2828] WININET.dll!InternetOpenUrlW 75566DFF 5 Bytes JMP 01010040
    .text C:\Windows\system32\svchost.exe[2872] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00250000
    .text C:\Windows\system32\svchost.exe[2872] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00250036
    .text C:\Windows\system32\svchost.exe[2872] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00250011
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00220F4E
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00220F5F
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 002200D4
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 002200B9
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00220F7A
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00220FDE
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00220FC3
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00220080
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00220054
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00220039
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00220F97
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00220FB2
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 0022006F
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 002200E5
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateFileW 7562B0EB 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00220FEF
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00220000
    .text C:\Windows\system32\svchost.exe[2872] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00220F3D
    .text C:\Windows\system32\svchost.exe[2872] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 0023004E
    .text C:\Windows\system32\svchost.exe[2872] msvcrt.dll!system 758F805B 5 Bytes JMP 0023003D
    .text C:\Windows\system32\svchost.exe[2872] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00230FDE
    .text C:\Windows\system32\svchost.exe[2872] msvcrt.dll!_open 758FD116 5 Bytes JMP 00230FEF
    .text C:\Windows\system32\svchost.exe[2872] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00230FC3
    .text C:\Windows\system32\svchost.exe[2872] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 0023000C
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00240058
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00240FC0
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00240000
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00240047
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00240FA5
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 0024001B
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00240FE5
    .text C:\Windows\system32\svchost.exe[2872] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00240036
    .text C:\Windows\system32\svchost.exe[2872] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 007F0FEF
    .text C:\Windows\system32\svchost.exe[2908] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 0096000A
    .text C:\Windows\system32\svchost.exe[2908] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00960FDB
    .text C:\Windows\system32\svchost.exe[2908] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 0096001B
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00360082
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00360071
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 003600BF
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 003600A4
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00360056
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00360FC3
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00360FB2
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00360F3C
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00360045
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00360F86
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00360028
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00360F97
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00360F57
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00360F17
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00360FD4
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00360FEF
    .text C:\Windows\system32\svchost.exe[2908] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00360093
    .text C:\Windows\system32\svchost.exe[2908] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00370016
    .text C:\Windows\system32\svchost.exe[2908] msvcrt.dll!system 758F805B 5 Bytes JMP 00370F8B
    .text C:\Windows\system32\svchost.exe[2908] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 00370FB7
    .text C:\Windows\system32\svchost.exe[2908] msvcrt.dll!_open 758FD116 5 Bytes JMP 00370FEF
    .text C:\Windows\system32\svchost.exe[2908] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00370FA6
    .text C:\Windows\system32\svchost.exe[2908] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00370FDE
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00950051
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00950FB9
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00950FEF
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00950040
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00950F94
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00950025
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00950014
    .text C:\Windows\system32\svchost.exe[2908] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00950FD4
    .text C:\Windows\system32\svchost.exe[2908] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00970FEF
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3236] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 6E339A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3236] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 6E3399A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\system32\svchost.exe[4712] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00040000
    .text C:\Windows\system32\svchost.exe[4712] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00040FEF
    .text C:\Windows\system32\svchost.exe[4712] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00040025
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00010082
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 00010067
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00010F06
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 0001009D
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00010F46
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00010FB9
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00010F9E
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 0001004C
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00010F57
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00010F79
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00010F68
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00010000
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00010031
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00010EEB
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00010FCA
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00010FE5
    .text C:\Windows\system32\svchost.exe[4712] kernel32.dll!WinExec 756760CF 5 Bytes JMP 00010F21
    .text C:\Windows\system32\svchost.exe[4712] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00060077
    .text C:\Windows\system32\svchost.exe[4712] msvcrt.dll!system 758F805B 5 Bytes JMP 00060066
    .text C:\Windows\system32\svchost.exe[4712] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 0006003A
    .text C:\Windows\system32\svchost.exe[4712] msvcrt.dll!_open 758FD116 5 Bytes JMP 00060000
    .text C:\Windows\system32\svchost.exe[4712] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 00060055
    .text C:\Windows\system32\svchost.exe[4712] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 0006001D
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00070F9B
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00070047
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 0007000A
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00070FC0
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00070F8A
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 00070FDB
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 0007001B
    .text C:\Windows\system32\svchost.exe[4712] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00070036
    .text C:\Windows\system32\svchost.exe[4712] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 00080FE5
    .text C:\Windows\system32\svchost.exe[5548] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00040FE5
    .text C:\Windows\system32\svchost.exe[5548] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00040FB9
    .text C:\Windows\system32\svchost.exe[5548] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00040FCA
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 00010F61
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 000100A7
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 000100EE
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 000100DD
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00010F9E
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00010FD4
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00010025
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00010F72
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 0001006C
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 0001004A
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 0001005B
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00010FB9
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00010F8D
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00010F3C
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00010000
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 00010FEF
    .text C:\Windows\system32\svchost.exe[5548] kernel32.dll!WinExec 756760CF 5 Bytes JMP 000100C2
    .text C:\Windows\system32\svchost.exe[5548] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 000A0044
    .text C:\Windows\system32\svchost.exe[5548] msvcrt.dll!system 758F805B 5 Bytes JMP 000A0033
    .text C:\Windows\system32\svchost.exe[5548] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 000A0FCD
    .text C:\Windows\system32\svchost.exe[5548] msvcrt.dll!_open 758FD116 5 Bytes JMP 000A0FEF
    .text C:\Windows\system32\svchost.exe[5548] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 000A0022
    .text C:\Windows\system32\svchost.exe[5548] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 000A0FDE
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 000B0F8A
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 000B0FB9
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 000B0FE5
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 000B0036
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 000B0047
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 000B0000
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 000B0FCA
    .text C:\Windows\system32\svchost.exe[5548] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 000B0025
    .text C:\Windows\system32\svchost.exe[5548] WS2_32.dll!socket 76FC36D1 5 Bytes JMP 000C0000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ntdll.dll!NtCreateFile 76EB4244 5 Bytes JMP 00040FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ntdll.dll!NtCreateProcess 76EB4304 5 Bytes JMP 00040FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ntdll.dll!NtProtectVirtualMemory 76EB4BA4 5 Bytes JMP 00040000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!GetStartupInfoW 755E1929 5 Bytes JMP 000100DB
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!GetStartupInfoA 755E19C9 5 Bytes JMP 000100B6
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateProcessW 755E1BF3 5 Bytes JMP 00010F66
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateProcessA 755E1C28 5 Bytes JMP 000100FD
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!VirtualProtect 755E1DC3 5 Bytes JMP 00010091
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateNamedPipeA 755E2EF5 5 Bytes JMP 00010FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateNamedPipeW 755E5C0C 5 Bytes JMP 00010025
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreatePipe 75608F06 5 Bytes JMP 00010F95
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!LoadLibraryExW 7560927C 5 Bytes JMP 00010080
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!LoadLibraryW 75609400 5 Bytes JMP 00010FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!LoadLibraryExA 75609554 5 Bytes JMP 00010065
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!LoadLibraryA 7560957C 5 Bytes JMP 00010040
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!VirtualProtectEx 7560DC52 5 Bytes JMP 00010FA6
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!GetProcAddress 7562925B 5 Bytes JMP 00010118
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateFileW 7562B0EB 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateFileW 7562B0EB 5 Bytes JMP 00010FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!CreateFileA 7562D07F 5 Bytes JMP 0001000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] kernel32.dll!WinExec 756760CF 5 Bytes JMP 000100EC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegCreateKeyExA 76C239AB 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegCreateKeyExA 76C239AB 5 Bytes JMP 00050FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegCreateKeyA 76C23BA9 5 Bytes JMP 00050FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegOpenKeyA 76C289C7 5 Bytes JMP 00050000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegCreateKeyW 76C3391E 5 Bytes JMP 00050051
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegCreateKeyExW 76C341F1 5 Bytes JMP 00050F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegOpenKeyExA 76C37C42 5 Bytes JMP 0005001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegOpenKeyW 76C3E2B5 5 Bytes JMP 00050FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ADVAPI32.dll!RegOpenKeyExW 76C47BA1 5 Bytes JMP 00050036
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!CreateWindowExW 75A41305 5 Bytes JMP 6905DAD4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!DialogBoxParamW 75A610B0 5 Bytes JMP 68F85505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!DialogBoxIndirectParamW 75A62EF5 5 Bytes JMP 69157207 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!DialogBoxParamA 75A78152 5 Bytes JMP 691571A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!DialogBoxIndirectParamA 75A7847D 5 Bytes JMP 6915726A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!MessageBoxIndirectA 75A8D4D9 5 Bytes JMP 69157139 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!MessageBoxIndirectW 75A8D5D3 5 Bytes JMP 691570CE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!MessageBoxExA 75A8D639 5 Bytes JMP 6915706C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] USER32.dll!MessageBoxExW 75A8D65D 5 Bytes JMP 6915700A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] msvcrt.dll!_wsystem 758F7F3F 5 Bytes JMP 00060FAD
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] msvcrt.dll!system 758F805B 5 Bytes JMP 00060FBE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] msvcrt.dll!_creat 758FBBF1 5 Bytes JMP 0006001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] msvcrt.dll!_open 758FD116 5 Bytes JMP 0006000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] msvcrt.dll!_wcreat 758FD336 5 Bytes JMP 0006002E
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] msvcrt.dll!_wopen 758FD511 5 Bytes JMP 00060FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] WININET.dll!InternetOpenA 7551D6A8 5 Bytes JMP 000E0FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] WININET.dll!InternetOpenW 7551DB21 5 Bytes JMP 000E0FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] WININET.dll!InternetOpenUrlA 7551F3BC 5 Bytes JMP 000E0014
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] WININET.dll!InternetOpenUrlW 75566DFF 5 Bytes JMP 000E0025
    .text C:\Program Files\Internet Explorer\iexplore.exe[5892] ws2_32.dll!socket 76FC36D1 5 Bytes JMP 0021000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- Files - GMER 1.0.15 ----

    File C:\Users\dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DB0D5ISW\iframe[1].htm 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1062188

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice