Inactive Computer is redirected to 3rd party site when I use search engines

Status
Not open for further replies.
S

SUBZ

Posts: 12   +0
My desktop keeps being redirected to 3rd party websaites when I use search engines like google. I believe that it has a virus. My antivirus software can not remove or quarantine the virus. I went to the public library and looked my problem up online.It seems more than one person has had this problem. Can anyone walk me thru the steps to rid my desktop of this virus?

I've read posts that recommend using Hijackthis but only under the advice of a pro. Can anyone help?
 
Welcome aboard
yahooo.gif


Proceed with LookinAround's advice.
 
Thank you Lookinaround and Broni. I read the thread and followed the instructions for the Virus/Malware Removal.

1.) I already had an antivirus software (McAfee)
2.) I used the TFC cleaner (It removed 519 megs of data. Is that normal? I guess I had alot of temporary files)
3.) I used MBAM. The program froze while trying remove the infected files the first time. I ran it a second time. The second run was successful. I noticed that the first MBAM scan only found 17 infected files. The second scan found 18.

The infected file log from the first MBAM scan:
**********************************************************************************************************************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4816

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/13/2010 7:54:58 PM
mbam-log-2010-10-13 (19-54-58).txt

Scan type: Quick scan
Objects scanned: 153620
Time elapsed: 14 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> No action taken.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.

***********************************************************************************************************************
 
The second MBAM scan had this log for the infected files:


***********************************************************************************************************************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4816

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2010 7:57:14 AM
mbam-log-2010-10-14 (07-57-14).txt

Scan type: Quick scan
Objects scanned: 153732
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> No action taken.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.


***********************************************************************************************************************

After this scan I made sure that everything was checked and I clicked "Remove selected". The final MBAM log was as follows:


***********************************************************************************************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4816

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2010 7:59:36 AM
mbam-log-2010-10-14 (07-59-36).txt

Scan type: Quick scan
Objects scanned: 153732
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.


***********************************************************************************************************************
 
4. Then I ran GMER. The GMER log is as follows:

***********************************************************************************************************************
GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-14 09:30:27
Windows 5.1.2600 Service Pack 3
Running: 75iwy9qtGMER.exe; Driver: C:\DOCUME~1\LELIAO~1\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF8585090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF85850A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF85850D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF8585126]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF858507C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8585054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8585068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF85850BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF85850FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF85850E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF8585150]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF858513C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF8585110]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F8585114 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP F8585080 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP F8585094 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP F8585058 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP F85850EA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP F8585140 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP F858512A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP F8585154 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP F858506C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP F85850D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP F85850A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetSecurityObject 8059B1F3 5 Bytes JMP F8585100 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP F85850BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? vxotynd.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8A03760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7524F80]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xEEBB3480, 0x306DD, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EA0FD4
.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA0FE5
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90F77
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E9006C
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E9005B
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E9004A
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FA8
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E900B3
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E900A2
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F35
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90F46
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90F1A
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E9002F
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90FCA
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90087
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E900C4
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80FB9
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80F61
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80F72
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E80F8D
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 89]
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80FA8
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E7004E
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E7003D
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FD7
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E7002C
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70011
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6001B
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50F30
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50F4B
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50F5C
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50F79
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50F9E
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B5005D
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50F15
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50ED5
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50EF0
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50089
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B5001B
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50040
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FAF
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B5006E
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B40F9E
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40025
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B4005B
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B40FB9
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D4, 88] {AAM 0x88}
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00010044
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00010029
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00010FDE
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00010FEF
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00010FB9
.text C:\WINDOWS\system32\svchost.exe[384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00010018
.text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01940000
.text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01940022
.text C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01940011
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01930000
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01930F59
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01930F74
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0193004E
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01930F91
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01930FB6
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0193007C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0193006B
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01930EFE
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01930F19
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019300BC
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0193003D
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01930FE5
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01930F34
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01930022
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01930011
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01930097
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0192002F
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01920080
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01920FDE
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01920FEF
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01920065
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01920000
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01920054
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01920FC3
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01910F9E
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!system 77C293C7 5 Bytes JMP 01910029
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01910FDE
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01910FEF
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01910FB9
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0191000C
.text C:\WINDOWS\system32\svchost.exe[708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01900FE5
.text C:\WINDOWS\system32\svchost.exe[708] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 018F000A
.text C:\WINDOWS\system32\svchost.exe[708] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 018F001B
.text C:\WINDOWS\system32\svchost.exe[708] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 018F0036
.text C:\WINDOWS\system32\svchost.exe[708] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 018F0047
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006D0FDE
.text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D0014
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F65
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F80
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0F9B
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0FAC
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C003D
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C00AD
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C009C
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F40
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00D9
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0F25
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0058
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C001B
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C007F
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C002C
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0FE5
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C00BE
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F7C
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0F97
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006B0FA8
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FB9
.text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0042
.text C:\WINDOWS\System32\svchost.exe[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0027
.text C:\WINDOWS\System32\svchost.exe[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0FC1
.text C:\WINDOWS\System32\svchost.exe[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0016
.text C:\WINDOWS\System32\svchost.exe[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A0FDE
.text C:\WINDOWS\System32\svchost.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FEF
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0062
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0051
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0F83
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0040
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FAF
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F26
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0F37
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0093
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C0EFA
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C00A4
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0F9E
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0F48
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FC0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0011
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C0F0B
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FAF
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F68
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FD4
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0F83
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B0025
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0F9E
 
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0FA5
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0FCA
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0029
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A000C
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A003A
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F9B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070FAC
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007007A
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007005F
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007003D
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F59
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F6A
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F2D
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700C6
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700E1
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0007004E
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700A1
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F48
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F83
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050044
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB004C
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F57
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F68
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F83
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F32
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB007A
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0EFC
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0095
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00B0
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB005D
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F21
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0F5E
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 88]
.text C:\WINDOWS\system32\lsass.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90053
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90038
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FD9
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90FC8
.text C:\WINDOWS\system32\lsass.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\lsass.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB006C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB005B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB004A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0F8D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB0F49
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F5A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB00BD
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB0F2E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB00D8
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0FA8
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0087
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB00A2
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA0FA5
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA002C
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA0062
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA000A
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0051
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90FA3
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90038
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90FD2
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90FE3
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90027
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F9000C
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B10036
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B10025
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A70FA8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A7009D
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A7008C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A7006F
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70FD4
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A70F77
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A700C9
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70106
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A700F5
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A70121
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70FC3
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A7001B
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A700B8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A70040
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A700E4
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A60065
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A60025
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A6004A
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A60FA8
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C6, 88]
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A60FB9
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50F9A
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50FBC
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50FAB
.text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 027E0000
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 027E0FEF
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 027E0025
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0000
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D0F7E
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D0F8F
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0069
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D0FAC
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D0047
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D0F21
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0F48
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0EF5
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D0F06
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027D00B3
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 027D0058
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027D001B
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027D0F59
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 027D0036
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 027D0FE5
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027D0084
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 027C0FDB
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 027C0058
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 027C002C
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 027C0011
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 027C0047
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 027C0000
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 027C0FAF
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9C, 8A]
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 027C0FC0
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01E1005D
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 01E10042
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01E1001D
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01E10FEF
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01E10FC8
.text C:\WINDOWS\System32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01E10000
.text C:\WINDOWS\System32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E00000
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01DF0000
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01DF0011
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01DF0FE5
.text C:\WINDOWS\System32\svchost.exe[1452] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01DF0FC0
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650076
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F77
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F94
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650087
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F4B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650F1A
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500A9
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006500CE
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650F66
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650098
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640051
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F8A
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640F9B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630042
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FB7
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630027
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D001B
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0FA3
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0FB4
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C008E
 
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C007D
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0F7E
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C00C6
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C00E1
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C0F52
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C0F2D
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C006C
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0025
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C00A9
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0051
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0036
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C0F63
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B003D
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B005F
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0022
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0011
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0FA2
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008B0FBD
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AB, 88]
.text C:\WINDOWS\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B004E
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0F90
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A001B
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0FAB
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0FE3
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FD2
.text C:\WINDOWS\system32\svchost.exe[1620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0165000A
.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01650FEF
.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01650025
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01640000
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0164007D
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0164006C
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01640051
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01640F94
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01640FCA
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01640F48
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01640F63
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016400AB
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01640F12
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016400BC
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01640FAF
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0164001B
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0164008E
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01640FDB
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0164002C
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01640F37
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01630FC7
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01630F91
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01630022
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01630011
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01630FA2
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01630000
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0163004E
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01630033
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01620F81
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 0162000C
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01620FC1
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01620FEF
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01620FA6
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01620FDE
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0161000A
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01600FEF
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0160000A
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01600025
.text C:\WINDOWS\system32\svchost.exe[1724] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01600036
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0056
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F61
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA009F
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA008E
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00BA
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F21
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00D5
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0067
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F3C
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093002C
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F8A
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FA5
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092004E
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FC3
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920018
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920033
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FCD
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0091000A
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0014000A
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00140FEF
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00140025
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270067
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F72
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F8D
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270040
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FAF
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F3C
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F4D
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F17
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700BA
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700CB
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9E
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270078
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270025
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270014
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0027009F
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360047
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036007D
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036002C
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FC0
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360062
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FD1
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FBE
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370049
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037002E
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FD9
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370011
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 330B9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 032B0FEF
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 032B000A
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 032B0FDE
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 032B0039
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2228] ws2_32.dll!socket 71AB4211 5 Bytes JMP 03C70000
.text C:\WINDOWS\System32\svchost.exe[2704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[2704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FE5
.text C:\WINDOWS\System32\svchost.exe[2704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00990011
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980FE5
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00980043
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00980F4E
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00980F6B
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980028
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00980F97
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0098008C
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00980071
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009800C2
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00980F1F
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00980F0E
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00980F86
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00980FD4
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00980054
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00980FB2
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00980FC3
.text C:\WINDOWS\System32\svchost.exe[2704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0098009D
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FAF
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40051
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40036
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F4001B
.text C:\WINDOWS\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40F9E
 
.text C:\WINDOWS\System32\svchost.exe[2704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30040
.text C:\WINDOWS\System32\svchost.exe[2704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F3001B
.text C:\WINDOWS\System32\svchost.exe[2704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30000
.text C:\WINDOWS\System32\svchost.exe[2704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\System32\svchost.exe[2704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30FAB
.text C:\WINDOWS\System32\svchost.exe[2704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30FD2
.text C:\WINDOWS\System32\svchost.exe[2704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0000
.text C:\WINDOWS\Explorer.EXE[2840] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20000
.text C:\WINDOWS\Explorer.EXE[2840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\Explorer.EXE[2840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10078
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10051
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10025
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100AE
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F72
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F3A
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F4B
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F29
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10036
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1009D
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10014
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FCD
.text C:\WINDOWS\Explorer.EXE[2840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100C9
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50000
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50040
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50F83
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D5001B
.text C:\WINDOWS\Explorer.EXE[2840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\Explorer.EXE[2840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D4007A
.text C:\WINDOWS\Explorer.EXE[2840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D4005F
.text C:\WINDOWS\Explorer.EXE[2840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40029
.text C:\WINDOWS\Explorer.EXE[2840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\Explorer.EXE[2840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D4004E
.text C:\WINDOWS\Explorer.EXE[2840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\Explorer.EXE[2840] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\Explorer.EXE[2840] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D10014
.text C:\WINDOWS\Explorer.EXE[2840] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D10FDE
.text C:\WINDOWS\Explorer.EXE[2840] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D1002F
.text C:\WINDOWS\Explorer.EXE[2840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\system32\wuauclt.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FE5
.text C:\WINDOWS\system32\wuauclt.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0009001B
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0071
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F7C
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F8D
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0040
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C009D
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F55
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00D3
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C00C2
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F1F
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0F9E
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0082
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C000A
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C0F3A
.text C:\WINDOWS\system32\wuauclt.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0053
.text C:\WINDOWS\system32\wuauclt.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0038
.text C:\WINDOWS\system32\wuauclt.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B001D
.text C:\WINDOWS\system32\wuauclt.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FC8
.text C:\WINDOWS\system32\wuauclt.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B000C
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0F8D
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0025
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0040
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0000
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88]
.text C:\WINDOWS\system32\wuauclt.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FC3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[944] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407750] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[944] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
 
***********************************************************************************************************************

5. Then I ran the DDS. The log is as follows:

***********************************************************************************************************************


DDS (Ver_10-10-10.03) - NTFSx86
Run by Lelia Owens at 9:34:21.20 on Thu 10/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.101 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100917043448.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MskDetct.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [zzzHPSETUP] e:\setup.exe \RESET
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CICache] CICache.exe
mRun: [Dit] Dit.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Recordpad] "c:\program files\nch swift sound\recordpad\recordpad.exe" -logon
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_14\TrayServer.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228177415171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228584563515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leliao~1\applic~1\mozilla\firefox\profiles\qlf3oyzc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\lelia owens\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R? CardReaderFilter;Card Reader Filter
R? FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance
R? fsssvc;Windows Live Family Safety Service
R? FXDRV;FXDRV
R? mfebopk;McAfee Inc. mfebopk
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? RoxLiveShare10;LiveShare P2P Server 10
R? RoxMediaDB10;RoxMediaDB10
R? RoxWatch10;Roxio Hard Drive Watcher 10
R? SessionLauncher;SessionLauncher
R? UPnPService;UPnPService
S? acedrv11;acedrv11
S? cfwids;McAfee Inc. cfwids
S? dldo_device;dldo_device
S? fssfltr;fssfltr
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McMPFSvc;McAfee Personal Firewall Service
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McShield;McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service

=============== Created Last 30 ================

2010-10-13 23:37:16 -------- d-----w- c:\docume~1\leliao~1\applic~1\Malwarebytes
2010-10-13 23:36:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 23:36:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 23:36:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-13 23:36:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 06:19:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-09-30 06:19:48 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-17 08:34:48 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 9:37:01.01 ===============


***********************************************************************************************************************
 
6. The DDS also provided an "attach.txt" let me know if I need to post this. I'm not sure how to zip files.
 
Do not zip anything.
Post straight "Attach.txt" file.

Then....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
The DDS attachment

Here is the attachment.txt after running DDS
 

Attachments

  • Attach.txt
    24.2 KB · Views: 0
Broni I attempted to download mbrcheck.exe but it keeps being canceled before downloading. I'll try to download it to a clean computer and transfer it. Can I do the same with Combofix? I noticed that you said to download Combofix directly to my desktop.

Just to be sure, how do I disable McAfee so that it does not interfere? It already wants to upgrade as soon as I restart. Is this bad?
 
I'll try to download it to a clean computer and transfer it. Can I do the same with Combofix?
Click to expand...
Yes. No problem.

As for McAfee, see this in my Combofix instruction:
Click on this link to see a list of programs that should be disabled
Click to expand...
 
Plz keep thread open

I'm currently away from my desktop computer. Plz keep this thread open. I read that it may close if I do not respond fast enough. Plz keep this thread open. I'm in the process of following Broni's instructions.

By the way, perhaps I misunderstood the steps listed in the process from the link but the steps did not seem to apply to my McAfee antivirus software. I am trying to figure out how to shut it off completely while cleaning the computer. Each time that I disable the McAfee real time file scanning it re-enables itself.
 
Status
Not open for further replies.

Similar threads

yRaz
Opinion: AI is a lot closer to being conscious than many people predict and we need to talk about that.
Replies
0
Views
1K
yRaz
yRaz
Cal Jeffrey
Users claim Windows iCloud app bug is inserting images and videos from other people into...
Replies
5
Views
683
lazer
lazer
S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S

Latest posts

Back