Virus Trying to "Access Process Data" in Norton

michael1026 · Jan 30, 2011

Well I was wondering why my computer was acting up, and I looked at Norton 360's security history, and noticed this.

This happens about every minute, and the process that is doing it is what I use to login sometimes. What can I do? Can someone team-view me? Also, I have ran full virus scans. It found nothing.

Ryan · Jan 30, 2011

Click "Scan Now" and it should remove what is trying to access your computer.

Valiant · Jan 30, 2011

Ryan L said: ↑

Click "Scan Now" and it should remove what is trying to access your computer.

He already said he ran a full scan, (back to topic) maybe try a system restore on you're computer

michael1026 · Jan 30, 2011

Ryan L said: ↑

Click "Scan Now" and it should remove what is trying to access your computer.

I ran a full system scan, I tried it in safe mode too. Nothing.

Ryan L said: ↑

Click "Scan Now" and it should remove what is trying to access your computer.

I ran a full system scan, I tried it in safe mode too. Nothing.

Ryan · Jan 30, 2011

ImElement said: ↑

He already said he ran a full scan, (back to topic) maybe try a system restore on you're computer

Yeah he edited the thread after I posted

OT: I suggest you look at this http://www.se7ensins.com/forums/topic/3910-how-to-keep-your-computer-clean-the-free-way/ and download:

CCleaner

SUPERAntiSpyware

Then run the programs and do the scans and it will remove all things that may harm your computer, norton didn't find half the stuff that Antispyware did.

michael1026 · Jan 30, 2011

Ryan L said: ↑

Yeah he edited the thread after I posted

OT: I suggest you look at this http://www.se7ensins.com/forums/topic/3910-how-to-keep-your-computer-clean-the-free-way/ and download:

CCleaner

SUPERAntiSpyware

Then run the programs and do the scans and it will remove all things that may harm your computer, norton didn't find half the stuff that Antispyware did.

Okay I'll try supportanispyware I already tried ccleaner. Andd I tried a system restore, back to about 3 days

Superantispyware wont download, can someone help me over aim its hard to talk on here since my computer. Aim someoneveryhot

DisRupTioN · Jan 30, 2011

Hi,
My name is Disruption and I will be assisting you today. Please follow ALL my instructions for proper removal.

Step 1:
Please download Malwarebytes Anti-Malware

Steps To Perform:

Download/Install

Select "Check For Updates"

Perform a "Full Scan"

Select All Drivers

If viruses are detected then do the following:
Show Results > Remove All > Restart

Post the results.

Regards,
Disruption

michael1026 · Feb 1, 2011

Malwarebytes was the first thing i tried. Update, I was looking through my processes, and noticed that there are 16 svchost.exe's if I'm not in safe mode.

xILemonHeadIx · Feb 2, 2011

Ryan L said: ↑

Yeah he edited the thread after I posted

OT: I suggest you look at this http://www.se7ensins...n-the-free-way/ and download:

CCleaner

SUPERAntiSpyware

Then run the programs and do the scans and it will remove all things that may harm your computer, norton didn't find half the stuff that Antispyware did.

You should never ever say it like that, the only full proof way to ensure that your computer is 100% clean is to format. What you say will give a false sense of security to others. A lot of people who spread their virus encrypt them so that they are FUD (Fully Undetectable) and as the name suggests virus scans will not detect them making them inefective. One of the best ways of checking you don't have a virus is by analysing a hijack this log and ensuring that none of the programs running are malicious. Also CCleaner will not remove or detect any virus as it is not a virus scanner.

michael1026 said: ↑

Malwarebytes was the first thing i tried. Update, I was looking through my processes, and noticed that there are 16 svchost.exe's if I'm not in safe mode.

There are meant to be multiple svchosts running at a time on your computer. It is hosting windows processes and more than one is used for safety so that if one crashes the whole of windows doesn't crash. This process is however commonly used as a process name for malware as every windows computer will have them running and the fact that there are multiple svchosts running makes it harder to notice.

michael1026 · Feb 2, 2011

xILemonHeadIx said: ↑

You should never ever say it like that, the only full proof way to ensure that your computer is 100% clean is to format. What you say will give a false sense of security to others. A lot of people who spread their virus encrypt them so that they are FUD (Fully Undetectable) and as the name suggests virus scans will not detect them making them inefective. One of the best ways of checking you don't have a virus is by analysing a hijack this log and ensuring that none of the programs running are malicious. Also CCleaner will not remove or detect any virus as it is not a virus scanner.

There are meant to be multiple svchosts running at a time on your computer. It is hosting windows processes and more than one is used for safety so that if one crashes the whole of windows doesn't crash. This process is however commonly used as a process name for malware as every windows computer will have them running and the fact that there are multiple svchosts running makes it harder to notice.

HiJackThis log.

Show Spoiler Hide Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:54:31 PM, on 1/29/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15494&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01C65DA9-D1F8-4A3B-A7CD-C923E47573EF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{01C65DA9-D1F8-4A3B-A7CD-C923E47573EF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{01C65DA9-D1F8-4A3B-A7CD-C923E47573EF}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Dell OSD Service (FOXOSDService) - Unknown owner - C:\Program Files\DELL\OSD\OSDSvr.exe
O23 - Service: Google Update Service (gupdate1ca17168aaae1e) (gupdate1ca17168aaae1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

xILemonHeadIx · Feb 2, 2011

michael1026 said: ↑

HiJackThis log.

Show Spoiler Hide Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:54:31 PM, on 1/29/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15494&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebo...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - http://lads.myspace....ceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01C65DA9-D1F8-4A3B-A7CD-C923E47573EF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{01C65DA9-D1F8-4A3B-A7CD-C923E47573EF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{01C65DA9-D1F8-4A3B-A7CD-C923E47573EF}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Dell OSD Service (FOXOSDService) - Unknown owner - C:\Program Files\DELL\OSD\OSDSvr.exe
O23 - Service: Google Update Service (gupdate1ca17168aaae1e) (gupdate1ca17168aaae1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

It's currently half 1 in the UK and I have school in the morning so I don't have any time to look through your log at all, and I myself am not a pro at it. This page will help you understand the log so that you yourself can analyze the log Link. Pay special attention to section O2. You will also need to use this website if you want to look up the CLSID Link. Make sure that when you are searching you are searching for CLSID, it can be used to search for many other things. I recommend reading the first link, if not all of it then then the begining of it, skim through most of it, though remember that all of it is important. If you need any more help in analyzing your log then google a tutorial, any questions just reply and I will help you if I can.

michael1026 · Feb 3, 2011

gulsh said: ↑

me and him solved the problem it is fixed

The virus is still on my computer. Norton is still showing all the risks it did before, about 2 a minute.

michael1026 · Feb 5, 2011

xILemonHeadIx said: ↑

It's currently half 1 in the UK and I have school in the morning so I don't have any time to look through your log at all, and I myself am not a pro at it. This page will help you understand the log so that you yourself can analyze the log Link. Pay special attention to section O2. You will also need to use this website if you want to look up the CLSID Link. Make sure that when you are searching you are searching for CLSID, it can be used to search for many other things. I recommend reading the first link, if not all of it then then the begining of it, skim through most of it, though remember that all of it is important. If you need any more help in analyzing your log then google a tutorial, any questions just reply and I will help you if I can.

Can anyone check out thehijackthis log out teamview me.

Swift 7s · Feb 7, 2011

The only thing that I can think of is clearing your Hard Drive and then freshly installing a new OS. But other than that I don't know. Wish I could be more helpful.

xILemonHeadIx · Feb 7, 2011

michael1026 said: ↑

Show Spoiler Hide Spoiler

Well I was wondering why my computer was acting up, and I looked at Norton 360's security history, and noticed this.

This happens about every minute, and the process that is doing it is what I use to login sometimes. What can I do? Can someone team-view me? Also, I have ran full virus scans. It found nothing.

Ok after looking more closely at the picture you can see that at the right hand side it tells you which program is causing this. It also tells us that it is trying to access a Norton file. If you look at what the "Actor" is you will be able to see which program is causing the problem and you will be able to see if you trust it or not. Also you can check the programs activity in taskmanager by adding the column to display the PID number and look for the PID of the "Actor" to see if it is still running. This will again allow you to see if it is a program you trust and kill the process at the same time.

michael1026 · Feb 7, 2011

xILemonHeadIx said: ↑

Ok after looking more closely at the picture you can see that at the right hand side it tells you which program is causing this. It also tells us that it is trying to access a Norton file. If you look at what the "Actor" is you will be able to see which program is causing the problem and you will be able to see if you trust it or not. Also you can check the programs activity in taskmanager by adding the column to display the PID number and look for the PID of the "Actor" to see if it is still running. This will again allow you to see if it is a program you trust and kill the process at the same time.

The actor keeps changing. It attaches itself to other programs that I have installed and uses them to attack other things. I have also been looking through my processes and services. I don't really see anything suspicious. I have looked through a gmer log. I posted it on bleepingcomputer.com. It shows that I have hidden files. Here is a small part of the log.

Show Spoiler Hide Spoiler

Library C:\Program (*** hidden *** ) @ C:\Program [3820] 0x00400000
Library C:\Windows\system32\mfevtps.exe (*** hidden *** ) @ C:\Windows\system32\mfevtps.exe [3916] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14100000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540]

iSyn · Feb 7, 2011

I'd recommend avast! anti-virus. Great program, and free.

mirGantrophy · Feb 7, 2011

NotSoFastPaced said: ↑

The only thing that I can think of is clearing your Hard Drive and then freshly installing a new OS. But other than that I don't know. Wish I could be more helpful.

I can teamview, but one question. Why is 'C:\Windows\System32\wscript.exe' running. I have never seen it running before, unless a logic bomb or payload virus was active (from my experience)

I also don't see anything malicious from the log (after skimming) but I do NOT like BHO (toolbars) especially ASK. Many toolbars are spyware or 'spamware' and can contribute to viruses.

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

michael1026 · Feb 8, 2011

xGrim said: ↑

I can teamview, but one question. Why is 'C:\Windows\System32\wscript.exe' running. I have never seen it running before, unless a logic bomb or payload virus was active (from my experience)

I also don't see anything malicious from the log (after skimming) but I do NOT like BHO (toolbars) especially ASK. Many toolbars are spyware or 'spamware' and can contribute to viruses.

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Here's my full log.
This is by GMER.

Show Spoiler Hide Spoiler

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-02 22:45:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000076 SAMSUNG_ rev.1AC0
Running: gmer.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwldifow.sys

---- System - GMER 1.0.15 ----

SSDT 88A9F0B0 ZwAlertResumeThread
SSDT 88A9D1A0 ZwAlertThread
SSDT 88BA8658 ZwAllocateVirtualMemory
SSDT 88290438 ZwAlpcConnectPort
SSDT 88B31048 ZwAssignProcessToJobObject
SSDT 88BB0F40 ZwCreateMutant
SSDT 88BB1B48 ZwCreateSymbolicLinkObject
SSDT 88BA5C00 ZwCreateThread
SSDT 88B10048 ZwDebugActiveProcess
SSDT 88BA8830 ZwDuplicateObject
SSDT 88BA94F8 ZwFreeVirtualMemory
SSDT 88AD4048 ZwImpersonateAnonymousToken
SSDT 88AA2120 ZwImpersonateThread
SSDT 88293F90 ZwLoadDriver
SSDT 88BA93D8 ZwMapViewOfSection
SSDT 88BE9048 ZwOpenEvent
SSDT 88BA9308 ZwOpenProcess
SSDT 884AC120 ZwOpenProcessToken
SSDT 88B0E048 ZwOpenSection
SSDT 88BA7250 ZwOpenThread
SSDT 88BB5600 ZwProtectVirtualMemory
SSDT 88A9D480 ZwResumeThread
SSDT 8897A120 ZwSetContextThread
SSDT 88BA73B0 ZwSetInformationProcess
SSDT 88B0F048 ZwSetSystemInformation
SSDT 88B09A18 ZwSuspendProcess
SSDT 884CE108 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F7E4620]
SSDT 8897C118 ZwTerminateThread
SSDT 884E1118 ZwUnmapViewOfSection
SSDT 88BA7FC0 ZwWriteVirtualMemory
SSDT 88BB1910 ZwCreateThreadEx

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0xB9E30919]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx [0xB9E3092D]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection [0xB9E309CF]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey [0xB9E3097F]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey [0xB9E309A7]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey [0xB9E30993]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess [0xB9E30957]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution [0xB9E309BB]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateUserProcess [0xB9E30943]
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8286F9D2 5 Bytes JMP B9E309BF \SystemRoot\system32\drivers\mfehidk.sys
.text ntkrnlpa.exe!KeSetEvent + 11D 828F0880 8 Bytes [B0, F0, A9, 88, A0, D1, A9, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 828F0894 4 Bytes [58, 86, BA, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 828F08A0 4 Bytes [38, 04, 29, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 828F08F4 4 Bytes [48, 10, B3, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828F0958 4 Bytes [40, 0F, BB, 88]
.text ...
? C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS The system cannot find the file specified. !
? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the file specified. !
? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96DDD77B-6E92-4F69-ACD8-54953AB69E01}\MpKsl0b0b24dd.sys The system cannot find the file specified. !
? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96DDD77B-6E92-4F69-ACD8-54953AB69E01}\MpKsla013b8b6.sys The system cannot find the file specified. !
? system32\drivers\mfehidk.sys The system cannot find the path specified. !
? system32\drivers\mfetdik.sys The system cannot find the path specified. !
? C:\Users\Michael\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 006B000A
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 006B001B
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00090F2B
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00090067
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00090EFF
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 0009008C
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00090F5E
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0009001B
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00090FC0
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00090F3C
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00090F79
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00090FA5
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00090F8A
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0009002C
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00090F4D
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000900B1
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0009000A
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00090FEF
.text C:\Windows\system32\services.exe[700] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00090F1A
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00070F7C
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070FA8
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070F8D
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00070039
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00070FC3
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00070FD4
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070014
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 000A0FD1
.text C:\Windows\system32\services.exe[700] msvcrt.dll!system 77BE804B 5 Bytes JMP 000A0066
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 000A003A
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_open 77BED106 5 Bytes JMP 000A000C
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 000A0055
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 000A001D
.text C:\Windows\system32\services.exe[700] WS2_32.dll!socket 767036D1 5 Bytes JMP 00080000
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 009C0025
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 009C000A
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00990F79
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00990F94
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 009900E1
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00990F54
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00990FC0
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00990FE5
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00990036
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00990FA5
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 0099008E
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 0099006C
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 0099007D
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0099005B
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 009900B5
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00990F25
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00990025
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00990000
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 009900D0
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0093006C
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00930FCA
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00930000
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00930051
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00930FAF
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00930025
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00930FE5
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00930036
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 009B0F75
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!system 77BE804B 5 Bytes JMP 009B0F9A
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 009B0FBC
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_open 77BED106 5 Bytes JMP 009B0000
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 009B0FAB
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 009B0FD7
.text C:\Windows\system32\lsass.exe[716] WS2_32.dll!socket 767036D1 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00130025
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00110F46
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 0011008C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00110F1A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 001100B1
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00110F6B
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00110FD4
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00110FC3
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 0011007B
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00110045
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00110F97
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00110F7C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00110FA8
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 0011006A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00110EFF
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00110FE5
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00110F2B
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 0012003D
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!system 77BE804B 5 Bytes JMP 00120FBC
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00120011
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_open 77BED106 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 0012002C
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00120FE3
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 000F0062
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 000F0FDB
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 000F0FC0
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 000F007D
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 000F0036
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 000F0047
.text C:\Windows\system32\svchost.exe[868] WS2_32.dll!socket 767036D1 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00770F3C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 0077008C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00770F09
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00770F1A
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00770042
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00770FAF
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00770F57
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00770F68
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00770F9E
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00770F79
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00770025
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 0077005D
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 007700BB
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00770F2B
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00780FA6
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!system 77BE804B 5 Bytes JMP 00780FC1
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00780FE3
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_open 77BED106 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00780FD2
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0078001D
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00200F9E
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00200036
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00200FAF
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00200065
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00200025
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00200014
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00200FD4
.text C:\Windows\system32\svchost.exe[976] WS2_32.dll!socket 767036D1 5 Bytes JMP 00760000
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0072001B
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00720FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 007000C2
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00700F7C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 007000F8
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 007000DD
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00700F9E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0070001B
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 0070002C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00700F8D
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00700078
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 0070005B
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00700FB9
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00700FCA
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00700093
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00700F46
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0070000A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00700FEF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00700F61
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00710FA8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 77BE804B 5 Bytes JMP 00710033
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00710FD4
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 77BED106 5 Bytes JMP 00710FEF
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00710FC3
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0071000C
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00240F72
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00240F9E
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00240FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00240F83
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00240F61
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 0024000A
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00240FCA
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00240FB9
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 767036D1 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 01700FEF
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0170001B
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 01700000
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 016A0F4D
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 016A0F5E
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 016A0F1E
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 016A00B5
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 016A0089
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 016A001B
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 016A0FCA
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 016A0F79
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 016A006C
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 016A0040
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 016A005B
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 016A0FB9
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 016A0F94
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 016A0F0D
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 016A0FE5
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 016A0000
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 016A00A4
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 016F0044
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!system 77BE804B 5 Bytes JMP 016F0033
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 016F0FDE
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_open 77BED106 5 Bytes JMP 016F0FEF
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 016F0FC3
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 016F000C
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00FE0F9E
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00FE002F
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00FE004A
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00FE0F8D
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00FE0FD4
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00FE0FB9
.text C:\Windows\System32\svchost.exe[1184] WS2_32.dll!socket 767036D1 5 Bytes JMP 01650FEF
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 02B20000
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 02B2002C
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 02B2001B
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 01EB0F57
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 01EB009D
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 01EB00CC
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 01EB0F35
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 01EB0078
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 01EB0FD4
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 01EB0025
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 01EB0F68
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 01EB0051
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 01EB0040
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 01EB0F9E
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 01EB0FB9
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 01EB0F79
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 01EB0F24
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 01EB000A
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 01EB0FEF
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 01EB0F46
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wsystem 77BE7F2F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 02B00033
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!system 77BE804B 5 Bytes JMP 02B00018
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 02B00FC3
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_open 77BED106 5 Bytes JMP 02B00FEF
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 02B00FB2
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 02B00FDE
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 01E90065
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 01E90039
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 01E90FEF
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 01E9004A
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 01E90076
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 01E9001E
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 01E90FDE
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 01E90FC3
.text C:\Windows\System32\svchost.exe[1276] WS2_32.dll!socket 767036D1 5 Bytes JMP 01EA0FEF
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenA 77C639BF 5 Bytes JMP 02B1000A
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenUrlA 77C65979 5 Bytes JMP 02B1002C
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenW 77C78154 5 Bytes JMP 02B1001B
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenUrlW 77CCB98A 5 Bytes JMP 02B10FE5
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 01340000
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 01340025
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 01340FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 012D007D
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 012D0F41
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 012D0EE6
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 012D0F01
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 012D0036
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 012D0FCA
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 012D001B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 012D006C
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 012D0F52
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 012D0F8A
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 012D0F6F
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 012D0FAF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 012D0047
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 012D0098
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 012D0FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 012D000A
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 012D0F1C
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 012E0F95
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 77BE804B 5 Bytes JMP 012E0FA6
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 012E0FD2
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 77BED106 5 Bytes JMP 012E000C
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 012E0FB7
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 012E0FEF
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 010E0040
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 010E0FB9
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 010E0FE5
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 010E0F9E
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 010E0F8D
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 010E000A
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 010E0FD4
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 010E001B
.text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 767036D1 5 Bytes JMP 012C0FEF
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenA 77C639BF 5 Bytes JMP 01330000
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenUrlA 77C65979 5 Bytes JMP 01330FD1
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenW 77C78154 5 Bytes JMP 01330011
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenUrlW 77CCB98A 5 Bytes JMP 01330FC0
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 0009008B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 0009007A
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00090F16
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000900AD
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0009004E
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00090FB6
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 0009005F
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00090F80
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00090F91
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00090033
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00090F4F
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000900C8
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 0009009C
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 000A0FC1
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 77BE804B 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 000A0FE3
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 77BED106 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 000A0038
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 000A001D
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0007005B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070FAF
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 0007002C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070FDB
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 767036D1 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 008800DA
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00880F94
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00880F5E
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 008800F5
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00880090
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00880022
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00880FD1
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 008800BF
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 0088007F
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00880FB6
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00880062
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0088003D
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00880FA5
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00880110
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00880011
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00880F6F
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00890F81
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system 77BE804B 5 Bytes JMP 00890FA6
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00890FC1
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open 77BED106 5 Bytes JMP 00890FE3
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00890016
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00890FD2
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 000E0054
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 000E0FB2
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 000E0043
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 000E0FA1
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 000E0FCD
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 000E001E
.text C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket 767036D1 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenA 77C639BF 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 77C65979 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenW 77C78154 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 77CCB98A 5 Bytes JMP 008A0FAF
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 000C007F
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 000C0F39
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 000C00AB
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000C009A
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 000C0049
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 000C0011
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 000C0FB6
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 000C006E
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 000C0038
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 000C0F8A
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 000C0F6F
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 000C0F9B
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 000C0F54
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000C0EEF
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 000C0FDB
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 000C0F28
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 001E0FA6
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!system 77BE804B 5 Bytes JMP 001E0031
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 001E0FC1
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_open 77BED106 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 001E000C
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 001E0FD2
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00090FB9
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00090FCA
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00090076
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00090036
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 0009001B
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00090051
.text C:\Windows\system32\svchost.exe[1672] WS2_32.dll!socket 767036D1 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00940040
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0094001B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 0092007D
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00920F37
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00920098
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00920F0B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00920F7E
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00920FCA
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 0092001B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00920F52
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00920F8F
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00920047
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00920058
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0092002C
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00920F63
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00920EF0
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00920000
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00920FE5
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00920F1C
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00930036
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!system 77BE804B 5 Bytes JMP 00930FAB
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00930000
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_open 77BED106 5 Bytes JMP 00930FE3
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 0093001B
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00930FC6
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0088005B
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 0088002F
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 0088004A
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00880F9E
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00880FD4
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00880FE5
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00880FC3
.text C:\Windows\system32\svchost.exe[1692] WS2_32.dll!socket 767036D1 5 Bytes JMP 008D000A
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 01450FEF
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0145001B
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0145000A
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00D7005B
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00D70F1F
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00D70076
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00D70EDF
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00D70039
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00D70FCD
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00D7001E
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00D7004A
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00D70F5F
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00D70FA1
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00D70F7C
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00D70FB2
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00D70F44
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00D70ECE
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00D70FDE
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00D70FEF
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00D70F04
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 01440F95
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!system 77BE804B 5 Bytes JMP 01440020
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 01440FC1
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_open 77BED106 5 Bytes JMP 01440FE3
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 01440FB0
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 01440FD2
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 009C0F72
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 009C0FA1
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 009C001E
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 009C002F
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 009C0FCD
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 009C0FDE
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 009C0FBC
.text C:\Windows\system32\svchost.exe[1976] WS2_32.dll!socket 767036D1 5 Bytes JMP 00D60FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 5E120FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 5E120FCD
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 5E120FDE
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 03AA00AB
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 03AA009A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 03AA0F2F
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 03AA0F40
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 03AA007F
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 03AA000A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 03AA001B
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 03AA0F6F
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 03AA006E
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 03AA0051
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 03AA0FAF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 03AA0036
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 03AA0F80
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 03AA0F1E
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 03AA0FD4
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 03AA0FE5
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 03AA00BC
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 5E110075
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!system 77BE804B 5 Bytes JMP 5E11005A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 5E11002E
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_open 77BED106 5 Bytes JMP 5E11000C
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 5E110049
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 5E11001D
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 03A8006C
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 03A80040
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 03A80FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 03A80051
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 03A80FA5
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 03A80025
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 03A8000A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 03A80FCA
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] WS2_32.dll!socket 767036D1 5 Bytes JMP 03A90000
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00110FEF
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0011001B
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 000F0F6D
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 000F00A9
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 000F00F0
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000F00DF
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 000F0073
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 000F0011
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 000F0FB6
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 000F0098
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 000F0062
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 000F0FA5
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 000F0051
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 000F002C
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 000F0F88
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000F0F3E
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 000F00CE
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00100047
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!system 77BE804B 5 Bytes JMP 00100FB2
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00100018
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_open 77BED106 5 Bytes JMP 00100FEF
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00100FC3
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00100FDE
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070FAF
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070036
.text C:\Windows\system32\svchost.exe[2164] WS2_32.dll!socket 767036D1 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 000C001B
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00080F61
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 000800A7
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 000800EE
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000800DD
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0008005D
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0008002C
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00080FDB
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreatePipe 76758E6E 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00080F72
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00080F83
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00080FAF
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00080F9E
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00080FC0
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00080082
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00080F3C
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!WinExec 767C5CF7 3 Bytes JMP 000800C2
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!WinExec + 4 767C5CFB 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 000A0038
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!system 77BE804B 5 Bytes JMP 000A0027
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_open 77BED106 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 000A0FB7
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 000A000C
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070062
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 0007007D
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070036
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0037001B
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 003100CC
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00310F7C
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 003100F8
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00310F61
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00310F8D
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 0031002F
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 003100A7
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00310FA8
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 0031004A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 0031005B
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 0031008C
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00310F50
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 0031000A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 003100DD
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00320064
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!system 77BE804B 5 Bytes JMP 00320FD9
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 0032002E
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_open 77BED106 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00320049
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0032001D
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 001E0043
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 001E0FA1
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 001E0028
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 001E0F86
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 001E0FCD
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 001E0FBC
.text C:\Windows\system32\svchost.exe[2420] WS2_32.dll!socket 767036D1 5 Bytes JMP 00300FEF
.text C:\Windows\System32\svchost.exe[2560] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[2560] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00220FC3
.text C:\Windows\System32\svchost.exe[2560] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00220FDE
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00140F47
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00140F58
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 001400CD
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00140F36
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0014004D
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00140FD4
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00140FC3
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00140079
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00140F7F
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00140FA1
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00140F90
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00140FB2
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00140068
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00140F11
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0014000A
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00140FEF
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 001400A8
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00210038
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!system 77BE804B 5 Bytes JMP 00210FAD
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00210027
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_open 77BED106 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00210FC8
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0021000C
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00050044
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00050022
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00050033
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00050F87
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[2560] WS2_32.dll!socket 767036D1 5 Bytes JMP 00060000
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 77DC43DA 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 77DC43DF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + B 77DC4B2F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 77DC4BBA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 77DC4BBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 77DC4C3A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 77DC4C3F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 77DC4C4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4C5A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 77DC4C5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 77DC4CAA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 77DC4CAF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 77DC4CBA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 77DC4CBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 77DC4CCF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 77DC4D5A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 77DC4D5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 77DC4E0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 77DC52EA 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 77DC52EF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 77DC533A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 77DC533F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 77DC55DF 1 Byte [E2]
.text C:\Windows\system32\DllHost.exe[2852] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00150FEF
.text C:\Windows\system32\DllHost.exe[2852] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00150014
.text C:\Windows\system32\DllHost.exe[2852] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00150FDE
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00130078
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00130F3C
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00130EE8
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00130F03
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0013005D
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00130FC0
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00130FAF
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00130F4D
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00130040
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00130F94
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00130F83
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0013001B
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00130F68
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00130ED7
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00130000
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00130FE5
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00130089
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00140F9A
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!system 77BE804B 5 Bytes JMP 00140025
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00140FB5
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_open 77BED106 5 Bytes JMP 00140FE3
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00140014
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00140FC6
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0012003D
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00120FB6
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00120000
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00120F9B
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00120F80
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00120FDB
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00120011
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00120022
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + 6 77DC43DA 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + B 77DC43DF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + B 77DC4B2F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + 6 77DC4BBA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + B 77DC4BBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + 6 77DC4C3A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + B 77DC4C3F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + B 77DC4C4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4C5A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + B 77DC4C5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + 6 77DC4CAA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + B 77DC4CAF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + 6 77DC4CBA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + B 77DC4CBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + B 77DC4CCF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + 6 77DC4D5A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + B 77DC4D5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + B 77DC4E0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + 6 77DC52EA 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + B 77DC52EF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + 6 77DC533A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + B 77DC533F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + B 77DC55DF 1 Byte [E2]
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 001900A4
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00190093
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00190F0D
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00190F28
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00190F83
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00190FAF
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00190078
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00190040
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00190051
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00190F72
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 001900C9
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00190F43
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 001A0FAD
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!system 77BE804B 5 Bytes JMP 001A0038
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 001A000C
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_open 77BED106 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 001A001D
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 001A0FD2
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00090FB6
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00090047
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00090058
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00090073
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00090FDB
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 0009002C
.text C:\Windows\system32\svchost.exe[3032] WS2_32.dll!socket 767036D1 5 Bytes JMP 000A0FE5
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtCreateFile + 6 77DC43DA 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtCreateFile + B 77DC43DF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + B 77DC4B2F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenFile + 6 77DC4BBA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenFile + B 77DC4BBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcess + 6 77DC4C3A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcess + B 77DC4C3F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessToken + B 77DC4C4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4C5A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessTokenEx + B 77DC4C5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThread + 6 77DC4CAA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThread + B 77DC4CAF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadToken + 6 77DC4CBA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadToken + B 77DC4CBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadTokenEx + B 77DC4CCF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryAttributesFile + 6 77DC4D5A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryAttributesFile + B 77DC4D5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryFullAttributesFile + B 77DC4E0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationFile + 6 77DC52EA 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationFile + B 77DC52EF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationThread + 6 77DC533A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationThread + B 77DC533F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + B 77DC55DF 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp mfetdik.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [3820] 0x00400000
Library C:\Windows\system32\mfevtps.exe (*** hidden *** ) @ C:\Windows\system32\mfevtps.exe [3916] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14100000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14100000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb5024b2 0x4F 0xCC 0x45 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0022a90e9d73 0xB2 0x07 0x3D 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb89cb09 0x39 0x88 0xAF 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a58e6239 0x9C 0x54 0xF8 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a5fa8ef4 0x0C 0xB6 0xF7 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0025e52062ff 0x12 0x74 0x83 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0015d39af765 0xE5 0x25 0x65 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb5024b2 0x4F 0xCC 0x45 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0022a90e9d73 0xB2 0x07 0x3D 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb89cb09 0x39 0x88 0xAF 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a58e6239 0x9C 0x54 0xF8 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a5fa8ef4 0x0C 0xB6 0xF7 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0025e52062ff 0x12 0x74 0x83 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0015d39af765 0xE5 0x25 0x65 0x12 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Logs\TempLog.Lue 11904 bytes

mirGantrophy · Feb 8, 2011

michael1026 said: ↑

Here's my full log.
This is by GMER.

Show Spoiler Hide Spoiler

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-02 22:45:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000076 SAMSUNG_ rev.1AC0
Running: gmer.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwldifow.sys

---- System - GMER 1.0.15 ----

SSDT 88A9F0B0 ZwAlertResumeThread
SSDT 88A9D1A0 ZwAlertThread
SSDT 88BA8658 ZwAllocateVirtualMemory
SSDT 88290438 ZwAlpcConnectPort
SSDT 88B31048 ZwAssignProcessToJobObject
SSDT 88BB0F40 ZwCreateMutant
SSDT 88BB1B48 ZwCreateSymbolicLinkObject
SSDT 88BA5C00 ZwCreateThread
SSDT 88B10048 ZwDebugActiveProcess
SSDT 88BA8830 ZwDuplicateObject
SSDT 88BA94F8 ZwFreeVirtualMemory
SSDT 88AD4048 ZwImpersonateAnonymousToken
SSDT 88AA2120 ZwImpersonateThread
SSDT 88293F90 ZwLoadDriver
SSDT 88BA93D8 ZwMapViewOfSection
SSDT 88BE9048 ZwOpenEvent
SSDT 88BA9308 ZwOpenProcess
SSDT 884AC120 ZwOpenProcessToken
SSDT 88B0E048 ZwOpenSection
SSDT 88BA7250 ZwOpenThread
SSDT 88BB5600 ZwProtectVirtualMemory
SSDT 88A9D480 ZwResumeThread
SSDT 8897A120 ZwSetContextThread
SSDT 88BA73B0 ZwSetInformationProcess
SSDT 88B0F048 ZwSetSystemInformation
SSDT 88B09A18 ZwSuspendProcess
SSDT 884CE108 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F7E4620]
SSDT 8897C118 ZwTerminateThread
SSDT 884E1118 ZwUnmapViewOfSection
SSDT 88BA7FC0 ZwWriteVirtualMemory
SSDT 88BB1910 ZwCreateThreadEx

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0xB9E30919]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx [0xB9E3092D]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection [0xB9E309CF]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey [0xB9E3097F]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey [0xB9E309A7]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey [0xB9E30993]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess [0xB9E30957]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution [0xB9E309BB]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateUserProcess [0xB9E30943]
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8286F9D2 5 Bytes JMP B9E309BF \SystemRoot\system32\drivers\mfehidk.sys
.text ntkrnlpa.exe!KeSetEvent + 11D 828F0880 8 Bytes [B0, F0, A9, 88, A0, D1, A9, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 828F0894 4 Bytes [58, 86, BA, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 828F08A0 4 Bytes [38, 04, 29, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 828F08F4 4 Bytes [48, 10, B3, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828F0958 4 Bytes [40, 0F, BB, 88]
.text ...
? C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS The system cannot find the file specified. !
? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the file specified. !
? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96DDD77B-6E92-4F69-ACD8-54953AB69E01}\MpKsl0b0b24dd.sys The system cannot find the file specified. !
? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96DDD77B-6E92-4F69-ACD8-54953AB69E01}\MpKsla013b8b6.sys The system cannot find the file specified. !
? system32\drivers\mfehidk.sys The system cannot find the path specified. !
? system32\drivers\mfetdik.sys The system cannot find the path specified. !
? C:\Users\Michael\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 006B000A
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 006B001B
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00090F2B
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00090067
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00090EFF
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 0009008C
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00090F5E
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0009001B
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00090FC0
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00090F3C
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00090F79
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00090FA5
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00090F8A
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0009002C
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00090F4D
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000900B1
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0009000A
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00090FEF
.text C:\Windows\system32\services.exe[700] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00090F1A
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00070F7C
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070FA8
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070F8D
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00070039
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00070FC3
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00070FD4
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070014
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 000A0FD1
.text C:\Windows\system32\services.exe[700] msvcrt.dll!system 77BE804B 5 Bytes JMP 000A0066
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 000A003A
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_open 77BED106 5 Bytes JMP 000A000C
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 000A0055
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 000A001D
.text C:\Windows\system32\services.exe[700] WS2_32.dll!socket 767036D1 5 Bytes JMP 00080000
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 009C0025
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 009C000A
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00990F79
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00990F94
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 009900E1
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00990F54
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00990FC0
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00990FE5
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00990036
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00990FA5
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 0099008E
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 0099006C
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 0099007D
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0099005B
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 009900B5
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00990F25
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00990025
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00990000
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 009900D0
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0093006C
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00930FCA
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00930000
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00930051
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00930FAF
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00930025
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00930FE5
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00930036
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 009B0F75
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!system 77BE804B 5 Bytes JMP 009B0F9A
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 009B0FBC
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_open 77BED106 5 Bytes JMP 009B0000
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 009B0FAB
.text C:\Windows\system32\lsass.exe[716] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 009B0FD7
.text C:\Windows\system32\lsass.exe[716] WS2_32.dll!socket 767036D1 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00130025
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00110F46
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 0011008C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00110F1A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 001100B1
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00110F6B
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00110FD4
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00110FC3
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 0011007B
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00110045
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00110F97
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00110F7C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00110FA8
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 0011006A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00110EFF
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00110FE5
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00110F2B
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 0012003D
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!system 77BE804B 5 Bytes JMP 00120FBC
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00120011
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_open 77BED106 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 0012002C
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00120FE3
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 000F0062
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 000F0FDB
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 000F0FC0
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 000F007D
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 000F0036
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 000F0047
.text C:\Windows\system32\svchost.exe[868] WS2_32.dll!socket 767036D1 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00790FDE
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00770F3C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 0077008C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00770F09
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00770F1A
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00770042
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00770FAF
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00770F57
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00770F68
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00770F9E
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00770F79
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00770025
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 0077005D
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 007700BB
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00770F2B
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00780FA6
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!system 77BE804B 5 Bytes JMP 00780FC1
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00780FE3
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_open 77BED106 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00780FD2
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0078001D
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00200F9E
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00200036
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00200FAF
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00200065
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00200025
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00200014
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00200FD4
.text C:\Windows\system32\svchost.exe[976] WS2_32.dll!socket 767036D1 5 Bytes JMP 00760000
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0072001B
.text C:\Windows\System32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00720FE5
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 007000C2
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00700F7C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 007000F8
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 007000DD
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00700F9E
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0070001B
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 0070002C
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00700F8D
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00700078
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 0070005B
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00700FB9
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00700FCA
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00700093
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00700F46
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0070000A
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00700FEF
.text C:\Windows\System32\svchost.exe[1148] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00700F61
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00710FA8
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!system 77BE804B 5 Bytes JMP 00710033
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00710FD4
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_open 77BED106 5 Bytes JMP 00710FEF
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00710FC3
.text C:\Windows\System32\svchost.exe[1148] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0071000C
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00240F72
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00240F9E
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00240FE5
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00240F83
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00240F61
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 0024000A
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00240FCA
.text C:\Windows\System32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00240FB9
.text C:\Windows\System32\svchost.exe[1148] WS2_32.dll!socket 767036D1 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 01700FEF
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0170001B
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 01700000
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 016A0F4D
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 016A0F5E
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 016A0F1E
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 016A00B5
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 016A0089
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 016A001B
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 016A0FCA
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 016A0F79
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 016A006C
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 016A0040
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 016A005B
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 016A0FB9
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 016A0F94
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 016A0F0D
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 016A0FE5
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 016A0000
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 016A00A4
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 016F0044
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!system 77BE804B 5 Bytes JMP 016F0033
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 016F0FDE
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_open 77BED106 5 Bytes JMP 016F0FEF
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 016F0FC3
.text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 016F000C
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00FE0F9E
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00FE002F
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00FE004A
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00FE0F8D
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00FE0FD4
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00FE0FB9
.text C:\Windows\System32\svchost.exe[1184] WS2_32.dll!socket 767036D1 5 Bytes JMP 01650FEF
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 02B20000
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 02B2002C
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 02B2001B
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 01EB0F57
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 01EB009D
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 01EB00CC
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 01EB0F35
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 01EB0078
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 01EB0FD4
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 01EB0025
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 01EB0F68
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 01EB0051
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 01EB0040
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 01EB0F9E
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 01EB0FB9
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 01EB0F79
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 01EB0F24
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 01EB000A
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 01EB0FEF
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 01EB0F46
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wsystem 77BE7F2F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 02B00033
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!system 77BE804B 5 Bytes JMP 02B00018
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 02B00FC3
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_open 77BED106 5 Bytes JMP 02B00FEF
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 02B00FB2
.text C:\Windows\System32\svchost.exe[1276] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 02B00FDE
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 01E90065
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 01E90039
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 01E90FEF
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 01E9004A
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 01E90076
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 01E9001E
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 01E90FDE
.text C:\Windows\System32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 01E90FC3
.text C:\Windows\System32\svchost.exe[1276] WS2_32.dll!socket 767036D1 5 Bytes JMP 01EA0FEF
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenA 77C639BF 5 Bytes JMP 02B1000A
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenUrlA 77C65979 5 Bytes JMP 02B1002C
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenW 77C78154 5 Bytes JMP 02B1001B
.text C:\Windows\System32\svchost.exe[1276] WININET.dll!InternetOpenUrlW 77CCB98A 5 Bytes JMP 02B10FE5
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 01340000
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 01340025
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 01340FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 012D007D
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 012D0F41
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 012D0EE6
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 012D0F01
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 012D0036
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 012D0FCA
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 012D001B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 012D006C
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 012D0F52
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 012D0F8A
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 012D0F6F
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 012D0FAF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 012D0047
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 012D0098
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 012D0FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 012D000A
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 012D0F1C
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 012E0F95
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 77BE804B 5 Bytes JMP 012E0FA6
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 012E0FD2
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 77BED106 5 Bytes JMP 012E000C
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 012E0FB7
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 012E0FEF
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 010E0040
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 010E0FB9
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 010E0FE5
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 010E0F9E
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 010E0F8D
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 010E000A
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 010E0FD4
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 010E001B
.text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 767036D1 5 Bytes JMP 012C0FEF
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenA 77C639BF 5 Bytes JMP 01330000
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenUrlA 77C65979 5 Bytes JMP 01330FD1
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenW 77C78154 5 Bytes JMP 01330011
.text C:\Windows\system32\svchost.exe[1296] WININET.dll!InternetOpenUrlW 77CCB98A 5 Bytes JMP 01330FC0
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 0009008B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 0009007A
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00090F16
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000900AD
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0009004E
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00090FB6
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 0009005F
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00090F80
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00090F91
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00090033
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00090F4F
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000900C8
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 0009009C
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 000A0FC1
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 77BE804B 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 000A0FE3
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 77BED106 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 000A0038
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 000A001D
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0007005B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070FAF
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 0007002C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070FDB
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 767036D1 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 008800DA
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00880F94
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00880F5E
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 008800F5
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00880090
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00880022
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00880FD1
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 008800BF
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 0088007F
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00880FB6
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00880062
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0088003D
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00880FA5
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00880110
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00880011
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00880F6F
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00890F81
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system 77BE804B 5 Bytes JMP 00890FA6
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00890FC1
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open 77BED106 5 Bytes JMP 00890FE3
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00890016
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00890FD2
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 000E0054
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 000E0FB2
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 000E0043
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 000E0FA1
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 000E0FCD
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 000E001E
.text C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket 767036D1 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenA 77C639BF 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 77C65979 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenW 77C78154 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 77CCB98A 5 Bytes JMP 008A0FAF
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 000C007F
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 000C0F39
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 000C00AB
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000C009A
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 000C0049
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 000C0011
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 000C0FB6
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 000C006E
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 000C0038
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 000C0F8A
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 000C0F6F
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 000C0F9B
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 000C0F54
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000C0EEF
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 000C0FDB
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 000C0F28
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 001E0FA6
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!system 77BE804B 5 Bytes JMP 001E0031
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 001E0FC1
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_open 77BED106 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 001E000C
.text C:\Windows\system32\svchost.exe[1672] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 001E0FD2
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00090FB9
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00090FCA
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00090076
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00090036
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 0009001B
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00090051
.text C:\Windows\system32\svchost.exe[1672] WS2_32.dll!socket 767036D1 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00940040
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0094001B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 0092007D
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00920F37
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00920098
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00920F0B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00920F7E
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00920FCA
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 0092001B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00920F52
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00920F8F
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00920047
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00920058
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0092002C
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00920F63
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00920EF0
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00920000
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00920FE5
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00920F1C
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00930036
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!system 77BE804B 5 Bytes JMP 00930FAB
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00930000
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_open 77BED106 5 Bytes JMP 00930FE3
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 0093001B
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00930FC6
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0088005B
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 0088002F
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 0088004A
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00880F9E
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00880FD4
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00880FE5
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00880FC3
.text C:\Windows\system32\svchost.exe[1692] WS2_32.dll!socket 767036D1 5 Bytes JMP 008D000A
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 01450FEF
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0145001B
.text C:\Windows\system32\svchost.exe[1976] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0145000A
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00D7005B
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00D70F1F
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00D70076
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00D70EDF
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00D70039
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00D70FCD
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00D7001E
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00D7004A
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00D70F5F
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00D70FA1
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00D70F7C
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00D70FB2
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00D70F44
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00D70ECE
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00D70FDE
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00D70FEF
.text C:\Windows\system32\svchost.exe[1976] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00D70F04
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 01440F95
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!system 77BE804B 5 Bytes JMP 01440020
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 01440FC1
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_open 77BED106 5 Bytes JMP 01440FE3
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 01440FB0
.text C:\Windows\system32\svchost.exe[1976] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 01440FD2
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 009C0F72
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 009C0FA1
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 009C001E
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 009C002F
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 009C0FCD
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 009C0FDE
.text C:\Windows\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 009C0FBC
.text C:\Windows\system32\svchost.exe[1976] WS2_32.dll!socket 767036D1 5 Bytes JMP 00D60FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 5E120FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 5E120FCD
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 5E120FDE
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 03AA00AB
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 03AA009A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 03AA0F2F
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 03AA0F40
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 03AA007F
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 03AA000A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 03AA001B
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 03AA0F6F
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 03AA006E
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 03AA0051
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 03AA0FAF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 03AA0036
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 03AA0F80
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 03AA0F1E
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 03AA0FD4
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 03AA0FE5
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 03AA00BC
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 5E110075
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!system 77BE804B 5 Bytes JMP 5E11005A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 5E11002E
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_open 77BED106 5 Bytes JMP 5E11000C
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 5E110049
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 5E11001D
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 03A8006C
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 03A80040
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 03A80FEF
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 03A80051
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 03A80FA5
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 03A80025
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 03A8000A
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 03A80FCA
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[2036] WS2_32.dll!socket 767036D1 5 Bytes JMP 03A90000
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00110FEF
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0011001B
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 000F0F6D
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 000F00A9
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 000F00F0
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000F00DF
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 000F0073
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 000F0011
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 000F0FB6
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 000F0098
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 000F0062
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 000F0FA5
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 000F0051
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 000F002C
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 000F0F88
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 000F0F3E
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 000F00CE
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00100047
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!system 77BE804B 5 Bytes JMP 00100FB2
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00100018
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_open 77BED106 5 Bytes JMP 00100FEF
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00100FC3
.text C:\Windows\system32\svchost.exe[2164] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00100FDE
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070FAF
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00070F94
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070036
.text C:\Windows\system32\svchost.exe[2164] WS2_32.dll!socket 767036D1 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 000C001B
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00080F61
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 000800A7
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 000800EE
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 000800DD
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0008005D
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0008002C
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00080FDB
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreatePipe 76758E6E 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00080F72
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00080F83
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00080FAF
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00080F9E
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00080FC0
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00080082
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00080F3C
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!WinExec 767C5CF7 3 Bytes JMP 000800C2
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!WinExec + 4 767C5CFB 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 000A0038
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!system 77BE804B 5 Bytes JMP 000A0027
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_open 77BED106 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 000A0FB7
.text C:\Windows\system32\svchost.exe[2204] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 000A000C
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00070062
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 0007007D
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00070036
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 0037001B
.text C:\Windows\system32\svchost.exe[2420] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 003100CC
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00310F7C
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 003100F8
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00310F61
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00310F8D
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 0031002F
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 003100A7
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00310FA8
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 0031004A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 0031005B
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 0031008C
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00310F50
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 0031000A
.text C:\Windows\system32\svchost.exe[2420] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 003100DD
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00320064
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!system 77BE804B 5 Bytes JMP 00320FD9
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 0032002E
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_open 77BED106 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00320049
.text C:\Windows\system32\svchost.exe[2420] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0032001D
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 001E0043
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 001E0FA1
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 001E0028
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 001E0F86
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 001E0FCD
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\svchost.exe[2420] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 001E0FBC
.text C:\Windows\system32\svchost.exe[2420] WS2_32.dll!socket 767036D1 5 Bytes JMP 00300FEF
.text C:\Windows\System32\svchost.exe[2560] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[2560] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00220FC3
.text C:\Windows\System32\svchost.exe[2560] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00220FDE
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00140F47
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00140F58
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 001400CD
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00140F36
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0014004D
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00140FD4
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00140FC3
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00140079
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00140F7F
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00140FA1
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00140F90
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 00140FB2
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00140068
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00140F11
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 0014000A
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00140FEF
.text C:\Windows\System32\svchost.exe[2560] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 001400A8
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00210038
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!system 77BE804B 5 Bytes JMP 00210FAD
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00210027
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_open 77BED106 5 Bytes JMP 00210FEF
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00210FC8
.text C:\Windows\System32\svchost.exe[2560] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 0021000C
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00050044
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00050022
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00050033
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00050F87
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[2560] WS2_32.dll!socket 767036D1 5 Bytes JMP 00060000
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 77DC43DA 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 77DC43DF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtMapViewOfSection + B 77DC4B2F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 77DC4BBA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 77DC4BBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 77DC4C3A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 77DC4C3F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 77DC4C4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4C5A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 77DC4C5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 77DC4CAA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 77DC4CAF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 77DC4CBA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 77DC4CBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 77DC4CCF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 77DC4D5A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 77DC4D5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 77DC4E0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 77DC52EA 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 77DC52EF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 77DC533A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 77DC533F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 77DC55DF 1 Byte [E2]
.text C:\Windows\system32\DllHost.exe[2852] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 00150FEF
.text C:\Windows\system32\DllHost.exe[2852] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00150014
.text C:\Windows\system32\DllHost.exe[2852] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00150FDE
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 00130078
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00130F3C
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00130EE8
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00130F03
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 0013005D
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 00130FC0
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00130FAF
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00130F4D
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00130040
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00130F94
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00130F83
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0013001B
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00130F68
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 00130ED7
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00130000
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00130FE5
.text C:\Windows\system32\DllHost.exe[2852] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00130089
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 00140F9A
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!system 77BE804B 5 Bytes JMP 00140025
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 00140FB5
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_open 77BED106 5 Bytes JMP 00140FE3
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 00140014
.text C:\Windows\system32\DllHost.exe[2852] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 00140FC6
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 0012003D
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00120FB6
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00120000
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00120F9B
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00120F80
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00120FDB
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00120011
.text C:\Windows\system32\DllHost.exe[2852] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 00120022
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + 6 77DC43DA 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + B 77DC43DF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + B 77DC4B2F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + 6 77DC4BBA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + B 77DC4BBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + 6 77DC4C3A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + B 77DC4C3F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + B 77DC4C4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4C5A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + B 77DC4C5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + 6 77DC4CAA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + B 77DC4CAF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + 6 77DC4CBA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + B 77DC4CBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + B 77DC4CCF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + 6 77DC4D5A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + B 77DC4D5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + B 77DC4E0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + 6 77DC52EA 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + B 77DC52EF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + 6 77DC533A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + B 77DC533F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + B 77DC55DF 1 Byte [E2]
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!NtCreateFile 77DC43D4 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!NtCreateProcess 77DC4494 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!NtProtectVirtualMemory 77DC4D34 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetStartupInfoW 76731929 5 Bytes JMP 001900A4
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetStartupInfoA 767319C9 5 Bytes JMP 00190093
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateProcessW 76731BF3 5 Bytes JMP 00190F0D
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateProcessA 76731C28 5 Bytes JMP 00190F28
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!VirtualProtect 76731DC3 5 Bytes JMP 00190F83
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateNamedPipeA 76732EF5 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateNamedPipeW 76735C0C 5 Bytes JMP 00190FAF
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreatePipe 76758E6E 5 Bytes JMP 00190078
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryExW 76759109 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryW 76759362 5 Bytes JMP 00190040
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryExA 767594B4 5 Bytes JMP 00190051
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!LoadLibraryA 767594DC 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!VirtualProtectEx 7675DBDA 5 Bytes JMP 00190F72
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetProcAddress 7677903B 5 Bytes JMP 001900C9
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateFileW 7677AECB 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!CreateFileA 7677CE5F 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!WinExec 767C5CF7 5 Bytes JMP 00190F43
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_wsystem 77BE7F2F 5 Bytes JMP 001A0FAD
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!system 77BE804B 5 Bytes JMP 001A0038
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_creat 77BEBBE1 5 Bytes JMP 001A000C
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_open 77BED106 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_wcreat 77BED326 5 Bytes JMP 001A001D
.text C:\Windows\system32\svchost.exe[3032] msvcrt.dll!_wopen 77BED501 5 Bytes JMP 001A0FD2
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyExA 764239AB 5 Bytes JMP 00090FB6
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyA 76423BA9 5 Bytes JMP 00090047
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyA 764289C7 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyW 7643391E 5 Bytes JMP 00090058
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyExW 764341F1 5 Bytes JMP 00090073
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyExA 76437C42 5 Bytes JMP 00090FDB
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyW 7643E2B5 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyExW 76447BA1 5 Bytes JMP 0009002C
.text C:\Windows\system32\svchost.exe[3032] WS2_32.dll!socket 767036D1 5 Bytes JMP 000A0FE5
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtCreateFile + 6 77DC43DA 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtCreateFile + B 77DC43DF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + 6 77DC4B2A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + B 77DC4B2F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenFile + 6 77DC4BBA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenFile + B 77DC4BBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcess + 6 77DC4C3A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcess + B 77DC4C3F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessToken + B 77DC4C4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessTokenEx + 6 77DC4C5A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessTokenEx + B 77DC4C5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThread + 6 77DC4CAA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThread + B 77DC4CAF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadToken + 6 77DC4CBA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadToken + B 77DC4CBF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadTokenEx + B 77DC4CCF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryAttributesFile + 6 77DC4D5A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryAttributesFile + B 77DC4D5F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryFullAttributesFile + B 77DC4E0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationFile + 6 77DC52EA 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationFile + B 77DC52EF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationThread + 6 77DC533A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationThread + B 77DC533F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + 6 77DC55DA 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + B 77DC55DF 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp mfetdik.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [3820] 0x00400000
Library C:\Windows\system32\mfevtps.exe (*** hidden *** ) @ C:\Windows\system32\mfevtps.exe [3916] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Program Files\AIM\aim.exe [7304] 0x14100000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14490000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14180000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14710000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.exe [7540] 0x14100000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb5024b2 0x4F 0xCC 0x45 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0022a90e9d73 0xB2 0x07 0x3D 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb89cb09 0x39 0x88 0xAF 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a58e6239 0x9C 0x54 0xF8 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a5fa8ef4 0x0C 0xB6 0xF7 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0025e52062ff 0x12 0x74 0x83 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0015d39af765 0xE5 0x25 0x65 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb5024b2 0x4F 0xCC 0x45 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0022a90e9d73 0xB2 0x07 0x3D 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0021fb89cb09 0x39 0x88 0xAF 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a58e6239 0x9C 0x54 0xF8 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@2021a5fa8ef4 0x0C 0xB6 0xF7 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0025e52062ff 0x12 0x74 0x83 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a8739ab@0015d39af765 0xE5 0x25 0x65 0x12 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Logs\TempLog.Lue 11904 bytes

I see have you also tried Spybot or fixed your problem?

Log in or Sign up

Virus Trying to "Access Process Data" in Norton

michael1026 Senior Member

Ryan Undercover LV

Valiant Banned

michael1026 Senior Member

Ryan Undercover LV

michael1026 Senior Member

DisRupTioN Newbie

michael1026 Senior Member

xILemonHeadIx Newbie

michael1026 Senior Member

xILemonHeadIx Newbie

michael1026 Senior Member

michael1026 Senior Member

Swift 7s Taylor Swift <3

xILemonHeadIx Newbie

michael1026 Senior Member

iSyn Senior Member

mirGantrophy Seasoned Member

michael1026 Senior Member

mirGantrophy Seasoned Member

Forums

Log in or Sign up

Virus Trying to "Access Process Data" in Norton

michael1026 Senior Member

Ryan Undercover LV

Valiant Banned

michael1026 Senior Member

Ryan Undercover LV

michael1026 Senior Member

DisRupTioN Newbie

michael1026 Senior Member

xILemonHeadIx Newbie

michael1026 Senior Member

xILemonHeadIx Newbie

michael1026 Senior Member

michael1026 Senior Member

Swift 7s Taylor Swift <3

xILemonHeadIx Newbie

michael1026 Senior Member

iSyn Senior Member

mirGantrophy Seasoned Member

michael1026 Senior Member

mirGantrophy Seasoned Member

Useful Searches