GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-29 19:24:38 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160310AS rev.0303 Running: kdh9pqjj.exe; Driver: C:\DOCUME~1\nowy\USTAWI~1\Temp\fwldqpow.sys ---- System - GMER 1.0.15 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe (J¹dro i system NT/Microsoft Corporation) ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70CC] ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe (J¹dro i system NT/Microsoft Corporation) ZwOpenKey [0x804D70D1] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70D1] ZwOpenKey [0x804D70D1] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70D6 INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AE6EF16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AE6EEFC2 Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF7189242] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7189090] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF71890A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7189114] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7189140] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF71891AE] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF7189198] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF71891C4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7189282] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF71891F0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7189054] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7189068] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF7189256] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF718922C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF7189182] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF718916C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF718912A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF7189218] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF7189204] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF71890CE] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF71890BA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7189156] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF71892B1] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF71891DA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7189298] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF718926C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504B1C 7 Bytes JMP F7189270 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 805790A2 5 Bytes JMP F7189246 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2042 7 Bytes JMP F7189286 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E50 5 Bytes JMP F718929C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B8426 7 Bytes JMP F718925A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805CB456 5 Bytes JMP F7189058 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805CB6E2 5 Bytes JMP F718906C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDEA0 5 Bytes JMP F71890BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP F71890A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805D1250 5 Bytes JMP F7189094 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805D22D8 5 Bytes JMP F71892B5 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805D2C1A 5 Bytes JMP F71890D2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey 806221FA 7 Bytes JMP F7189170 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 80622548 7 Bytes JMP F718915A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnloadKey 80622872 7 Bytes JMP F71891DE mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80623124 7 Bytes JMP F7189186 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 806239F8 7 Bytes JMP F718912E mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 80624472 7 Bytes JMP F7189118 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 80624642 7 Bytes JMP F7189144 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateKey 80624822 7 Bytes JMP F71891B2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624A8C 7 Bytes JMP F718919C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryKey 806256F6 7 Bytes JMP F7189230 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 806259B6 5 Bytes JMP F7189208 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwLoadKey2 80625E06 7 Bytes JMP F71891C8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 806260AA 5 Bytes JMP F718921C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806261C4 5 Bytes JMP F71891F4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) .sfrelocÿÿÿÿsfsync03unknown last section [0xF74C4000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xF74C4000, 0xA20, 0x40000040] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6538000, 0x189F82, 0xE8000020] .text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xA7F50000, 0x49379, 0xE0000020] .init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xA7FA6224] .init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xA7FA6000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA7DDF400, 0x6EB98, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7E69C20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7E69C20] .protectÿÿÿÿhardlockunknown last code section [0xA7E69A00, 0x50CA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA7E69A00, 0x50CA, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F90FEF .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F90F68 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F90F79 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F90F8A .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F90FA5 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F90036 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F90F57 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F90093 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F900CB .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F900B0 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F900E6 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F90047 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F9000A .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F90082 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F9001B .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F90FD4 .text C:\WINDOWS\Explorer.EXE[240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F90F3C .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 02F80025 .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 02F80054 .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 02F80014 .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 02F80FDE .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 02F80F97 .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 02F80FEF .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 02F80FB2 .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [19, 8B] .text C:\WINDOWS\Explorer.EXE[240] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 02F80FC3 .text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 02F70033 .text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!system 77C193C7 5 Bytes JMP 02F70FA8 .text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 02F70022 .text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_open 77C1F566 5 Bytes JMP 02F70FEF .text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 02F70FCD .text C:\WINDOWS\Explorer.EXE[240] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 02F70FDE .text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenA 3FD1D6A8 5 Bytes JMP 02E40FEF .text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenW 3FD1DB21 5 Bytes JMP 02E4000A .text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenUrlA 3FD1F3BC 5 Bytes JMP 02E40025 .text C:\WINDOWS\Explorer.EXE[240] WININET.dll!InternetOpenUrlW 3FD66DFF 5 Bytes JMP 02E40036 .text C:\WINDOWS\Explorer.EXE[240] WS2_32.dll!socket 71A54211 5 Bytes JMP 02F60000 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F63 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE004E .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE003D .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE002C .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE001B .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0069 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F2D .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0EEB .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F06 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0EDA .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0F94 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FDE .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F48 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE000A .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FC3 .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0084 .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00BD0FB2 .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00BD0F6B .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00BD0FC3 .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00BD0FDE .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00BD0028 .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00BD0FEF .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00BD0F86 .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [DE, 88] .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00BD0FA1 .text C:\WINDOWS\system32\svchost.exe[380] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00010058 .text C:\WINDOWS\system32\svchost.exe[380] msvcrt.dll!system 77C193C7 5 Bytes JMP 0001003D .text C:\WINDOWS\system32\svchost.exe[380] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 0001001B .text C:\WINDOWS\system32\svchost.exe[380] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00010FEF .text C:\WINDOWS\system32\svchost.exe[380] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 0001002C .text C:\WINDOWS\system32\svchost.exe[380] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00010000 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10F72 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10F83 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10F94 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10051 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FD4 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D100C4 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D100A9 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F35 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F46 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D100DF .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10FB9 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1001B .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10082 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10FEF .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D10040 .text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D10F61 .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00D00025 .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00D00F8D .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00D00000 .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00D00FD4 .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00D00F9E .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00D00FEF .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00D00FAF .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [F1, 88] .text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00D00036 .text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00CF0FA1 .text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!system 77C193C7 5 Bytes JMP 00CF0022 .text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00CF0FC3 .text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00CF0FEF .text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00CF0FB2 .text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00CF0FDE .text C:\WINDOWS\system32\svchost.exe[472] WS2_32.dll!socket 71A54211 5 Bytes JMP 00CE0FEF .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AE0FEF .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01AE0078 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01AE0F79 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01AE0F8A .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01AE0047 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01AE001B .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01AE0F4D .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01AE0095 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01AE0F21 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AE00BA .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01AE0EFC .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01AE0036 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AE0FD4 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01AE0F68 .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01AE0FAF .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01AE000A .text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01AE0F3C .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 01AD0FB9 .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 01AD0F6B .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 01AD0FD4 .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 01AD0FEF .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 01AD0F7C .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 01AD000A .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 01AD0F8D .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [CE, 89] .text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 01AD0FA8 .text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00E20FA3 .text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!system 77C193C7 5 Bytes JMP 00E20038 .text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00E20FD2 .text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00E20FEF .text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00E20027 .text C:\WINDOWS\system32\svchost.exe[488] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00E2000C .text C:\WINDOWS\system32\svchost.exe[488] WS2_32.dll!socket 71A54211 5 Bytes JMP 00E10FEF .text C:\WINDOWS\system32\svchost.exe[488] WININET.dll!InternetOpenA 3FD1D6A8 5 Bytes JMP 00E00FEF .text C:\WINDOWS\system32\svchost.exe[488] WININET.dll!InternetOpenW 3FD1DB21 5 Bytes JMP 00E0000A .text C:\WINDOWS\system32\svchost.exe[488] WININET.dll!InternetOpenUrlA 3FD1F3BC 5 Bytes JMP 00E00FCA .text C:\WINDOWS\system32\svchost.exe[488] WININET.dll!InternetOpenUrlW 3FD66DFF 5 Bytes JMP 00E00FB9 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE0F66 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0F81 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE005B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0040 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE0FA8 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE0087 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE0F4B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE0EF8 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0F09 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EE00AC .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EE002F .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EE0FE5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EE0076 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EE0FC3 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EE0FD4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EE0F24 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00ED0036 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00ED0FA5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00ED0FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00ED001B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00ED0058 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00ED000A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00ED0047 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00ED0FCA .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00EC0F8D .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] msvcrt.dll!system 77C193C7 5 Bytes JMP 00EC0FB2 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00EC0022 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00EC0000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00EC0FC3 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00EC0011 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1180] WS2_32.dll!socket 71A54211 5 Bytes JMP 00EB0000 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070080 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007006F .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F95 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007005E .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC3 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700BD .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700AC .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F50 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700E9 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0007010E .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB2 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070025 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0007009B .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FD4 .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FEF .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700CE .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00060FD4 .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00060065 .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00060FE5 .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 0006001B .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00060FA8 .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00060000 .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00060FB9 .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [27, 88] .text C:\WINDOWS\system32\services.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0006004A .text C:\WINDOWS\system32\services.exe[1252] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00050055 .text C:\WINDOWS\system32\services.exe[1252] msvcrt.dll!system 77C193C7 5 Bytes JMP 00050044 .text C:\WINDOWS\system32\services.exe[1252] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00050022 .text C:\WINDOWS\system32\services.exe[1252] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00050FEF .text C:\WINDOWS\system32\services.exe[1252] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00050033 .text C:\WINDOWS\system32\services.exe[1252] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00050FDE .text C:\WINDOWS\system32\services.exe[1252] WS2_32.dll!socket 71A54211 5 Bytes JMP 00040000 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80000 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F7E .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80073 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80062 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80FA5 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80FC0 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A800A9 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A80F6D .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A800DF .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A800CE .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A800F0 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80051 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A80011 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80098 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80FD1 .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A8002C .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A80F46 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00A70FD1 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00A70055 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00A70022 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00A70011 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00A70044 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00A70000 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00A70FA2 .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [C8, 88] .text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00A70033 .text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00A60049 .text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!system 77C193C7 5 Bytes JMP 00A60FBE .text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00A6002E .text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00A60000 .text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00A60FD9 .text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00A6001D .text C:\WINDOWS\system32\lsass.exe[1264] WS2_32.dll!socket 71A54211 5 Bytes JMP 00A50FEF .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B70FE5 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B70F6D .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B7006C .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B70F92 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70FAF .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70036 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B70F24 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F35 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B700A2 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B70F09 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B70EE4 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B70047 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B7000A .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B70F5C .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B70025 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B70FD4 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B70087 .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00B60040 .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00B60087 .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00B6001B .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00B6000A .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00B60076 .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00B60FEF .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00B60FD4 .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [D7, 88] .text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00B60051 .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00B50F97 .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!system 77C193C7 5 Bytes JMP 00B5002C .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00B50011 .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00B50FEF .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00B50FBC .text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00B50000 .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71A54211 5 Bytes JMP 00B40FEF .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0FA2 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD00A1 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0090 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0069 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD003D .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00C6 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F80 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F37 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F52 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD00EB .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD004E .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0011 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F91 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD002C .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FDB .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F63 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00AC0047 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00AC009F .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00AC0036 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00AC001B .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00AC0084 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00AC0000 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00AC0069 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00AC0058 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00AB0FAB .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C193C7 5 Bytes JMP 00AB0036 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00AB0FC6 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00AB0000 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00AB001B .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00AB0FD7 .text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket 71A54211 5 Bytes JMP 00AA0FEF .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05130FEF .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05130051 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05130F66 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05130F77 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 05130036 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05130FB9 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05130087 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05130F35 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05130098 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05130EFF .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 051300B3 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 05130F9E .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 05130000 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0513006C .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 05130025 .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 05130FCA .text C:\WINDOWS\System32\svchost.exe[1772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 05130F24 .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00BB0FCA .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00BB005B .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00BB0FDB .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00BB001B .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00BB0040 .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00BB0000 .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00BB0FA8 .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [DC, 88] .text C:\WINDOWS\System32\svchost.exe[1772] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00BB0FB9 .text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00BA0042 .text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!system 77C193C7 5 Bytes JMP 00BA0031 .text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00BA0FD2 .text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00BA000C .text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00BA0FB7 .text C:\WINDOWS\System32\svchost.exe[1772] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00BA0FE3 .text C:\WINDOWS\System32\svchost.exe[1772] WS2_32.dll!socket 71A54211 5 Bytes JMP 00B90FEF .text C:\WINDOWS\System32\svchost.exe[1772] WININET.dll!InternetOpenA 3FD1D6A8 5 Bytes JMP 00B80000 .text C:\WINDOWS\System32\svchost.exe[1772] WININET.dll!InternetOpenW 3FD1DB21 5 Bytes JMP 00B80FE5 .text C:\WINDOWS\System32\svchost.exe[1772] WININET.dll!InternetOpenUrlA 3FD1F3BC 5 Bytes JMP 00B80FD4 .text C:\WINDOWS\System32\svchost.exe[1772] WININET.dll!InternetOpenUrlW 3FD66DFF 5 Bytes JMP 00B80025 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006A0000 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006A0076 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006A005B .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006A0F81 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006A0040 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006A0FAF .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006A00A2 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006A0F66 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006A00FD .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006A00D8 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006A0F49 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006A0F9E .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006A001B .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006A0087 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006A0FD4 .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006A0FEF .text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006A00BD .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00690FC3 .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00690FA1 .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00690FD4 .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00690000 .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 0069005E .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00690FE5 .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00690039 .text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00690FB2 .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 0068006B .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!system 77C193C7 5 Bytes JMP 0068005A .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 0068002E .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00680000 .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 0068003F .text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00680011 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0000 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA005D .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0F68 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0042 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA0025 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0F9E .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA0084 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA0F32 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA00A6 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0F17 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA0EF2 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0F8D .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0FE5 .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F4D .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA0FAF .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0FCA .text C:\WINDOWS\system32\svchost.exe[2368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA0095 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00F90FC0 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00F90055 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00F90FDB .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00F90011 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00F90044 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00F90000 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00F90033 .text C:\WINDOWS\system32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00F90022 .text C:\WINDOWS\system32\svchost.exe[2368] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00F80F9C .text C:\WINDOWS\system32\svchost.exe[2368] msvcrt.dll!system 77C193C7 5 Bytes JMP 00F80027 .text C:\WINDOWS\system32\svchost.exe[2368] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00F8000C .text C:\WINDOWS\system32\svchost.exe[2368] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00F80FEF .text C:\WINDOWS\system32\svchost.exe[2368] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00F80FB7 .text C:\WINDOWS\system32\svchost.exe[2368] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00F80FD2 .text C:\WINDOWS\system32\svchost.exe[2368] WS2_32.dll!socket 71A54211 5 Bytes JMP 00F70000 .text C:\Program Files\Mozilla Firefox\firefox.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01495B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2804] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016D7B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2804] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[2804] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016D7B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2804] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0149EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2804] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016D7AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 5CD1000A .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5CD10FAF .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5CD100A4 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!LoadLibraryExW 7C801AF5 4 Bytes JMP 5CD1007D .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 5CD1006C .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 5CD10FCA .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 5CD100D5 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 5CD10F8D .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5CD100F0 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5CD10F57 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5CD10101 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 5CD10051 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 5CD1001B .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 5CD10F9E .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 5CD10FE5 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 5CD10036 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 5CD10F68 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00880FAD .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] msvcrt.dll!system 77C193C7 5 Bytes JMP 00880038 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 0088001D .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00880000 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00880FD2 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00880FE3 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00890022 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00890069 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00890011 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00890000 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00890FAC .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00890FE5 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 0089004E .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0089003D .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3196] WS2_32.dll!socket 71A54211 5 Bytes JMP 00870FE5 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0090 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF007F .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF006E .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FAF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0051 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F5E .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F6F .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F43 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00D2 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0F28 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FCA .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F80 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0040 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF00C1 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00CE0051 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00CE006C .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00CE0036 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00CE0025 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00CE0FB9 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00CE0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00CE0FCA .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [EF, 88] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00CE0FDB .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00CD0F6B .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] msvcrt.dll!system 77C193C7 5 Bytes JMP 00CD0F86 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00CD0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00CD0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00CD0FAB .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00CD0FC6 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[3364] WS2_32.dll!socket 71A54211 5 Bytes JMP 00CC0000 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00750FEF .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00750F83 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00750F9E .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0075006C .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00750FB9 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00750040 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007500BF .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007500A4 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007500F5 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00750F5C .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00750106 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0075005B .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0075000A .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00750093 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00750025 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00750FD4 .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007500DA .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 0074003D .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00740FAC .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00740022 .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00740011 .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00740073 .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00740000 .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00740FD1 .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [95, 88] .text C:\WINDOWS\System32\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0074004E .text C:\WINDOWS\System32\svchost.exe[3644] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00730FB2 .text C:\WINDOWS\System32\svchost.exe[3644] msvcrt.dll!system 77C193C7 5 Bytes JMP 00730033 .text C:\WINDOWS\System32\svchost.exe[3644] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00730018 .text C:\WINDOWS\System32\svchost.exe[3644] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00730FEF .text C:\WINDOWS\System32\svchost.exe[3644] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00730FC3 .text C:\WINDOWS\System32\svchost.exe[3644] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00730FDE .text C:\WINDOWS\System32\svchost.exe[3644] WS2_32.dll!socket 71A54211 5 Bytes JMP 00720000 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00750FE5 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00750F68 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00750F79 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00750047 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00750F94 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0075001B .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00750F3A .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00750F4B .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007500C2 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00750F29 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00750F18 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0075002C .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0075000A .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00750078 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00750FB9 .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00750FCA .text C:\WINDOWS\System32\svchost.exe[3888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007500A7 .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00740036 .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00740062 .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 0074001B .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 0074000A .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00740FA5 .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00740FEF .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00740051 .text C:\WINDOWS\System32\svchost.exe[3888] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00740FC0 .text C:\WINDOWS\System32\svchost.exe[3888] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00730FCA .text C:\WINDOWS\System32\svchost.exe[3888] msvcrt.dll!system 77C193C7 5 Bytes JMP 00730055 .text C:\WINDOWS\System32\svchost.exe[3888] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 0073003A .text C:\WINDOWS\System32\svchost.exe[3888] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00730000 .text C:\WINDOWS\System32\svchost.exe[3888] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00730FE5 .text C:\WINDOWS\System32\svchost.exe[3888] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00730029 .text C:\WINDOWS\System32\svchost.exe[3888] WS2_32.dll!socket 71A54211 5 Bytes JMP 0072000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105DAAB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105DAA3F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10424559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10424BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\mfevtps.exe[2672] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00405941] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Driver\RTSTOR \Device\000000a3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\RTSTOR \Device\000000a5 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Driver\Disk \Device\Harddisk1\DR3 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0xEB 0xAA 0xD8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0xEB 0xAA 0xD8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0xEB 0xAA 0xD8 ... ---- EOF - GMER 1.0.15 ----