My english isn't really good, so i hope you can understand everything.

Since a few days i have been getting error messages from firefox at my computer startup. These messages keep telling me that firefox is not working anymore and needs to be closed. I get like 3 or 4 of these messages.

Yesterday i noticed some <random number>.exe files running in task manager. I think they have something to do with that. Can you help me get rid of this ?

Malwarebytes (MBAM)

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 5962

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

5-3-2011 12:40:57
mbam-log-2011-03-05 (12-40-57).txt

Scantype: Snelle scan
Objecten gescand: 179965
Verstreken tijd: 6 minuut/minuten, 43 seconde(n)

Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 2
Bestanden geïnfecteerd: 6

Geheugenprocessen geïnfecteerd:
c:\Users\expert\AppData\Roaming\81400.exe (Rogue.Agent.Gen) -> 2644 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HKCU (Backdoor.SpyNet.M) -> Value: HKCU -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
c:\directory\cybergate (Trojan.PWS) -> Quarantined and deleted successfully.
c:\directory\cybergate\install (Trojan.PWS) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\expert\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\expert\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> Quarantined and deleted successfully.
c:\directory\cybergate\install\server.exe (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
c:\Users\expert\AppData\Roaming\26805.exe (Rogue.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\expert\AppData\Roaming\53488.exe (Rogue.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\expert\AppData\Roaming\81400.exe (Rogue.Agent.Gen) -> Quarantined and deleted successfully.

GMER

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-05 14:14:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0
Running: oufc1u08.exe; Driver: C:\Users\expert\AppData\Local\Temp\axrcrkow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 86E3EF00
INT 0x51 ? 86E3EF00
INT 0x72 ? 86E3EF00
INT 0x82 ? 86E3EF00
INT 0x92 ? 84A62CB8
INT 0x92 ? 86E3EF00
INT 0x92 ? 86E3EF00
INT 0x92 ? 86E3EF00
INT 0x92 ? 84A62CB8
INT 0xA2 ? 86E3EF00

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8AA260B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8AA260E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8AA260CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8AA260A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 82074BDE 5 Bytes JMP 8AA260A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8224B9A0 5 Bytes JMP 8AA260D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8224BD29 7 Bytes JMP 8AA260BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8225B4DF 5 Bytes JMP 8AA260E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\drivers\xksnt.sys Het systeem kan het opgegeven pad niet vinden. !
.text sptd.sys 8A64F000 32 Bytes [EC, 65, 01, 82, 60, 2F, 01, ...]
.text sptd.sys 8A64F024 4 Bytes [D2, B3, 77, 8A]
.text sptd.sys 8A64F02C 56 Bytes [EC, 89, 19, 82, D8, 8F, 08, ...]
.text sptd.sys 8A64F065 339 Bytes [79, 08, 82, B4, 9E, 06, 82, ...]
.text sptd.sys 8A64F1B9 27 Bytes [BD, 0A, 82, 58, DD, 0B, 82, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8A7290AD]
? C:\Windows\System32\Drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F80D340, 0x3E9407, 0xE8000020]
.text USBPORT.SYS!DllUnload 9043041B 5 Bytes JMP 86E3E410
.text alpjk1lv.SYS 906CB000 243 Bytes [60, 2F, 01, 82, 82, 63, 01, ...]
.text alpjk1lv.SYS 906CB0F4 29 Bytes [48, 19, 00, 00, 48, 0F, 00, ...]
.text alpjk1lv.SYS 906CB112 216 Bytes [0F, D2, 0D, 94, 0C, 56, 09, ...]
.text alpjk1lv.SYS 906CB1EB 181 Bytes [2A, 50, 6C, 51, AE, 5A, F0, ...]
.text alpjk1lv.SYS 906CB2A1 96 Bytes [A0, 8C, 62, 8E, 24, 8F, E6, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 001C0022
.text C:\Windows\system32\svchost.exe[392] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 001C0011
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00170F65
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 001700AB
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00170F28
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00170F39
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00170089
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 0017009A
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00170FA5
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00170062
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00170FB6
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00170047
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00170F8A
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 001700DA
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[392] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00170F54
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00160FAD
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!system 7643804B 5 Bytes JMP 00160038
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00160FD2
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_open 7643D106 5 Bytes JMP 00160000
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 0016001D
.text C:\Windows\system32\svchost.exe[392] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00160FE3
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00310040
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 0031005B
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00310087
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[392] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 0031002F
.text C:\Windows\system32\svchost.exe[392] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[504] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[504] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 000D0FE5
.text C:\Windows\system32\svchost.exe[504] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 000D0011
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00080F13
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00080F24
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00080EE7
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00080088
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00080F50
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00080FC3
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00080FA8
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00080F35
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 0008001E
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00080F72
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00080F61
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00080F8D
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00080045
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00080ED6
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00080FD4
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[504] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00080F02
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 000E006E
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!system 7643804B 5 Bytes JMP 000E0053
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 000E0027
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_open 7643D106 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 000E0038
.text C:\Windows\system32\svchost.exe[504] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 000E000C
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00100FA5
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00100FC0
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00100051
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00100F94
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00100FEF
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 0010001B
.text C:\Windows\system32\svchost.exe[504] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00100036
.text C:\Windows\system32\svchost.exe[504] WS2_32.dll!socket 768A36D1 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\services.exe[800] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00040000
.text C:\Windows\system32\services.exe[800] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 0004001B
.text C:\Windows\system32\services.exe[800] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00040FE5
.text C:\Windows\system32\services.exe[800] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 000300C9
.text C:\Windows\system32\services.exe[800] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 000300B8
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 000300FF
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 000300E4
.text C:\Windows\system32\services.exe[800] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00030F9E
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00030FCA
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00030FB9
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00030F8D
.text C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 0003006C
.text C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00030040
.text C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 0003005B
.text C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 0003001B
.text C:\Windows\system32\services.exe[800] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00030093
.text C:\Windows\system32\services.exe[800] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00030F4D
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00030000
.text C:\Windows\system32\services.exe[800] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00030FEF
.text C:\Windows\system32\services.exe[800] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00030F68
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00B60062
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00B60036
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00B6000A
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00B60051
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00B60FAF
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00B60025
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00B60FEF
.text C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00B60FCA
.text C:\Windows\system32\services.exe[800] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 0005006E
.text C:\Windows\system32\services.exe[800] msvcrt.dll!system 7643804B 5 Bytes JMP 00050049
.text C:\Windows\system32\services.exe[800] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 0005001D
.text C:\Windows\system32\services.exe[800] msvcrt.dll!_open 7643D106 5 Bytes JMP 00050FEF
.text C:\Windows\system32\services.exe[800] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00050038
.text C:\Windows\system32\services.exe[800] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 0005000C
.text C:\Windows\system32\services.exe[800] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00060FEF
.text C:\Windows\system32\lsass.exe[812] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00140FEF
.text C:\Windows\system32\lsass.exe[812] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00140FD4
.text C:\Windows\system32\lsass.exe[812] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00140014
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00130F57
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00130F68
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 001300DD
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 001300C2
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00130F79
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 0013001B
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00130036
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00130089
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00130F94
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00130047
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00130FA5
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00130FC0
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00130078
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00130F2B
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 0013000A
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00130FEF
.text C:\Windows\system32\lsass.exe[812] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00130F46
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00940044
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00940033
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00940FEF
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00940FA2
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 0094005F
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00940011
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00940000
.text C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00940022
.text C:\Windows\system32\lsass.exe[812] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00150042
.text C:\Windows\system32\lsass.exe[812] msvcrt.dll!system 7643804B 5 Bytes JMP 00150031
.text C:\Windows\system32\lsass.exe[812] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 0015000C
.text C:\Windows\system32\lsass.exe[812] msvcrt.dll!_open 7643D106 5 Bytes JMP 00150FE3
.text C:\Windows\system32\lsass.exe[812] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00150FC1
.text C:\Windows\system32\lsass.exe[812] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00150FD2
.text C:\Windows\system32\lsass.exe[812] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00900000

.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 001D0065
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 001D0F1F
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 001D0ECE
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 001D0EE9
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 001D0F66
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 001D0F3A
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 001D0F83
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 001D0F94
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 001D0F55
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 001D0080
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 001D0F04
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 001F0F9A
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!system 7643804B 5 Bytes JMP 001F0FB5
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_open 7643D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 001F0FC6
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 001F0FD7
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00310069
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00310058
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00310FD1
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00310084
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00310047
.text C:\Windows\system32\svchost.exe[972] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00710000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 0071001B
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00710FDB
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 005B0F4D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 005B0F5E
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 005B0F0D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 005B00A4
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 005B007F
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 005B0036
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 005B0FE5
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 005B0F6F
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 005B0FA5
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 005B0051
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 005B0062
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 005B0FCA
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 005B0F8A
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 005B0EFC
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 005B001B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 005B0000
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 005B0F28
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00720053
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!system 7643804B 5 Bytes JMP 00720042
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00720FD2
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_open 7643D106 5 Bytes JMP 0072000C
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00720027
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00720FEF
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00860F72
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00860FA8
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00860F8D
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00860F57
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00860FDE
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00860FB9
.text C:\Windows\system32\svchost.exe[1044] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00850FEF
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 008A0000
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 008A001B
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 008A0FE5
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00890EFF
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00890F1A
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00890EC2
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00890ED3
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00890F5A
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00890FB9
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00890F9E
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00890045
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00890F6B
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00890F8D
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00890F7C
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 0089000A
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00890F3F
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00890074
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00890FD4
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00890FE5
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00890EEE
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 008F0F7C
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!system 7643804B 5 Bytes JMP 008F0011
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_open 7643D106 5 Bytes JMP 008F0FEF
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 008F0FAB
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 008F0FD2
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 772E39AB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00DE0FAF
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00DE0FCA
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00DE0051
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00DE0F94
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00DE0FE5
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00DE001B
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00DE0036
.text C:\Windows\System32\svchost.exe[1080] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00280FC3
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00270093
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00270F4D
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00270F28
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 002700BF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 0027006E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00270FD4
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00270FB9
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00270F5E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00270051
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00270F9E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00270040
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00270025
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00270F6F
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 002700DA
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 0027000A
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 002700A4
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00310FC8
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!system 7643804B 5 Bytes JMP 00310053
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00310027
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_open 7643D106 5 Bytes JMP 00310FEF
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00310038
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00310000
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00380076
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00380FCA
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00380FEF
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00380051
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00380FAF
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 0038001B
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 0038000A
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00380036
.text C:\Windows\System32\svchost.exe[1140] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00320000
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 01850FEF
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 01850FC3
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 01850FD4
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 01830F30
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 01830F4B
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 018300B6
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 01830F1F
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 01830F6D
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 01830FCA
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 01830FB9
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 01830076
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 01830F7E
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 01830036
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 01830047
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 01830025
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 01830F5C
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 018300D1
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 01830FE5
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 01830000
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 01830091
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 01860F9F
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!system 7643804B 5 Bytes JMP 01860FB0
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 01860FD2
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_open 7643D106 5 Bytes JMP 01860FEF
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 01860FC1
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 0186000C
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 01920FB6
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 0192003D
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 01920000
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 01920062
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 01920073
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 01920FDB
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 01920011
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 0192002C
.text C:\Windows\System32\svchost.exe[1168] WS2_32.dll!socket 768A36D1 5 Bytes JMP 01910000
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00F30FE5
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00F30FD4
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00F3000A
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00F20F32
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00F20F4D
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00F200B1
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00F20F10
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00F20067
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00F20FCA
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00F20FB9
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00F20F68
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00F2004C
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00F20F8D
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00F2002F
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00F20FA8
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00F20078
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00F20EFF
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00F20000
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00F20FEF
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00F20F21
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00F80FA4
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!system 7643804B 5 Bytes JMP 00F80FB5
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00F80FC6
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_open 7643D106 5 Bytes JMP 00F80FE3
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00F8001B
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00FA0025
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00FA0FCD
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00FA0FDE
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00FA0014
.text C:\Windows\system32\svchost.exe[1196] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 006A0FE5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 006900A4
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00690F5E
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 006900D0
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 006900B5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00690F9E
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00690036
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00690F83
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00690FAF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00690FC0
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 0069006C
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00690051
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00690093
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00690F14
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00690FE5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00690F43
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 006B0FAB
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!system 7643804B 5 Bytes JMP 006B0036
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 006B0FC6
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_open 7643D106 5 Bytes JMP 006B0FE3
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 006B0025
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 006B0000
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 007F0047
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 007F002C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 007F0FA5
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 007F0058
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 007F0FD4
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 007F000A
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 007F001B
.text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 768A36D1 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00010093
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00010078
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 000100C9
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00010F61
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00010067
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 0001004C
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 000100DA
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 000100AE
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00060F90
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system 7643804B 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00060FAB
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open 7643D106 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00060FD2
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket 768A36D1 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 010D000A
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 010D002C
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 010D001B
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 010C0F46
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 010C0082
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 010C00C2
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 010C00B1
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 010C0067
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 010C0FD4
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 010C002F
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 010C0F57
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 010C0F8D
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 010C0FA8
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 010C004A
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 010C0FC3
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 010C0F68
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 010C00D3
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 010C0000
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 010C0FE5
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 010C0F35
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 0112001B
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!system 7643804B 5 Bytes JMP 01120F9A
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 01120FC6
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_open 7643D106 5 Bytes JMP 01120000
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 01120FAB
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 01120FE3
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 01180076
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 01180040
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 01180000
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 01180065
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 01180FC3
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 01180FDE
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 01180FEF
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 01180025
.text C:\Windows\system32\svchost.exe[1488] WS2_32.dll!socket 768A36D1 5 Bytes JMP 01130000
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00EA0FE5
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00EA001B
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00EA000A
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00DF0076
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00DF0F3A
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00DF0EE9
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00DF0F04
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00DF0054
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00DF0FA8
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00DF0F4B
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00DF0F7A
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00DF0028
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00DF0039
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00DF0F97
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00DF0065
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00DF0ECE
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00DF0F15
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00EB0F6B
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!system 7643804B 5 Bytes JMP 00EB0F90
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00EB0FC6
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_open 7643D106 5 Bytes JMP 00EB0000
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00EB0FAB
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00EB0FE3
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00ED0F8D
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00ED002F
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00ED0FEF
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00ED0F9E
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00ED0F7C
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00ED0FB9
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00ED0FD4
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00ED000A
.text C:\Windows\system32\svchost.exe[1724] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00EC0FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2148] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 6DD49AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2148] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 6DD49A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2496] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[2496] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00940014
.text C:\Windows\system32\svchost.exe[2496] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00940FDE
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 008F0094
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 008F0083
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 008F0EFD
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 008F0F22
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 008F0054
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 008F0FDE
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 008F0FC3
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 008F0F4E
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 008F0F86
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 008F0F97
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 008F0039
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 008F0FA8
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 008F0F5F
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 008F0EEC
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 008F0F33
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00950051
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!system 7643804B 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00950FC6
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_open 7643D106 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00970FA5
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00970022
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00970FE5
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00970047
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00970058
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00970FCA
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00970011
.text C:\Windows\system32\svchost.exe[2496] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00900014
.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00470057
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00470F11
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 004700A8
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00470083
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00470F4E
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00470FCD
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 0047001E
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00470F22
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00470F6B
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00470F97
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00470F86
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00470FB2
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00470F33
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 004700B9
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00470FDE
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00470FEF
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00470072
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00910F8B
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!system 7643804B 5 Bytes JMP 00910FA6
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00910FD2
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_open 7643D106 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00910FC1
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00910FE3
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00970065
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00970039
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00970054
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00970080
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00970FCD
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00970FDE
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 0097001E
.text C:\Windows\system32\svchost.exe[2748] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00920000
.text C:\Windows\System32\svchost.exe[3028] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3028] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[3028] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 0005007D
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00050F37
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00050EDC
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00050F01
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00050047
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00050F48
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00050014
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00050058
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 0005008E
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00050F12
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00070FA6
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!system 7643804B 5 Bytes JMP 00070FB7
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_open 7643D106 5 Bytes JMP 0007000C
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00070FD2
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 0007001D
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00080F8D
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00080FA8
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 0008002F
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00080040
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00080FB9

.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 001E0FB9
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 001D0065
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 001D0F1F
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 001D0ECE
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 001D0EE9
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 001D0F66
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 001D0F3A
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 001D0F83
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 001D0036
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 001D0F94
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 001D0F55
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 001D0080
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 001D0F04
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 001F0F9A
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!system 7643804B 5 Bytes JMP 001F0FB5
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_open 7643D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 001F0FC6
.text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 001F0FD7
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00310069
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00310058
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00310FD1
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00310084
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00310047
.text C:\Windows\system32\svchost.exe[972] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00710000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 0071001B
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00710FDB
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 005B0F4D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 005B0F5E
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 005B0F0D
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 005B00A4
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 005B007F
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 005B0036
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 005B0FE5
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 005B0F6F
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 005B0FA5
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 005B0051
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 005B0062
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 005B0FCA
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 005B0F8A
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 005B0EFC
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 005B001B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 005B0000
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 005B0F28
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00720053
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!system 7643804B 5 Bytes JMP 00720042
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00720FD2
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_open 7643D106 5 Bytes JMP 0072000C
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00720027
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00720FEF
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00860F72
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00860FA8
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00860F8D
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00860F57
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00860FDE
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00860FB9
.text C:\Windows\system32\svchost.exe[1044] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00850FEF
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 008A0000
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 008A001B
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 008A0FE5
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00890EFF
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00890F1A
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00890EC2
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00890ED3
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00890F5A
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00890FB9
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00890F9E
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00890045
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00890F6B
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00890F8D
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00890F7C
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 0089000A
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00890F3F
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00890074
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00890FD4
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00890FE5
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00890EEE
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 008F0F7C
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!system 7643804B 5 Bytes JMP 008F0011
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_open 7643D106 5 Bytes JMP 008F0FEF
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 008F0FAB
.text C:\Windows\System32\svchost.exe[1080] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 008F0FD2
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 772E39AB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00DE0FAF
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00DE0FCA
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00DE0051
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00DE0F94
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00DE0FE5
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00DE001B
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00DE0036
.text C:\Windows\System32\svchost.exe[1080] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00280FEF
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00280FC3
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00280FDE
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00270093
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00270F4D
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00270F28
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 002700BF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 0027006E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00270FD4
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00270FB9
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00270F5E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00270051
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00270F9E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00270040
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00270025
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00270F6F
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 002700DA
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 0027000A
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 002700A4
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00310FC8
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!system 7643804B 5 Bytes JMP 00310053
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00310027
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_open 7643D106 5 Bytes JMP 00310FEF
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00310038
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00310000
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00380076
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00380FCA
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00380FEF
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00380051
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00380FAF
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 0038001B
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 0038000A
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00380036
.text C:\Windows\System32\svchost.exe[1140] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00320000
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 01850FEF
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 01850FC3
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 01850FD4
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 01830F30
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 01830F4B
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 018300B6
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 01830F1F
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 01830F6D
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 01830FCA
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 01830FB9
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 01830076
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 01830F7E
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 01830036
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 01830047
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 01830025
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 01830F5C
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 018300D1
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 01830FE5
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 01830000
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 01830091
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 01860F9F
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!system 7643804B 5 Bytes JMP 01860FB0
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 01860FD2
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_open 7643D106 5 Bytes JMP 01860FEF
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 01860FC1
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 0186000C
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 01920FB6
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 0192003D
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 01920000
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 01920062
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 01920073
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 01920FDB
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 01920011
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 0192002C
.text C:\Windows\System32\svchost.exe[1168] WS2_32.dll!socket 768A36D1 5 Bytes JMP 01910000
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00F30FE5
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00F30FD4
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00F3000A
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00F20F32
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00F20F4D
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00F200B1
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00F20F10
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00F20067
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00F20FCA
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00F20FB9
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00F20F68
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00F2004C
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00F20F8D
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00F2002F
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00F20FA8
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00F20078
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00F20EFF
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00F20000
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00F20FEF
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00F20F21
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00F80FA4
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!system 7643804B 5 Bytes JMP 00F80FB5
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00F80FC6
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_open 7643D106 5 Bytes JMP 00F80FE3
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00F8001B
.text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00FA0F9E
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00FA0025
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00FA0040
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00FA0FCD
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00FA0FDE
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00FA0014
.text C:\Windows\system32\svchost.exe[1196] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 006A0FE5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 006900A4
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00690F5E
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 006900D0
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 006900B5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00690F9E
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00690036
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00690F83
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00690FAF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00690FC0
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 0069006C
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00690051
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00690093
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00690F14
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00690FE5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00690F43
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 006B0FAB
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!system 7643804B 5 Bytes JMP 006B0036
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 006B0FC6
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_open 7643D106 5 Bytes JMP 006B0FE3
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 006B0025
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 006B0000
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 007F0047
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 007F002C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 007F0FA5
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 007F0058
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 007F0FD4
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 007F000A
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 007F001B
.text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 768A36D1 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00040011
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00010093
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00010078
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 000100C9
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00010F61
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00010067
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 0001004C
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 000100DA
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 000100AE
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00060F90
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system 7643804B 5 Bytes JMP 0006001B
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00060FAB
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open 7643D106 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00060FD2
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00070F8D
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket 768A36D1 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 010D000A
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 010D002C
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 010D001B
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 010C0F46
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 010C0082
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 010C00C2
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 010C00B1
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 010C0067
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 010C0FD4
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 010C002F
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 010C0F57
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 010C0F8D
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 010C0FA8
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 010C004A
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 010C0FC3
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 010C0F68
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 010C00D3
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 010C0000
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 010C0FE5
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 010C0F35
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 0112001B
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!system 7643804B 5 Bytes JMP 01120F9A
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 01120FC6
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_open 7643D106 5 Bytes JMP 01120000
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 01120FAB
.text C:\Windows\system32\svchost.exe[1488] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 01120FE3
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 01180076
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 01180040
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 01180000
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 01180065
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 01180FC3
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 01180FDE
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 01180FEF
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 01180025
.text C:\Windows\system32\svchost.exe[1488] WS2_32.dll!socket 768A36D1 5 Bytes JMP 01130000
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00EA0FE5
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00EA001B
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00EA000A
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00DF0076
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00DF0F3A
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00DF0EE9
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00DF0F04
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00DF0054
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00DF0FA8
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00DF0F4B
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00DF0F7A
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00DF0028
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00DF0039
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00DF0F97
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00DF0065
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00DF0ECE
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00DF0F15
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00EB0F6B
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!system 7643804B 5 Bytes JMP 00EB0F90
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00EB0FC6
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_open 7643D106 5 Bytes JMP 00EB0000
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00EB0FAB
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00EB0FE3
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00ED0F8D
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00ED002F
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00ED0FEF
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00ED0F9E
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00ED0F7C
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00ED0FB9
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00ED0FD4
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00ED000A
.text C:\Windows\system32\svchost.exe[1724] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00EC0FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2148] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 6DD49AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2148] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 6DD49A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2496] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[2496] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00940014
.text C:\Windows\system32\svchost.exe[2496] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00940FDE
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 008F0094
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 008F0083
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 008F0EFD
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 008F0F22
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 008F0054
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 008F0FDE
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 008F0FC3
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 008F0F4E
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 008F0F86
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 008F0F97
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 008F0039
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 008F0FA8
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 008F0F5F
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 008F0EEC
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 008F0F33
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00950051
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!system 7643804B 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00950FC6
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_open 7643D106 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[2496] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00970FA5
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00970022
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00970FE5
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00970047
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00970058
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00970FCA
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00970011
.text C:\Windows\system32\svchost.exe[2496] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00900014
.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00470057
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00470F11
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 004700A8
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00470083
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00470F4E
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00470FCD
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 0047001E
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00470F22
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00470F6B
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00470F97
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00470F86
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00470FB2
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00470F33
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 004700B9
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00470FDE
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00470FEF
.text C:\Windows\system32\svchost.exe[2748] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00470072
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00910F8B
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!system 7643804B 5 Bytes JMP 00910FA6
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00910FD2
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_open 7643D106 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00910FC1
.text C:\Windows\system32\svchost.exe[2748] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00910FE3
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00970065
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00970039
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00970054
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00970080
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00970FCD
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00970FDE
.text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 0097001E
.text C:\Windows\system32\svchost.exe[2748] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00920000
.text C:\Windows\System32\svchost.exe[3028] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3028] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[3028] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 0005007D
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00050F37
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 00050EDC
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00050F01
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00050047
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00050FB9
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00050F48
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00050014
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00050058
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 0005008E
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3028] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00050F12
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00070FA6
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!system 7643804B 5 Bytes JMP 00070FB7
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_open 7643D106 5 Bytes JMP 0007000C
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00070FD2
.text C:\Windows\System32\svchost.exe[3028] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 0007001D
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00080F8D
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00080FA8
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 0008002F
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00080040
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[3028] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00080FB9

.text C:\Windows\System32\svchost.exe[3028] WS2_32.dll!socket 768A36D1 5 Bytes JMP 00200FEF
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3732] kernel32.dll!SetUnhandledExceptionFilter 7660A84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\explorer.exe[4548] ntdll.dll!NtCreateFile 77194224 5 Bytes JMP 00040000
.text C:\Windows\explorer.exe[4548] ntdll.dll!NtCreateProcess 771942E4 5 Bytes JMP 0004001B
.text C:\Windows\explorer.exe[4548] ntdll.dll!NtProtectVirtualMemory 77194B84 5 Bytes JMP 00040FE5
.text C:\Windows\explorer.exe[4548] kernel32.dll!GetStartupInfoW 765E1929 5 Bytes JMP 00010F43
.text C:\Windows\explorer.exe[4548] kernel32.dll!GetStartupInfoA 765E19C9 5 Bytes JMP 00010F54
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 000100AE
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 00010F17
.text C:\Windows\explorer.exe[4548] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 00010F83
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreateNamedPipeA 765E2EF5 5 Bytes JMP 00010FCA
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreateNamedPipeW 765E5C0C 5 Bytes JMP 0001001B
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreatePipe 76608E6E 5 Bytes JMP 00010089
.text C:\Windows\explorer.exe[4548] kernel32.dll!LoadLibraryExW 76609109 5 Bytes JMP 0001005D
.text C:\Windows\explorer.exe[4548] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 00010FAF
.text C:\Windows\explorer.exe[4548] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 00010F94
.text C:\Windows\explorer.exe[4548] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 00010036
.text C:\Windows\explorer.exe[4548] kernel32.dll!VirtualProtectEx 7660DBDA 5 Bytes JMP 00010078
.text C:\Windows\explorer.exe[4548] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 00010EFC
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 00010000
.text C:\Windows\explorer.exe[4548] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 00010FE5
.text C:\Windows\explorer.exe[4548] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 00010F32
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegCreateKeyExA 772E39AB 1 Byte [E9]
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegCreateKeyExA 772E39AB 5 Bytes JMP 00060FAF
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegCreateKeyA 772E3BA9 5 Bytes JMP 00060FDB
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegOpenKeyA 772E89C7 5 Bytes JMP 00060000
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegCreateKeyW 772F391E 5 Bytes JMP 00060FCA
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegCreateKeyExW 772F41F1 5 Bytes JMP 00060062
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegOpenKeyExA 772F7C42 5 Bytes JMP 00060036
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegOpenKeyW 772FE2B5 5 Bytes JMP 0006001B
.text C:\Windows\explorer.exe[4548] ADVAPI32.dll!RegOpenKeyExW 77307BA1 5 Bytes JMP 00060051
.text C:\Windows\explorer.exe[4548] msvcrt.dll!_wsystem 76437F2F 5 Bytes JMP 00070F9C
.text C:\Windows\explorer.exe[4548] msvcrt.dll!system 7643804B 5 Bytes JMP 00070FB7
.text C:\Windows\explorer.exe[4548] msvcrt.dll!_creat 7643BBE1 5 Bytes JMP 00070FD2
.text C:\Windows\explorer.exe[4548] msvcrt.dll!_open 7643D106 5 Bytes JMP 00070000
.text C:\Windows\explorer.exe[4548] msvcrt.dll!_wcreat 7643D326 5 Bytes JMP 00070027
.text C:\Windows\explorer.exe[4548] msvcrt.dll!_wopen 7643D501 5 Bytes JMP 00070FE3
.text C:\Windows\explorer.exe[4548] WS2_32.dll!socket 768A36D1 5 Bytes JMP 01F70FEF
.text C:\Windows\explorer.exe[4548] WININET.dll!InternetOpenA 7699D690 5 Bytes JMP 06D50FE5
.text C:\Windows\explorer.exe[4548] WININET.dll!InternetOpenW 7699DB09 5 Bytes JMP 06D50000
.text C:\Windows\explorer.exe[4548] WININET.dll!InternetOpenUrlA 7699F3A4 5 Bytes JMP 06D5001B
.text C:\Windows\explorer.exe[4548] WININET.dll!InternetOpenUrlW 769E6D77 5 Bytes JMP 06D50FCA
.text C:\Program Files\Mozilla Firefox\firefox.exe[4620] ntdll.dll!LdrLoadDll 771593A8 5 Bytes JMP 008113F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4620] WININET.dll!InternetReadFile 7698654B 5 Bytes JMP 05082840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4620] WININET.dll!InternetCloseHandle 76989088 5 Bytes JMP 05082720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4620] WININET.dll!HttpOpenRequestA 7698D508 5 Bytes JMP 050829E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4620] WININET.dll!InternetConnectA 7698DEAE 5 Bytes JMP 05082AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 84A5C540
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A650F0E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8A65122E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A65071C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A6510EC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8A650852] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A650910] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 84A5D2F8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E3E540
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8A664CE8] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] EDB88320
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeInitializeEvent] 9ABFB3B6
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeTickCount] 03B6E20C
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] 74B1D29A
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoStopTimer] EAD54739
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeSetEvent] 9DD277AF
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoQueueWorkItem] 04DB2615
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmLockPagableDataSection] 73DC1683
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoStartTimer] E3630B12
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!PsGetCurrentProcess] 94643B84
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoInitializeTimer] 0D6D6A3E
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoRegisterBootDriverReinitialization] 7A6A5AA8
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] E40ECF0B
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ExInitializeNPagedLookasideList] 9309FF9D
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!wcsncmp] 0A00AE27
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoCancelIrp] 7D079EB1
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwClose] F00F9344
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 8708A3D2
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwOpenKey] 1E01F268
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 6906C2FE
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwCreateKey] F762575D
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ExDeleteNPagedLookasideList] 806567CB
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeWaitForSingleObject] 196C3671
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ObfDereferenceObject] 6E6B06E7
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!rand] FED41B76
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!srand] 89D32BE0
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeQuerySystemTime] 10DA7A5A
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!PsCreateSystemThread] 67DD4ACC
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoReuseIrp] F9B9DF6F
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoAllocateWorkItem] 8EBEEFF9
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwDeleteKey] 17B7BE43
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwDeleteValueKey] 60B08ED5
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwEnumerateValueKey] D6D6A3E8
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeDelayExecutionThread] [A1D1937E] \SystemRoot\system32\drivers\HTTP.sys (HTTP-protocolstack/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!wcschr] 38D8C2C4
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwEnumerateKey] 4FDFF252
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!PsTerminateSystemThread] D1BB67F1
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeSetBasePriorityThread] A6BC5767
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IofCallDriver] 3FB506DD
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoAllocateIrp] 48B2364B
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoFreeIrp] D80D2BDA
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] AF0A1B4C
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoFreeMdl] 36034AF6
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoFreeWorkItem] 41047A60
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] DF60EFC3
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!memmove] A867DF55
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwQueryValueKey] 316E8EEF
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 4669BE79
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoGetDeviceObjectPointer] CB61B38C
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!_wcsnicmp] BC66831A
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!_vsnwprintf] 256FD2A0
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ExInterlockedPushEntrySList] 5268E236
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoAllocateMdl] CC0C7795
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!_alldiv] BB0B4703
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 220216B9
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 5505262F
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!_itoa] C5BA3BBE
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeQueryTimeIncrement] B2BD0B28
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!_allmul] 2BB45A92
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 5CB36A04
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!_vsnprintf] C2D7FFA7
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] B5D0CF31
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoBuildPartialMdl] 2CD99E8B
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmUnmapLockedPages] 5BDEAE1D
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 9B64C2B0
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoGetRelatedDeviceObject] EC63F226
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ObfReferenceObject] 756AA39C
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmMapIoSpace] 026D930A
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoGetDeviceProperty] 9C0906A9
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] EB0E363F
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ZwQuerySystemInformation] 72076785
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeBugCheckEx] 05005713
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 95BF4A82
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlCompareMemory] E2B87A14
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlInitUnicodeString] 7BB12BAE
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] 0CB61B38
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!memset] 92D28E9B
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlUnwind] E5D5BE0D
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!atoi] 7CDCEFB7
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 0BDBDF21
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!RtlUnicodeStringToAnsiString] 86D3D2D4
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] F1D4E242
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ExInterlockedPopEntrySList] 68DDB3F8
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!memcpy] 1FDA836E
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 81BE16CD
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!IoWMIWriteEvent] F6B9265B
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!KeGetCurrentThread] 6FB077E1
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[ntoskrnl.exe!ExFreePoolWithTag] 18B74777
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[HAL.dll!KfAcquireSpinLock] FF0F6A70
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[HAL.dll!KfReleaseSpinLock] 8F659EFF
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[storport.sys!StorPortPauseDevice] 616BFFD3
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[storport.sys!StorPortResumeDevice] 166CCF45
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[storport.sys!StorPortInitialize] A00AE278
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[storport.sys!StorPortNotification] D70DD2EE
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[TDI.SYS!TdiDeregisterPnPHandlers] A7672661
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[TDI.SYS!TdiRegisterPnPHandlers] D06016F7
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[NETIO.SYS!WskDeregister] 3E6E77DB
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[NETIO.SYS!WskReleaseProviderNPI] AED16A4A
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[NETIO.SYS!WskRegister] D9D65ADC
IAT \SystemRoot\System32\Drivers\alpjk1lv.SYS[NETIO.SYS!WskCaptureProviderNPI] 40DF0B66
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 870422F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[2320] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [002E7740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[2320] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [002E77A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84A641E8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 86CA61E8
Device \Driver\usbuhci \Device\USBPDO-1 86CA61E8
Device \Driver\usbuhci \Device\USBPDO-2 86CA61E8
Device \Driver\usbehci \Device\USBPDO-3 86E3F1E8
Device \Driver\usbuhci \Device\USBPDO-4 86CA61E8

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 86CA61E8
Device \Driver\PCI_PNP7538 \Device\00000056 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-6 86CA61E8
Device \Driver\usbehci \Device\USBPDO-7 86E3F1E8
Device \Driver\cdrom \Device\CdRom0 86E401E8
Device \Driver\iaStor \Device\Ide\iaStor0 [8A9027B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A9027B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A9027B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 86E401E8
Device \Driver\netbt \Device\NetBT_Tcpip_{EB97D870-979D-4524-AAD3-34E6E482D9DD} 879031E8
Device \Driver\netbt \Device\NetBt_Wins_Export 879031E8
Device \Driver\Smb \Device\NetbiosSmb 879041E8
Device \Driver\netbt \Device\NetBT_Tcpip_{A6E665FE-4A5C-455D-9D49-050E90AFA34A} 879031E8
Device \Driver\iScsiPrt \Device\RaidPort0 86E221E8

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 86CA61E8
Device \Driver\usbuhci \Device\USBFDO-1 86CA61E8
Device \Driver\usbuhci \Device\USBFDO-2 86CA61E8
Device \Driver\usbehci \Device\USBFDO-3 86E3F1E8
Device \Driver\usbuhci \Device\USBFDO-4 86CA61E8
Device \Driver\usbuhci \Device\USBFDO-5 86CA61E8
Device \Driver\usbuhci \Device\USBFDO-6 86CA61E8
Device \Driver\usbehci \Device\USBFDO-7 86E3F1E8
Device \Driver\alpjk1lv \Device\Scsi\alpjk1lv1Port2Path0Target0Lun0 8703E1E8
Device \Driver\alpjk1lv \Device\Scsi\alpjk1lv1 8703E1E8
Device \FileSystem\cdfs \Cdfs 88F7C1E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\00027879245e
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xD4 0xEC 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0xD1 0x01 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0x62 0xA1 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x08 0x1B 0x03 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Paramet ers\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Paramet ers\Keys\00027879245e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xD4 0xEC 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0xD1 0x01 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0x62 0xA1 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x08 0x1B 0x03 0x06 ...

---- EOF - GMER 1.0.15 ----

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R510/P510
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 156):
0x82042000 \SystemRoot\system32\ntoskrnl.exe
0x8200F000 \SystemRoot\system32\hal.dll
0x8A406000 \SystemRoot\system32\kdcom.dll
0x8A40D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A47D000 \SystemRoot\system32\PSHED.dll
0x8A48E000 \SystemRoot\system32\BOOTVID.dll
0x8A496000 \SystemRoot\system32\CLFS.SYS
0x8A4D7000 \SystemRoot\system32\CI.dll
0x8A5B7000 \SystemRoot\System32\drivers\xksnt.sys
0x8A5C5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A641000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A64E000 \SystemRoot\System32\Drivers\sptd.sys
0x8A75E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A767000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A78D000 \SystemRoot\system32\drivers\acpi.sys
0x8A7D3000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A80F000 \SystemRoot\system32\drivers\pci.sys
0x8A836000 \SystemRoot\System32\drivers\partmgr.sys
0x8A845000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A848000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A852000 \SystemRoot\system32\drivers\volmgr.sys
0x8A861000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A8AB000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A8BB000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A98B000 \SystemRoot\system32\drivers\atapi.sys
0x8A993000 \SystemRoot\system32\drivers\ataport.SYS
0x8A9B1000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A9E3000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A9F3000 \SystemRoot\system32\drivers\mfehidk.sys
0x8AA50000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8AA59000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AACA000 \SystemRoot\system32\drivers\ndis.sys
0x8ABD5000 \SystemRoot\system32\drivers\msrpc.sys
0x8AC05000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AC40000 \SystemRoot\System32\drivers\tcpip.sys
0x8AD2A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AD45000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AE55000 \SystemRoot\system32\drivers\volsnap.sys
0x8AE8E000 \SystemRoot\System32\Drivers\spldr.sys
0x8AE96000 \SystemRoot\System32\Drivers\mup.sys
0x8AEA5000 \SystemRoot\System32\drivers\ecache.sys
0x8AECC000 \SystemRoot\system32\drivers\disk.sys
0x8AEDD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AEFE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFEF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F80D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FF3A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FFDA000 \SystemRoot\System32\drivers\watchdog.sys
0x8FFE6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9043E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9044D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x904DA000 \SystemRoot\system32\DRIVERS\athr.sys
0x90603000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x9064F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90653000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90666000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90671000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9069F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x906A1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x906AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x906C4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x906CA000 \SystemRoot\System32\Drivers\alpjk1lv.SYS
0x90707000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90716000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90745000 \SystemRoot\system32\DRIVERS\storport.sys
0x90786000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90791000 \SystemRoot\system32\DRIVERS\wfmcvad.sys
0x9079B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x907C8000 \SystemRoot\system32\DRIVERS\drmk.sys
0x90804000 \SystemRoot\system32\DRIVERS\ks.sys
0x9082E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90845000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90850000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90873000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90882000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90896000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x908AB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x908BB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x908BD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x908C7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x908D4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90909000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9091A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90C0B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90D27000 \SystemRoot\system32\drivers\modem.sys
0x90D34000 \SystemRoot\system32\drivers\HdAudio.sys
0x90D73000 \SystemRoot\system32\DRIVERS\MOBK.sys
0x90D86000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90D8F000 \SystemRoot\System32\Drivers\Null.SYS
0x90D96000 \SystemRoot\System32\Drivers\Beep.SYS
0x90DA6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90DAD000 \SystemRoot\System32\drivers\vga.sys
0x90DB9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90DDA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90DE3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90DF3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90DFB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90E03000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90E0B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90E16000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90E24000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90E2D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90E43000 \SystemRoot\system32\drivers\mfewfpk.sys
0x90E6A000 \SystemRoot\system32\DRIVERS\smb.sys
0x90E7E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90EB0000 \SystemRoot\system32\drivers\afd.sys
0x90EF8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90F0E000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x90F1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90F2A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90F3D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90F54000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90F76000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90F7C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90FB8000 \SystemRoot\System32\Drivers\VMC302.sys
0x90FF4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90B1A000 \SystemRoot\System32\Drivers\dfsc.sys
0x90B31000 \SystemRoot\system32\drivers\mfeavfk.sys
0x90B55000 \SystemRoot\system32\drivers\mfefirek.sys
0x90BA0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AF07000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9CC10000 \SystemRoot\System32\win32k.sys
0x90C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x90BAD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CE30000 \SystemRoot\System32\TSDDD.dll
0x9CE50000 \SystemRoot\System32\ATMFD.DLL
0x9CEA0000 \SystemRoot\System32\cdd.dll
0x90BBC000 \SystemRoot\system32\drivers\luafv.sys
0x90D9D000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0xA1C0C000 \SystemRoot\system32\drivers\spsys.sys
0xA1CBC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA1CCC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA1CF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1D00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1D13000 \SystemRoot\system32\drivers\HTTP.sys
0xA1D80000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1D9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1DB6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1DCB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1DEA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1E23000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1E3B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1E63000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1EC9000 \SystemRoot\system32\drivers\peauth.sys
0xA1FA7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1FB1000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1FE1000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xA1FE2000 \SystemRoot\system32\drivers\cfwids.sys
0xA1EB1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA1FEE000 \??\C:\Windows\system32\drivers\mbam.sys
0x90BD7000 \??\C:\Users\expert\AppData\Local\Temp\axrcrkow.sy s
0xA1FBD000
0x77130000 \Windows\System32\ntdll.dll
0x76E60000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 76):
0 System Idle Process
4 System
628 C:\Windows\System32\smss.exe
704 csrss.exe
756 C:\Windows\System32\wininit.exe
764 csrss.exe
800 C:\Windows\System32\services.exe
812 C:\Windows\System32\lsass.exe
820 C:\Windows\System32\lsm.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\nvvsvc.exe
1044 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\audiodg.exe
1292 C:\Windows\System32\winlogon.exe
1400 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\SLsvc.exe
1488 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\rundll32.exe
1724 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\taskeng.exe
2012 C:\Windows\System32\spoolsv.exe
392 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\dwm.exe
684 C:\Windows\System32\taskeng.exe
1536 C:\Windows\System32\agrsmsvc.exe
1820 C:\Windows\System32\taskeng.exe
1864 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2032 C:\Program Files\Bonjour\mDNSResponder.exe
504 C:\Windows\System32\svchost.exe
1556 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2104 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2148 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
2320 C:\Windows\System32\mfevtps.exe
2332 C:\Windows\System32\rundll32.exe
2348 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
2432 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2452 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManage r.exe
2496 C:\Windows\System32\svchost.exe
2520 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2624 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2664 C:\Program Files\Windows Defender\MSASCui.exe
2676 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2740 C:\Windows\System32\rundll32.exe
2748 C:\Windows\System32\svchost.exe
2780 C:\Windows\RtHDVCpl.exe
2840 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
2864 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2976 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
3028 C:\Windows\System32\svchost.exe
3108 C:\Windows\System32\SearchIndexer.exe
3272 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3288 C:\Program Files\McAfee.com\Agent\mcagent.exe
3356 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3568 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
3732 C:\Program Files\Pando Networks\Media Booster\PMB.exe
2232 C:\Users\expert\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\26805.exe
2512 C:\Users\expert\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\53488.exe
2484 C:\Users\expert\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\7831.exe
1924 C:\Users\expert\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\81400.exe
2992 C:\Users\expert\AppData\Roaming\81400.exe
4548 C:\Windows\explorer.exe
4888 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4620 C:\Program Files\Mozilla Firefox\firefox.exe
1436 C:\Windows\System32\svchost.exe
5300 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4664 C:\Program Files\Common Files\Mcafee\Core\mchost.exe
5180 C:\Program Files\TuneUp Utilities 2011\Integrator.exe
3508 C:\Windows\System32\SearchProtocolHost.exe
5064 C:\Users\expert\Desktop\MBRCheck.exe
3796 C:\Windows\System32\WerFault.exe
5824 C:\Windows\System32\conime.exe
5088 C:\Program Files\McAfee.com\Agent\mcupdate.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM320JI, Rev: 2SS00_01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

DDS(2 logs)

* I couldn't get this one to work. It said it was an AutoCAD Script. It did open in notepad but it gave me only weird characters.


I hope i gave enough information, and i hope you can help me.
Thank you.

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ====================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Done as you said, here is the log file.



2011/03/05 18:50:32.0166 4876 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/05 18:50:33.0285 4876 ================================================== ==============================
2011/03/05 18:50:33.0285 4876 SystemInfo:
2011/03/05 18:50:33.0285 4876
2011/03/05 18:50:33.0285 4876 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/05 18:50:33.0285 4876 Product type: Workstation
2011/03/05 18:50:33.0285 4876 ComputerName: PC_VAN_EXPERT
2011/03/05 18:50:33.0286 4876 UserName: expert
2011/03/05 18:50:33.0286 4876 Windows directory: C:\Windows
2011/03/05 18:50:33.0286 4876 System windows directory: C:\Windows
2011/03/05 18:50:33.0286 4876 Processor architecture: Intel x86
2011/03/05 18:50:33.0286 4876 Number of processors: 2
2011/03/05 18:50:33.0286 4876 Page size: 0x1000
2011/03/05 18:50:33.0286 4876 Boot type: Normal boot
2011/03/05 18:50:33.0286 4876 ================================================== ==============================
2011/03/05 18:50:40.0620 4876 Initialize success
2011/03/05 18:50:45.0326 2512 ================================================== ==============================
2011/03/05 18:50:45.0326 2512 Scan started
2011/03/05 18:50:45.0326 2512 Mode: Manual;
2011/03/05 18:50:45.0326 2512 ================================================== ==============================
2011/03/05 18:50:45.0884 2512 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/05 18:50:45.0959 2512 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/05 18:50:46.0041 2512 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/05 18:50:46.0095 2512 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/05 18:50:46.0149 2512 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/05 18:50:46.0230 2512 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/05 18:50:46.0363 2512 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/05 18:50:46.0529 2512 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/05 18:50:46.0600 2512 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/05 18:50:46.0647 2512 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/05 18:50:46.0708 2512 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/05 18:50:46.0754 2512 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/05 18:50:46.0800 2512 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/05 18:50:46.0854 2512 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/05 18:50:46.0914 2512 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/05 18:50:46.0974 2512 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/05 18:50:47.0063 2512 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/05 18:50:47.0104 2512 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/05 18:50:47.0179 2512 athr (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys
2011/03/05 18:50:47.0405 2512 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/03/05 18:50:47.0452 2512 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/05 18:50:47.0520 2512 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/05 18:50:47.0568 2512 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/05 18:50:47.0620 2512 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/05 18:50:47.0667 2512 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/05 18:50:47.0731 2512 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/05 18:50:47.0785 2512 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/05 18:50:47.0835 2512 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/05 18:50:47.0881 2512 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/05 18:50:47.0952 2512 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/05 18:50:48.0019 2512 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/05 18:50:48.0077 2512 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/05 18:50:48.0136 2512 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
2011/03/05 18:50:48.0201 2512 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/05 18:50:48.0278 2512 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2011/03/05 18:50:48.0418 2512 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/03/05 18:50:48.0587 2512 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/03/05 18:50:48.0751 2512 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/05 18:50:48.0803 2512 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/05 18:50:48.0858 2512 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2011/03/05 18:50:48.0895 2512 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/05 18:50:48.0968 2512 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/05 18:50:49.0008 2512 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/05 18:50:49.0054 2512 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/05 18:50:49.0101 2512 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/05 18:50:49.0126 2512 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/05 18:50:49.0210 2512 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/05 18:50:49.0293 2512 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/05 18:50:49.0357 2512 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/05 18:50:49.0409 2512 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/05 18:50:49.0468 2512 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/05 18:50:49.0534 2512 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/05 18:50:49.0590 2512 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/05 18:50:49.0679 2512 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/05 18:50:49.0725 2512 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/05 18:50:49.0787 2512 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/05 18:50:49.0855 2512 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/05 18:50:49.0941 2512 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/05 18:50:50.0022 2512 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/05 18:50:50.0079 2512 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/05 18:50:50.0135 2512 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/05 18:50:50.0187 2512 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/05 18:50:50.0226 2512 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/05 18:50:50.0281 2512 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/05 18:50:50.0339 2512 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/05 18:50:50.0378 2512 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/05 18:50:50.0415 2512 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/05 18:50:50.0457 2512 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/05 18:50:50.0584 2512 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/03/05 18:50:50.0652 2512 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/05 18:50:50.0692 2512 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/05 18:50:50.0743 2512 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/05 18:50:50.0796 2512 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/05 18:50:50.0842 2512 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/05 18:50:50.0905 2512 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/05 18:50:50.0963 2512 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/05 18:50:51.0016 2512 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/05 18:50:51.0089 2512 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/05 18:50:51.0178 2512 iaStor (f263a9036f8897ffa2ae54685e03ad60) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/05 18:50:51.0224 2512 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/05 18:50:51.0294 2512 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/05 18:50:51.0414 2512 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/05 18:50:51.0525 2512 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/05 18:50:51.0558 2512 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/05 18:50:51.0614 2512 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/05 18:50:51.0684 2512 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/05 18:50:51.0753 2512 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/05 18:50:51.0798 2512 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/05 18:50:51.0847 2512 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/05 18:50:51.0908 2512 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/05 18:50:51.0949 2512 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/05 18:50:52.0011 2512 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/05 18:50:52.0052 2512 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/05 18:50:52.0089 2512 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/05 18:50:52.0144 2512 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/03/05 18:50:52.0254 2512 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/05 18:50:52.0332 2512 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/05 18:50:52.0390 2512 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/05 18:50:52.0428 2512 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/05 18:50:52.0491 2512 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/05 18:50:52.0540 2512 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/05 18:50:52.0617 2512 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/03/05 18:50:52.0714 2512 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/05 18:50:52.0774 2512 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/05 18:50:52.0847 2512 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2011/03/05 18:50:52.0884 2512 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2011/03/05 18:50:53.0018 2512 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2011/03/05 18:50:53.0073 2512 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2011/03/05 18:50:53.0192 2512 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2011/03/05 18:50:53.0226 2512 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/03/05 18:50:53.0305 2512 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2011/03/05 18:50:53.0403 2512 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2011/03/05 18:50:53.0522 2512 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
2011/03/05 18:50:53.0575 2512 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/05 18:50:53.0621 2512 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/05 18:50:53.0654 2512 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/05 18:50:53.0688 2512 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/05 18:50:53.0715 2512 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/05 18:50:53.0762 2512 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/05 18:50:53.0808 2512 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/05 18:50:53.0861 2512 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/05 18:50:53.0938 2512 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/05 18:50:54.0003 2512 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/05 18:50:54.0040 2512 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/05 18:50:54.0066 2512 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/05 18:50:54.0108 2512 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/05 18:50:54.0159 2512 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/05 18:50:54.0209 2512 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/05 18:50:54.0238 2512 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/05 18:50:54.0304 2512 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/05 18:50:54.0344 2512 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/05 18:50:54.0389 2512 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/05 18:50:54.0447 2512 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/05 18:50:54.0482 2512 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/05 18:50:54.0532 2512 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/05 18:50:54.0575 2512 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/05 18:50:54.0643 2512 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/05 18:50:54.0703 2512 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/05 18:50:54.0736 2512 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/05 18:50:54.0773 2512 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/05 18:50:54.0806 2512 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/05 18:50:54.0840 2512 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/05 18:50:54.0878 2512 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/05 18:50:54.0935 2512 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/05 18:50:55.0053 2512 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/03/05 18:50:55.0257 2512 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/03/05 18:50:55.0415 2512 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/05 18:50:55.0479 2512 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/05 18:50:55.0515 2512 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/05 18:50:55.0598 2512 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/05 18:50:55.0635 2512 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/05 18:50:55.0678 2512 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/05 18:50:55.0894 2512 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/05 18:50:56.0273 2512 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/05 18:50:56.0332 2512 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/05 18:50:56.0390 2512 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/05 18:50:56.0500 2512 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/05 18:50:56.0567 2512 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/05 18:50:56.0625 2512 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/05 18:50:56.0659 2512 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/05 18:50:56.0712 2512 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/05 18:50:56.0753 2512 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/05 18:50:56.0806 2512 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/05 18:50:56.0867 2512 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/05 18:50:56.0982 2512 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/05 18:50:57.0028 2512 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/05 18:50:57.0110 2512 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/05 18:50:57.0157 2512 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/05 18:50:57.0222 2512 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/05 18:50:57.0293 2512 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/05 18:50:57.0333 2512 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/05 18:50:57.0370 2512 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/05 18:50:57.0402 2512 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/05 18:50:57.0460 2512 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/05 18:50:57.0519 2512 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/05 18:50:57.0568 2512 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/05 18:50:57.0608 2512 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/05 18:50:57.0666 2512 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/05 18:50:57.0695 2512 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/05 18:50:57.0785 2512 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/05 18:50:57.0860 2512 RFCOMM (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/05 18:50:58.0013 2512 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/05 18:50:58.0125 2512 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/05 18:50:58.0218 2512 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/05 18:50:58.0295 2512 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/05 18:50:58.0376 2512 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/05 18:50:58.0448 2512 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/05 18:50:58.0513 2512 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/05 18:50:58.0573 2512 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/05 18:50:58.0661 2512 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/05 18:50:58.0750 2512 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/05 18:50:58.0795 2512 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/05 18:50:58.0839 2512 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/05 18:50:58.0889 2512 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/05 18:50:58.0985 2512 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/05 18:50:59.0048 2512 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/05 18:50:59.0100 2512 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/05 18:50:59.0199 2512 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/05 18:50:59.0250 2512 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/05 18:50:59.0320 2512 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\Windows\System32\Drivers\sptd.sys
2011/03/05 18:50:59.0321 2512 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
2011/03/05 18:50:59.0327 2512 sptd - detected Locked file (1)
2011/03/05 18:50:59.0385 2512 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/05 18:50:59.0430 2512 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/05 18:50:59.0471 2512 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/05 18:50:59.0517 2512 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/05 18:50:59.0572 2512 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/05 18:50:59.0620 2512 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/05 18:50:59.0683 2512 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/05 18:50:59.0775 2512 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/05 18:50:59.0931 2512 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/05 18:50:59.0979 2512 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/05 18:51:00.0015 2512 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/05 18:51:00.0062 2512 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/05 18:51:00.0111 2512 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/05 18:51:00.0176 2512 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/05 18:51:00.0226 2512 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/05 18:51:00.0302 2512 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
2011/03/05 18:51:00.0448 2512 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/05 18:51:00.0538 2512 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/03/05 18:51:00.0574 2512 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/05 18:51:00.0600 2512 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/05 18:51:00.0660 2512 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/05 18:51:00.0722 2512 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/05 18:51:00.0787 2512 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/05 18:51:00.0832 2512 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/05 18:51:00.0877 2512 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/05 18:51:00.0943 2512 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/05 18:51:00.0988 2512 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/05 18:51:01.0061 2512 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/05 18:51:01.0221 2512 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/05 18:51:01.0259 2512 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/05 18:51:01.0314 2512 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/05 18:51:01.0367 2512 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/05 18:51:01.0403 2512 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/05 18:51:01.0461 2512 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/05 18:51:01.0536 2512 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/05 18:51:01.0619 2512 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/05 18:51:01.0673 2512 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/05 18:51:01.0745 2512 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/05 18:51:01.0825 2512 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/05 18:51:01.0895 2512 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/05 18:51:01.0933 2512 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/05 18:51:01.0978 2512 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/05 18:51:02.0043 2512 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/05 18:51:02.0101 2512 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/05 18:51:02.0157 2512 VMC302 (2b0970a8c0a65874eff4aa436e651d85) C:\Windows\system32\Drivers\VMC302.sys
2011/03/05 18:51:02.0264 2512 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/05 18:51:02.0318 2512 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/05 18:51:02.0374 2512 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/05 18:51:02.0418 2512 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/05 18:51:02.0496 2512 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/05 18:51:02.0546 2512 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 18:51:02.0567 2512 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 18:51:02.0624 2512 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/05 18:51:02.0670 2512 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/05 18:51:02.0749 2512 WFMC_VAD (8563fced6483ca76fc130f1ff6f20278) C:\Windows\system32\DRIVERS\wfmcvad.sys
2011/03/05 18:51:02.0901 2512 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/05 18:51:02.0988 2512 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/05 18:51:03.0037 2512 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/05 18:51:03.0100 2512 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/05 18:51:03.0177 2512 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/03/05 18:51:03.0560 2512 ================================================== ==============================
2011/03/05 18:51:03.0560 2512 Scan finished
2011/03/05 18:51:03.0560 2512 ================================================== ==============================
2011/03/05 18:51:03.0573 6080 Detected object count: 1
2011/03/05 18:51:17.0447 6080 Locked file(sptd) - User select action: Skip

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!