Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my computer is so slow recently

Started by Le Fou , Jul 04 2010 08:05 AM

  • Please log in to reply

#1
Le Fou
Posted 04 July 2010 - 08:05 AM

Le Fou

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

a 4 or 5 days ago, my computer is being very slow, I am using a dual boot (linux ubuntu and windows xp pro), the nativirus I am using is the original Mcafee virus scan, and I ahve commodo firewall too.

the problem is, when my computer becomes extremely slow (the last 5 days) and I can't even play a song with mediaplayer, the song you hear is like if you had a scratched cd, so it keeps on jumping or sometimes you even loose the sound, I thought it was my sound card, so I tried to listen to the songs with Linux and it's working fine, so the problem is coming from the fact that windows xp is very slow, so what I did is I tried the hijackthis and I am posting here the report,

is there anyone who can help me with hijackthis, since I am not an expert,

thanking you in advance,


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:32, on 10-07-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\keyacc32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nasd1901\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nasd1901\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - S-1-5-18 Startup: Dropbox.lnk = C:\Documents and Settings\nasd1901\Application Data\Dropbox\bin\Dropbox.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: VMPlayer2436327886.lnk = C:\Program Files\Vitrine multimedia\VMPlayer.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\nasd1901\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')
O4 - .DEFAULT Startup: VMPlayer2436327886.lnk = C:\Program Files\Vitrine multimedia\VMPlayer.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\nasd1901\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: VMPlayer2436327886.lnk = C:\Program Files\Vitrine multimedia\VMPlayer.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: ppopup.lnk = C:\Program Files\pcounter\PPOPUP.EXE
O4 - Global Startup: wbalance.lnk = C:\Program Files\pcounter\WBALANCE.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flsh-edu.usherbrooke.ca
O17 - HKLM\Software\..\Telephony: DomainName = flsh-edu.usherbrooke.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = flsh-edu.usherbrooke.ca
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/nasd1901/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/nasd1901/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/nasd1901/LOCALS~1/Temp/msohtml1/01/clip_image003.gif

--
End of file - 12147 bytes




Le Fou
  • 0

Advertisements

#2
Le Fou
Posted 06 July 2010 - 04:45 PM

Le Fou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-04 23:12:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\nasd1901\LOCALS~1\Temp\pwliypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA4747694]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA4746C38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA47472FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xA4747EE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA4746B14]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA4749DE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA474A1B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA47464FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xA4747880]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xA4747A74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA47462EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA474860A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA4748864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA47499DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA4746ED4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA47474D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xA4747ED8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xA4745F28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA4747184]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xA474611E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA4748A80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA4748EFE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA4748CA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA4748422]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA4749472]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA4749726]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA4747CB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA4749BD6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xA47481AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA4746E6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA4747070]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA4746912]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA47466FC]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9F3F58AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x9F3F58D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x9F3F5895]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x9F3F58EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x9F3F58BF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2410 80501C48 4 Bytes CALL 7CF490CB
.text ntkrnlpa.exe!ZwYieldExecution 80502244 7 Bytes JMP 9F3F58C3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP 9F3F58D9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP 9F3F58EF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA88 7 Bytes JMP 9F3F5899 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74A0 5 Bytes JMP 9F3F58AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00970F5C
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00970F77
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00970F88
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00970051
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00970040
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00970F24
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00970F35
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009700AC
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00970091
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009700C7
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00970FAF
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0097006C
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0097002F
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00970FDE
.text C:\WINDOWS\system32\svchost.exe[320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00970F13
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00960047
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00960FAF
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00960FD4
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 0096002C
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00960F8A
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [B9, 88]
.text C:\WINDOWS\system32\svchost.exe[320] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00960011
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00950FB2
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0095003D
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00950022
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00950FCD
.text C:\WINDOWS\system32\svchost.exe[320] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00950011
.text C:\WINDOWS\system32\svchost.exe[320] WS2_32.dll!socket 719F4211 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0F77
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F92
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0076
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD00AE
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD009D
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F4B
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00E4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F3A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0065
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F66
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD00C9
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00BB0033
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00BB0018
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00BB0FCD
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[416] WS2_32.dll!socket 719F4211 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 015B0FEF
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 015B0000
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 015B0FCA
.text C:\WINDOWS\system32\svchost.exe[416] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 015B0011
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F8B
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F9C
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40076
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F4005B
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F400C2
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F70
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F33
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F44
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40F18
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4001B
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40091
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40040
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40F55
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00F30F83
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00F3001B
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00F30F94
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00F30036
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00F30FAF
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00F10020
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00F10F95
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00F10FC1
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00F10FB0
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00F10FD2
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00EF0011
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00EF0FDB
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!socket 719F4211 5 Bytes JMP 00F0000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0129000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01290F9B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0129009A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0129007F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01290062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01290047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01290F6F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01290F8A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012900DC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01290F43
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012900F7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01290FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01290FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012900AB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01290036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01290025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01290F5E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 01270014
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 01270051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 01270FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01270FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01270F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01270FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 01270040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01270025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 0126008B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] msvcrt.dll!system 77BF93C7 5 Bytes JMP 01260070
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0126003A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] msvcrt.dll!_open 77BFF566 5 Bytes JMP 0126000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0126005F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0126001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[976] WS2_32.dll!socket 719F4211 5 Bytes JMP 0125000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009A0F70
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A0F81
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009A0F92
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A0FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A0036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009A0091
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009A0080
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A0F27
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A00B6
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A00DB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A0051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009A0F5F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009A0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009A0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009A0F38
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00990011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00990040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00990000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00990FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00990F83
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00990FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00990F94
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [BC, 88]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00990FA5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00980033
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00980FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00980FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00980000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00980022
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00980011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1248] WS2_32.dll!socket 719F4211 5 Bytes JMP 00970000
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010E0000
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010E0087
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010E0076
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010E0065
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010E0054
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010E0039
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010E00AC
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010E0F66
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010E0F24
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010E0F49
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010E0F09
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010E0FB2
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010E0F77
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 3 Bytes JMP 010E0FCD
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateNamedPipeW + 4 7C82F0E1 1 Byte [84]
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010E0FDE
.text C:\WINDOWS\system32\services.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010E00C7
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00FF0F8A
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00FF0FA5
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00FF0FB6
.text C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00FE0047
.text C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00FE0FB2
.text C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[1548] WS2_32.dll!socket 719F4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011D0FE5
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011D0F52
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011D0047
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011D0036
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011D0F83
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011D0FA8
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011D0F1F
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011D0F30
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011D0EE2
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011D0EFD
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011D0096
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011D0025
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011D0000
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011D0F41
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011D0FB9
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011D0FD4
.text C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011D0F0E
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 011C0022
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 011C0F80
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 011C0FD1
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 011C0011
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 011C003D
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 011C0000
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 011C0F9B
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [3F, 89]
.text C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 011C0FB6
.text C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00FA0FB2
.text C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00FA0FC3
.text C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00FA0FDE
.text C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00FA0033
.text C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00FA000C
.text C:\WINDOWS\system32\lsass.exe[1560] WS2_32.dll!socket 719F4211 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0082
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0071
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0F97
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FB2
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FC3
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF00A4
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0093
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF00BF
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF0F1C
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00DA
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF004A
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F68
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F37
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00CE007D
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00CE0062
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00CE0051
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00CD0FE3
.text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00CD0064
.text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00CD002E
.text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00CD0053
.text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 719F4211 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DF0F52
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DF0047
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DF0F6D
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DF0036
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DF0FAF
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DF0F10
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DF0F21
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DF0EEB
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DF0084
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DF009F
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DF0F94
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DF0011
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DF0058
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DF0FC0
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DF0FD1
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DF0073
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00DE0025
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00DE005B
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00DE0FCA
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00DE0F94
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00DE0036
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00DE0FAF
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00DD001D
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00DD0F92
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00DD000C
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00DD0FAD
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00DD0FD2
.text C:\WINDOWS\system32\svchost.exe[1820] WS2_32.dll!socket 719F4211 5 Bytes JMP 00DC0000
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1872] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025C0000
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025C0080
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025C0F81
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025C005B
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025C0F9E
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025C0039
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025C0F4B
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025C0F66
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025C00C9
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025C0F3A
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025C0F0B
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025C004A
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025C0FE5
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025C0091
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025C0FC3
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025C0FD4
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025C00B8
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 025B0036
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 025B0073
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 025B0FE5
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 025B001B
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 025B0062
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 025B000A
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 025B0FC0
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [7E, 8A] {JLE 0xffffffffffffff8c}
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 025B0047
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 025A0FB9
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!system 77BF93C7 5 Bytes JMP 025A004E
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 025A0FEF
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_open 77BFF566 5 Bytes JMP 025A0000
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 025A0FD4
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 025A0029
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 02580000
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 02580FDB
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 0258001B
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 02580FCA
.text C:\WINDOWS\system32\svchost.exe[1996] WS2_32.dll!socket 719F4211 5 Bytes JMP 02590000
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002600AB
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260090
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260073
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600E1
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F8F
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260117
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260128
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600BC
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260051
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600F2
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00350FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0035009B
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 0035002F
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 0035008A
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 0035006F
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00350054
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00360F7F
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00360F90
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00360FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00360FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00360FD7
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 01290000
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 01290011
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 01290FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 0129002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ws2_32.dll!socket 719F4211 5 Bytes JMP 01F40FE5
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806C580 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806C3E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806C360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806C630 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806C460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806C6A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806BFC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 2806C4F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 2806BAD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 2806BB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28070560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 2806E560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 2806FB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 2806FC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280702B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 2806DB40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 2806FBA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28070430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 2806FE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 2806EBE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 280748C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WS2_32.dll!send 719F4C27 5 Bytes JMP 28074580 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 280743D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WS2_32.dll!recv 719F676F 5 Bytes JMP 280742A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 280746F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 5 Bytes JMP 2806D230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] ole32.dll!CoInitializeEx 774BEF7B 5 Bytes JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 2806CC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] ole32.dll!CoRegisterClassObject 774D7E90 5 Bytes JMP 2806CA00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 280734B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 280735F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 28073350 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2464] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 28073550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002600BA
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260095
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260FC7
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026007A
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026004E
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260101
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600E6
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260130
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F72
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0026005F
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600CB
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00350FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00350F79
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00350FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00350F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 0035002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00360044
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00360033
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00AD0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00AD0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00AD0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00AD0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ws2_32.dll!socket 719F4211 5 Bytes JMP 00B10000
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0089
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F8A
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F9B
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A004E
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A003D
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00DC
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00C1
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F79
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0108
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0123
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A009A
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0022
.text C:\WINDOWS\Explorer.EXE[3224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00ED
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0029006F
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00290014
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00290054
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00290043
.text C:\WINDOWS\Explorer.EXE[3224] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00290FB2
.text C:\WINDOWS\Explorer.EXE[3224] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 002A0FB0
.text C:\WINDOWS\Explorer.EXE[3224] msvcrt.dll!system 77BF93C7 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\Explorer.EXE[3224] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\Explorer.EXE[3224] msvcrt.dll!_open 77BFF566 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[3224] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\Explorer.EXE[3224] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\Explorer.EXE[3224] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[3224] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[3224] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[3224] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[3224] WS2_32.dll!socket 719F4211 5 Bytes JMP 019B0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F65
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F76
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F91
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F39
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260081
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F1E
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600B7
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F0D
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0026004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F4A
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260022
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0026009C
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 0035002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00350051
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00350F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [58, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D854C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F547AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F54674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F546D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00360FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00360FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00360FD7
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 01290FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 01290000
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 01290FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 01290011
.text C:\Program Files\Internet Explorer\iexplore.exe[3388] ws2_32.dll!socket 719F4211 5 Bytes JMP 01F70FE5
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3524] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 2 Bytes JMP 006ECF90 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3524] ntdll.dll!NtAllocateVirtualMemory + 3 7C91CF71 2 Bytes [DD, 83]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36DCCB22-11EF-0B67-A6D5-D31F27904F32}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36DCCB22-11EF-0B67-A6D5-D31F27904F32}@habnkemphcijlnjn 0x66 0x61 0x63 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36DCCB22-11EF-0B67-A6D5-D31F27904F32}@iaaodkjajlphchejln 0x6A 0x61 0x6D 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36DCCB22-11EF-0B67-A6D5-D31F27904F32}@haknnlbdmgjdgfgo 0x6A 0x61 0x6E 0x61 ...

---- EOF - GMER 1.0.15 ----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP