I believe the first part is done right.
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-07-25 13:47:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34
Running: gmer.exe; Driver: C:\DOCUME~1\Sharon\LOCALS~1\Temp\kxpiypow.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF72895D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF72895E4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7289610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7289666]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF72895BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7289594]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72895A8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF72895FA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF728963C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7289626]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7289690]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF728967C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7289650]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8050222C 7 Bytes JMP F7289654 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75AE 7 Bytes JMP F728966A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83C4 5 Bytes JMP F7289680 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B60FE 5 Bytes JMP F7289640 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C13E2 5 Bytes JMP F7289598 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C166E 5 Bytes JMP F72895AC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C866A 5 Bytes JMP F7289694 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80619154 7 Bytes JMP F728962A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061A604 7 Bytes JMP F72895FE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061ABE2 5 Bytes JMP F72895D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061B07E 7 Bytes JMP F72895E8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B24E 7 Bytes JMP F7289614 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061BFC0 5 Bytes JMP F72895C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5A6D360, 0x2456AE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB00A4
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0093
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0058
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F83
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F94
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00E6
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F4D
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0101
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FDB
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB00BF
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0022
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F68
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA009F
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA008E
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA007D
.text C:\WINDOWS\system32\svchost.exe[108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\svchost.exe[108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930FA1
.text C:\WINDOWS\system32\svchost.exe[108] msvcrt.dll!system 77C293C7 5 Bytes JMP 0093002C
.text C:\WINDOWS\system32\svchost.exe[108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FBC
.text C:\WINDOWS\system32\svchost.exe[108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930011
.text C:\WINDOWS\system32\svchost.exe[108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00910FCD
.text C:\WINDOWS\system32\svchost.exe[108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01120000
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0112002C
.text C:\WINDOWS\Explorer.EXE[276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01120011
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02DE0FEF
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02DE006E
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02DE005D
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02DE0040
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02DE0F8D
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02DE0FAF
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02DE0F43
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02DE0F54
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02DE00C1
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02DE00A6
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02DE0F0D
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02DE0F9E
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02DE0FD4
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02DE007F
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02DE001B
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02DE000A
.text C:\WINDOWS\Explorer.EXE[276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02DE0F28
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02DD0FC3
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02DD0F86
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02DD0FD4
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02DD0000
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02DD0FA1
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02DD0FEF
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02DD0FB2
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FD, 8A]
.text C:\WINDOWS\Explorer.EXE[276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02DD002F
.text C:\WINDOWS\Explorer.EXE[276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02DC0F7F
.text C:\WINDOWS\Explorer.EXE[276] msvcrt.dll!system 77C293C7 5 Bytes JMP 02DC000A
.text C:\WINDOWS\Explorer.EXE[276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02DC0FB5
.text C:\WINDOWS\Explorer.EXE[276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02DC0FEF
.text C:\WINDOWS\Explorer.EXE[276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02DC0F9A
.text C:\WINDOWS\Explorer.EXE[276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02DC0FD2
.text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 017F0FEF
.text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 017F0FDE
.text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 017F001E
.text C:\WINDOWS\Explorer.EXE[276] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 017F0039
.text C:\WINDOWS\Explorer.EXE[276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01800000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1028] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1028] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D90F7E
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90073
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D90062
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D90FA5
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D90036
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D90F46
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D90F57
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D900D5
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D900C4
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D90F17
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D90047
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D9008E
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D90FCA
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D900A9
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070065
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060022
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FCD
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90089
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90078
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F9005B
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F9004A
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900BC
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F900AB
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F48
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F59
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F2D
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FC3
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F9009A
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90025
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900D7
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8005B
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F8004A
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80F9E
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70F89
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70F9A
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FAB
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70FD2
.text C:\WINDOWS\system32\lsass.exe[1040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EC0FE5
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EC0FC0
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F44
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F5F
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40F70
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40F8D
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F4006A
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F22
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40ED8
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F4007B
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40EBD
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40F9E
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40F33
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40014
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40EFD
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F3006C
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FCA
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30FA5
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F30047
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F3002C
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FB7
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0042
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FD2
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C70FD4
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0062
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0F77
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0F88
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0F50
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0098
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00D8
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB00C7
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB0F24
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB0051
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB007D
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB0036
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB0025
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB0F3F
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CA0014
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CA0039
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CA0F7C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CA0F8D
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP 50C03388
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CA0F9E
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C9004E
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C90FDE
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C90033
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C9000C
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03890000
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03890FD4
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03890FE5
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03A60000
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03A60F52
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03A60051
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03A60F77
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03A60F94
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03A6002C
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03A60089
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03A60F41
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03A600BF
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03A600A4
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03A60F0B
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03A60FAF
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03A60FE5
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03A6006C
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03A6001B
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03A60FCA
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03A60F1C
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03A50FE5
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03A50F83
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03A50036
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03A50025
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03A50FA8
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03A50000
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03A50FB9
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C5, 8B]
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03A50FD4
.text C:\WINDOWS\System32\svchost.exe[1412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03A40025
.text C:\WINDOWS\System32\svchost.exe[1412] msvcrt.dll!system 77C293C7 5 Bytes JMP 03A40F9A
.text C:\WINDOWS\System32\svchost.exe[1412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03A40FB5
.text C:\WINDOWS\System32\svchost.exe[1412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03A40FE3
.text C:\WINDOWS\System32\svchost.exe[1412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03A4000A
.text C:\WINDOWS\System32\svchost.exe[1412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03A40FC6
.text C:\WINDOWS\System32\svchost.exe[1412] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03A30FEF
.text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 03A2000A
.text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 03A2001B
.text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 03A2002C
.text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 03A2003D
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00740FD4
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780040
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0078002F
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F61
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780F72
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780F9E
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F1F
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F30
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780EF0
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780089
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780EDF
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780F83
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FDE
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0078005B
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780014
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FC3
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780078
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0077002F
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770FA8
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770014
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770FDE
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770065
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00770FC3
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [97, 88]
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770040
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760044
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760033
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760011
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FE3
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760022
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B6001B
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90045
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F50
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F61
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F7C
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90014
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90EFD
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F18
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B9007B
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90EEC
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90096
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F8D
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F35
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B9006A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80036
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80076
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8005B
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FD9
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B7005A
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70038
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70049
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7001D
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20064
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F6F
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20053
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FA8
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F2D
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20075
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200AB
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F12
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20EF7
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20025
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20F54
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C2009A
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10062
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00F9C
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FB7
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00FD2
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00027
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FE3
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F83
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027006E
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270051
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270040
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700B0
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F17
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F32
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700CB
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270093
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360047
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360087
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0037003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00E00FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00E00000
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00E0001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00E00036
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A10F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01760000
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!send 71AB4C27 6 Bytes JMP 719B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71920F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!recv 71AB676F 6 Bytes JMP 71980F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71950F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1584] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 718F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150014
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270084
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270073
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270047
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700A6
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700E3
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700D2
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F2F
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270095
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270022
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700C1
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360FBD
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360022
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036007A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036005F
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036004E
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD7
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370011
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E70000
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!send 71AB4C27 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71960F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71990F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 01E10FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 01E10000
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 01E1001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 01E10FCA
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----