GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-12 03:33:04 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04 Running: w493vyo4.exe; Driver: C:\Users\fitriya.yp\AppData\Local\Temp\awrdypob.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8C1E09BE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8C1E0958] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8C1E096C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8C1E09FC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8C1E0A3F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8C1E0930] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8C1E0944] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8C1E09D2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8C1E0A67] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8C1E0A53] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8C1E09AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8C1E0996] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8C1E0A2B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8C1E0A12] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8C1E09E8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8C1E0982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 82871190 5 Bytes JMP 8C1E09EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 82A0B17C 5 Bytes JMP 8C1E0A43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess 82A12DD5 5 Bytes JMP 8C1E0986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 82A2CF8A 5 Bytes JMP 8C1E0A2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 82A4C1D4 5 Bytes JMP 8C1E0948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 82A5BB10 5 Bytes JMP 8C1E0934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 82A6E74E 7 Bytes JMP 8C1E0A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82A6EDA5 5 Bytes JMP 8C1E0A16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 82A70FB6 5 Bytes JMP 8C1E09C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 82A7E674 5 Bytes JMP 8C1E099A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82A808CE 7 Bytes JMP 8C1E09D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 82A9F452 5 Bytes JMP 8C1E0A57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 82AA049E 5 Bytes JMP 8C1E0A6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 82ADE1AF 5 Bytes JMP 8C1E095C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ADE1FA 7 Bytes JMP 8C1E0970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 82ADECB7 5 Bytes JMP 8C1E09AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\services.exe[668] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 001E0F47 .text C:\Windows\system32\services.exe[668] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 001E008D .text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 001E00CD .text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 001E0F2C .text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 001E0F73 .text C:\Windows\system32\services.exe[668] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 001E0FC3 .text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 001E0F90 .text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 001E0FB2 .text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 001E0068 .text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 001E0FA1 .text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 001E0039 .text C:\Windows\system32\services.exe[668] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 001E0F62 .text C:\Windows\system32\services.exe[668] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 001E00DE .text C:\Windows\system32\services.exe[668] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 001E0FEF .text C:\Windows\system32\services.exe[668] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 001E000A .text C:\Windows\system32\services.exe[668] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 001E0FDE .text C:\Windows\system32\services.exe[668] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 001E00A8 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00710047 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00710FC0 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00710000 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00710FA5 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00710F8A .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00710FD1 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00710011 .text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00710022 .text C:\Windows\system32\services.exe[668] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00760027 .text C:\Windows\system32\services.exe[668] msvcrt.dll!system 77238B63 5 Bytes JMP 00760F9C .text C:\Windows\system32\services.exe[668] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00760FD2 .text C:\Windows\system32\services.exe[668] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 0076000C .text C:\Windows\system32\services.exe[668] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00760FC1 .text C:\Windows\system32\services.exe[668] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00760FE3 .text C:\Windows\system32\services.exe[668] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00700000 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00A10097 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00A10086 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00A100D0 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00A10F2F .text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00A10064 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00A1002C .text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00A10F8A .text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00A10F9B .text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00A10075 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00A10047 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00A10FC0 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00A10F5B .text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00A10F1E .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00A10FE5 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00A10000 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00A10011 .text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00A10F40 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00A30F94 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00A30FA5 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00A30FEF .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00A30036 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00A3005B .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00A30000 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00A30FCA .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00A30011 .text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00A40038 .text C:\Windows\system32\lsass.exe[708] msvcrt.dll!system 77238B63 5 Bytes JMP 00A4001D .text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00A40FB7 .text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00A40FE3 .text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00A4000C .text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00A40FD2 .text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00A20FEF .text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 002D0F6B .text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 002D00B1 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 002D00F1 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 002D0F5A .text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 002D0F97 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 002D0025 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 002D0FA8 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 002D0051 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 002D0096 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 002D0FB9 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 002D0040 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 002D0F7C .text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 002D010C .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 002D0000 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 002D0FE5 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 002D0FD4 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 002D00D6 .text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00300051 .text C:\Windows\system32\svchost.exe[868] msvcrt.dll!system 77238B63 5 Bytes JMP 0030002C .text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00300FD7 .text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00300000 .text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00300FBC .text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00300011 .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 002F006C .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 002F0FD4 .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 002F0000 .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 002F005B .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 002F0FB9 .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 002F0FE5 .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 002F0025 .text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 002F0040 .text C:\Windows\system32\svchost.exe[868] WS2_32.dll!socket 761E36D1 5 Bytes JMP 002E0000 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00260F3C .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00260082 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 002600C9 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 002600AE .text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00260F68 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00260011 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 0026004C .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00260F9E .text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 0026005D .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00260F83 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00260FAF .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00260F57 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00260F17 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00260FE5 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00260000 .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00260FCA .text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00260093 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 003D005F .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 77238B63 5 Bytes JMP 003D0044 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 003D0FDE .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 003D0FEF .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 003D0033 .text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 003D0018 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00280FB9 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00280040 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 0028000A .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 0028005B .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00280076 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00280025 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00280FEF .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00280FDE .text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00270000 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00250089 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 0025006E .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00250F0D .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00250F28 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 0025005D .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 0025001B .text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00250F83 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00250FAF .text C:\Windows\System32\svchost.exe[972] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00250F68 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00250F9E .text C:\Windows\System32\svchost.exe[972] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 0025002C .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00250F43 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00250EFC .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00250FE5 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00250000 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00250FCA .text C:\Windows\System32\svchost.exe[972] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 002500A4 .text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 01290062 .text C:\Windows\System32\svchost.exe[972] msvcrt.dll!system 77238B63 5 Bytes JMP 0129003D .text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 0129002C .text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 01290000 .text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 01290FD7 .text C:\Windows\System32\svchost.exe[972] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 01290011 .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00280F8A .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 0028002C .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00280000 .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00280FA5 .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00280047 .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00280FCA .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00280FE5 .text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 0028001B .text C:\Windows\System32\svchost.exe[972] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00270FEF .text C:\Windows\System32\svchost.exe[972] wininet.dll!InternetOpenA 760ED690 5 Bytes JMP 00260FE5 .text C:\Windows\System32\svchost.exe[972] wininet.dll!InternetOpenW 760EDB09 5 Bytes JMP 00260FD4 .text C:\Windows\System32\svchost.exe[972] wininet.dll!InternetOpenUrlA 760EF3A4 5 Bytes JMP 00260FC3 .text C:\Windows\System32\svchost.exe[972] wininet.dll!InternetOpenUrlW 76136DDF 5 Bytes JMP 00260FB2 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00100F39 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00100089 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00100F03 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 0010009A .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 0010005D .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00100014 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00100F83 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00100036 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 0010006E .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00100F9E .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00100025 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00100F5E .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00100EF2 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00100FD4 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00100FEF .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00100FC3 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00100F1E .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00130040 .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!system 77238B63 5 Bytes JMP 00130FB5 .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00130FC6 .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00130000 .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 0013001B .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00130FD7 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00120F8D .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00120FB9 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00120000 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00120F9E .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 0012004A .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00120011 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00120FE5 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00120FCA .text C:\Windows\System32\svchost.exe[1028] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00110000 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 003100BB .text C:\Windows\Explorer.EXE[1092] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 003100AA .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00310F50 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 003100DD .text C:\Windows\Explorer.EXE[1092] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00310060 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00310FD4 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00310F86 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00310FA8 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00310F75 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00310F97 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00310FC3 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00310085 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00310F3F .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 0031000A .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00310FEF .text C:\Windows\Explorer.EXE[1092] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00310025 .text C:\Windows\Explorer.EXE[1092] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 003100CC .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 008E0062 .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 008E002C .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 008E0FEF .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 008E0047 .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 008E0073 .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 008E000A .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 008E0FDE .text C:\Windows\Explorer.EXE[1092] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 008E001B .text C:\Windows\Explorer.EXE[1092] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 01DA007A .text C:\Windows\Explorer.EXE[1092] msvcrt.dll!system 77238B63 5 Bytes JMP 01DA0069 .text C:\Windows\Explorer.EXE[1092] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 01DA0029 .text C:\Windows\Explorer.EXE[1092] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 01DA0000 .text C:\Windows\Explorer.EXE[1092] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 01DA0044 .text C:\Windows\Explorer.EXE[1092] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 01DA0FEF .text C:\Windows\Explorer.EXE[1092] WININET.dll!InternetOpenA 760ED690 5 Bytes JMP 008C0000 .text C:\Windows\Explorer.EXE[1092] WININET.dll!InternetOpenW 760EDB09 5 Bytes JMP 008C0011 .text C:\Windows\Explorer.EXE[1092] WININET.dll!InternetOpenUrlA 760EF3A4 5 Bytes JMP 008C0FDB .text C:\Windows\Explorer.EXE[1092] WININET.dll!InternetOpenUrlW 76136DDF 5 Bytes JMP 008C0FCA .text C:\Windows\Explorer.EXE[1092] WS2_32.dll!socket 761E36D1 5 Bytes JMP 008D0FE5 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00EE0F37 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00EE0F52 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00EE00C7 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00EE0F26 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00EE007D .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00EE0025 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00EE0FA3 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00EE0047 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00EE0F7E .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00EE006C .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00EE0036 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00EE0F6D .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00EE0F0B .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00EE0014 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00EE0FEF .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00EE0FD4 .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00EE00A2 .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00FF0064 .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!system 77238B63 5 Bytes JMP 00FF0053 .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00FF0027 .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00FF0000 .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00FF0042 .text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00FF0FE3 .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00FE005B .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00FE0FB9 .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00FE0FEF .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00FE0040 .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00FE0F9E .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00FE0014 .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00FE0FDE .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00FE002F .text C:\Windows\System32\svchost.exe[1108] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00FD0FEF .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00FF00B9 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00FF0F69 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00FF00D4 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00FF0F3D .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00FF0F8B .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00FF0FE5 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00FF0F9C .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00FF0FD4 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00FF0F7A .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00FF0FB9 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00FF005B .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00FF0094 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00FF00EF .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00FF0011 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00FF0000 .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00FF002C .text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00FF0F58 .text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 01220038 .text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 77238B63 5 Bytes JMP 01220027 .text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 01220FD2 .text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 01220000 .text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 01220FB7 .text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 01220FE3 .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 01210036 .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 0121001B .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 01210000 .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 01210F94 .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 01210047 .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 01210FCA .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 01210FDB .text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 01210FAF .text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 761E36D1 5 Bytes JMP 01200FE5 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00440F6F .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 004400B5 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00440F28 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00440F43 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00440089 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 0044001B .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00440FA5 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00440047 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00440F94 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00440058 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 0044002C .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 004400A4 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 004400D0 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00440FD4 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00440FEF .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00440000 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00440F54 .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00810FA3 .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!system 77238B63 5 Bytes JMP 00810038 .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 0081000C .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00810FEF .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00810027 .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00810FD2 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00800040 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00800FB9 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00800FEF .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00800F9E .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 0080005B .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00800FDE .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00800014 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 0080002F .text C:\Windows\system32\svchost.exe[1268] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00460000 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00960F76 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 009600BC .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00960F40 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00960F5B .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00960090 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00960FD4 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00960073 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00960051 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 009600AB .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00960062 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00960040 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00960F91 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00960F2F .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00960000 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00960FE5 .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 0096001B .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 009600D7 .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00A6003B .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!system 77238B63 5 Bytes JMP 00A60FB0 .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00A60FC1 .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00A60FE3 .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00A60016 .text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00A60FD2 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00990070 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 0099004E .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00990000 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 0099005F .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00990081 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 0099002C .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 0099001B .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 0099003D .text C:\Windows\system32\svchost.exe[1328] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00980000 .text C:\Windows\system32\svchost.exe[1328] WinInet.dll!InternetOpenA 760ED690 5 Bytes JMP 0097000A .text C:\Windows\system32\svchost.exe[1328] WinInet.dll!InternetOpenW 760EDB09 5 Bytes JMP 00970FEF .text C:\Windows\system32\svchost.exe[1328] WinInet.dll!InternetOpenUrlA 760EF3A4 5 Bytes JMP 00970025 .text C:\Windows\system32\svchost.exe[1328] WinInet.dll!InternetOpenUrlW 76136DDF 5 Bytes JMP 00970FCA .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00C60F13 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00C60F2E .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00C60ED3 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00C60EF8 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00C60F6B .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00C60F9E .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00C60039 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00C60014 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00C60F5A .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00C60F7C .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00C60F8D .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00C60F3F .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00C60EC2 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00C60FD4 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00C60FEF .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00C60FB9 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00C6006A .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00D50FBE .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!system 77238B63 5 Bytes JMP 00D50053 .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00D5002E .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00D50000 .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00D50FE3 .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00D5001D .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00D40F79 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00D40FAF .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00D40000 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00D40F9E .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00D40F68 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00D40FCA .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00D40FE5 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00D4001B .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00C70000 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00230F81 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00230F92 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00230107 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00230F66 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00230087 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 0023002F .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00230FB9 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00230051 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 002300A2 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 0023006C .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00230040 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 002300BD .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00230122 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00230FD4 .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00230FEF .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 0023000A .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 002300EC .text C:\Windows\system32\svchost.exe[1780] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00270038 .text C:\Windows\system32\svchost.exe[1780] msvcrt.dll!system 77238B63 5 Bytes JMP 00270FAD .text C:\Windows\system32\svchost.exe[1780] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00270027 .text C:\Windows\system32\svchost.exe[1780] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00270FEF .text C:\Windows\system32\svchost.exe[1780] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00270FC8 .text C:\Windows\system32\svchost.exe[1780] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 0027000C .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00260FB6 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00260058 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 0026000A .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00260FC7 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00260F91 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 0026002C .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 0026001B .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00260047 .text C:\Windows\system32\svchost.exe[1780] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00240000 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 000A0F37 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 000A0F52 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 000A0EFA .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 000A0F0B .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 000A0047 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 000A0025 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 000A0F6D .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 000A0F94 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 000A0062 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 000A0036 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 000A0FB9 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 000A007D .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 000A00AC .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 000A000A .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 000A0FEF .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 000A0FD4 .text C:\Windows\system32\svchost.exe[1996] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 000A0F26 .text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 000D0FAB .text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!system 77238B63 5 Bytes JMP 000D0036 .text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 000D001B .text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 000D0000 .text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 000D0FC6 .text C:\Windows\system32\svchost.exe[1996] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 000D0FD7 .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 000C0FAC .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 000C003D .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 000C000A .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 000C004E .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 000C0069 .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 000C0FE5 .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 000C001B .text C:\Windows\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 000C002C .text C:\Windows\system32\svchost.exe[1996] WS2_32.dll!socket 761E36D1 5 Bytes JMP 000B000A .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2232] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2232] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 0011008C .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00110F46 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 001100C2 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 001100A7 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00110F79 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 0011001B .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00110F8A .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00110FA5 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00110F68 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00110047 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00110036 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00110F57 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 00110F10 .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 0011000A .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00110FEF .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00110FCA .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00110F2B .text C:\Windows\system32\svchost.exe[2692] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 003E0FB7 .text C:\Windows\system32\svchost.exe[2692] msvcrt.dll!system 77238B63 5 Bytes JMP 003E0042 .text C:\Windows\system32\svchost.exe[2692] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 003E0016 .text C:\Windows\system32\svchost.exe[2692] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 003E0FEF .text C:\Windows\system32\svchost.exe[2692] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 003E0027 .text C:\Windows\system32\svchost.exe[2692] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 003E0FD2 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 003D0F83 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 003D0FA8 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 003D0000 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 003D0025 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 003D0F5E .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 003D0FCA .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 003D0FE5 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 003D0FB9 .text C:\Windows\system32\svchost.exe[2692] WS2_32.dll!socket 761E36D1 5 Bytes JMP 002D0FE5 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 00430097 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00430F51 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 00430F22 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 004300B9 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00430F76 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00430FC7 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00430F91 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 0043004E .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 0043006B .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00430FA2 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 0043003D .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 0043007C .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 004300CA .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00430011 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00430000 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 00430022 .text C:\Windows\system32\svchost.exe[2720] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 004300A8 .text C:\Windows\system32\svchost.exe[2720] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00460FB0 .text C:\Windows\system32\svchost.exe[2720] msvcrt.dll!system 77238B63 5 Bytes JMP 00460031 .text C:\Windows\system32\svchost.exe[2720] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00460016 .text C:\Windows\system32\svchost.exe[2720] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00460FE3 .text C:\Windows\system32\svchost.exe[2720] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00460FC1 .text C:\Windows\system32\svchost.exe[2720] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00460FD2 .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00450F80 .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 00450FA5 .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00450FEF .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 0045002C .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00450047 .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 00450000 .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00450FCA .text C:\Windows\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00450011 .text C:\Windows\system32\svchost.exe[2720] WS2_32.dll!socket 761E36D1 5 Bytes JMP 00440FE5 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!GetStartupInfoW 75D21929 5 Bytes JMP 0005009B .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!GetStartupInfoA 75D219C9 5 Bytes JMP 00050F55 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreateProcessW 75D21C01 5 Bytes JMP 000500C0 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreateProcessA 75D21C36 5 Bytes JMP 00050F1F .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!VirtualProtect 75D21DD1 5 Bytes JMP 00050F70 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreateNamedPipeW 75D25C44 5 Bytes JMP 00050FD4 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!LoadLibraryExW 75D430C3 5 Bytes JMP 00050F81 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!LoadLibraryW 75D4361F 5 Bytes JMP 00050FAF .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!VirtualProtectEx 75D48D7E 5 Bytes JMP 00050065 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!LoadLibraryExA 75D49469 5 Bytes JMP 00050F9E .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!LoadLibraryA 75D49491 5 Bytes JMP 00050040 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreatePipe 75D50284 5 Bytes JMP 00050076 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!GetProcAddress 75D6B8B6 5 Bytes JMP 000500D1 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreateFileW 75D6CC4E 5 Bytes JMP 00050000 .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreateFileA 75D6CF71 5 Bytes JMP 00050FEF .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!CreateNamedPipeA 75DB430E 5 Bytes JMP 0005001B .text C:\Windows\System32\svchost.exe[2864] kernel32.dll!WinExec 75DB54FF 5 Bytes JMP 00050F3A .text C:\Windows\System32\svchost.exe[2864] msvcrt.dll!_wsystem 77238A47 5 Bytes JMP 00070031 .text C:\Windows\System32\svchost.exe[2864] msvcrt.dll!system 77238B63 5 Bytes JMP 00070F9C .text C:\Windows\System32\svchost.exe[2864] msvcrt.dll!_creat 7723C6F1 5 Bytes JMP 00070FC8 .text C:\Windows\System32\svchost.exe[2864] msvcrt.dll!_open 7723DA7E 5 Bytes JMP 00070000 .text C:\Windows\System32\svchost.exe[2864] msvcrt.dll!_wcreat 7723DC9E 5 Bytes JMP 00070FB7 .text C:\Windows\System32\svchost.exe[2864] msvcrt.dll!_wopen 7723DE79 5 Bytes JMP 00070FE3 .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegCreateKeyExA 762CB5E7 5 Bytes JMP 00060047 .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegCreateKeyA 762CB8AE 5 Bytes JMP 0006001B .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegOpenKeyA 762D0BF5 5 Bytes JMP 00060FEF .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegCreateKeyW 762DB83D 5 Bytes JMP 00060036 .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegCreateKeyExW 762DBCE1 5 Bytes JMP 00060F8A .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegOpenKeyExA 762DD4E8 5 Bytes JMP 0006000A .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegOpenKeyW 762E3CB0 5 Bytes JMP 00060FD4 .text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!RegOpenKeyExW 762EF09D 5 Bytes JMP 00060FAF ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F888B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FC98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F8B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F7FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F87A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F7EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FBB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F8BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F8074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F806B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F771B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7400D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FA7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F7E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F7697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F769A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F82465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\Program [3092] 0x00400000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@001ca455923f 0xC2 0x22 0x15 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@001d2874f2a0 0x12 0xFE 0xA3 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@001de9ea8cf4 0x6A 0x50 0x9D 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@0017e5d7ed9c 0x5E 0x61 0x90 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@0017e5da3884 0x9D 0x99 0xAC 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@001c9a23e9d1 0x10 0xA3 0x31 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@001f01b3085b 0xD8 0xE0 0x5C 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@0021ab2ff292 0x19 0xDA 0xE8 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@25afc0826601 0xE5 0xF0 0xBD 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@001e3a72f92b 0xBE 0xB7 0x9E 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4e5da@00271331500c 0xF9 0x38 0x37 0xF0 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@001ca455923f 0xC2 0x22 0x15 0x2D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@001d2874f2a0 0x12 0xFE 0xA3 0x3F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@001de9ea8cf4 0x6A 0x50 0x9D 0xB5 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@0017e5d7ed9c 0x5E 0x61 0x90 0xDC ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@0017e5da3884 0x9D 0x99 0xAC 0x70 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@001c9a23e9d1 0x10 0xA3 0x31 0x7D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@001f01b3085b 0xD8 0xE0 0x5C 0xC1 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@0021ab2ff292 0x19 0xDA 0xE8 0x17 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@25afc0826601 0xE5 0xF0 0xBD 0x6F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@001e3a72f92b 0xBE 0xB7 0x9E 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de4e5da@00271331500c 0xF9 0x38 0x37 0xF0 ... ---- EOF - GMER 1.0.15 ----