GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-02 23:22:18 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: 6lstnvjq.exe; Driver: C:\Users\Olaf\AppData\Local\Temp\kgtdapob.sys ---- System - GMER 1.0.15 ---- SSDT AAF530C4 ZwCreateThread SSDT AAF530B0 ZwOpenProcess SSDT AAF530B5 ZwOpenThread SSDT AAF530BF ZwTerminateProcess SSDT AAF530BA ZwWriteVirtualMemory INT 0x72 ? 86A2DBF8 INT 0x72 ? 86A2DBF8 INT 0x72 ? 86A2DBF8 INT 0x72 ? 86A2DBF8 INT 0x72 ? 86A2DBF8 INT 0x82 ? 86A2DBF8 INT 0x92 ? 84F1ABF8 INT 0x92 ? 84F1ABF8 INT 0x92 ? 84F1ABF8 INT 0x92 ? 84F1ABF8 INT 0x92 ? 84F1ABF8 INT 0xA2 ? 86A2DBF8 Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x91C619CD] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x91C61967] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x91C6197B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x91C61A0B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x91C61A4E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x91C619E1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x91C61A76] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x91C61A62] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x91C619B9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x91C619A5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x91C61A21] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x91C619F7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x91C61991] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 822691A0 5 Bytes JMP 91C619FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) .text ntkrnlpa.exe!KeSetTimerEx + 454 822FAA78 4 Bytes [C4, 30, F5, AA] {LES ESI, DWORD [EAX]; CMC ; STOSB } .text ntkrnlpa.exe!KeSetTimerEx + 624 822FAC48 4 Bytes [B0, 30, F5, AA] {MOV AL, 0x30; CMC ; STOSB } .text ntkrnlpa.exe!KeSetTimerEx + 640 822FAC64 4 Bytes [B5, 30, F5, AA] {MOV CH, 0x30; CMC ; STOSB } .text ntkrnlpa.exe!KeSetTimerEx + 854 822FAE78 4 Bytes [BF, 30, F5, AA] .text ntkrnlpa.exe!KeSetTimerEx + 8B4 822FAED8 4 Bytes [BA, 30, F5, AA] PAGE ntkrnlpa.exe!ZwNotifyChangeKey 824031CD 5 Bytes JMP 91C61A52 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess 8240AE26 5 Bytes JMP 91C61995 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 82466AFE 7 Bytes JMP 91C61A0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82467155 5 Bytes JMP 91C61A25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 82469366 5 Bytes JMP 91C619D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 82476A24 5 Bytes JMP 91C619A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82478C7E 7 Bytes JMP 91C619E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 82497982 5 Bytes JMP 91C61A66 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 824989CE 5 Bytes JMP 91C61A7A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 824D672B 5 Bytes JMP 91C6196B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 824D6776 7 Bytes JMP 91C6197F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 824D7233 5 Bytes JMP 91C619BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? System32\Drivers\spia.sys System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\uoslupep.sys Urządzenie podłączone do komputera nie działa. ! PAGE ataport.SYS!DllUnload 82D59B2E 5 Bytes JMP 84F1A1D8 .text USBPORT.SYS!DllUnload 8EC3246F 5 Bytes JMP 86A2D1D8 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x8A5E941C] .clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x8A5EA000, 0x1000, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\services.exe[784] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 01540080 .text C:\Windows\system32\services.exe[784] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 01540F3A .text C:\Windows\system32\services.exe[784] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 015400BD .text C:\Windows\system32\services.exe[784] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 015400AC .text C:\Windows\system32\services.exe[784] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 01540F70 .text C:\Windows\system32\services.exe[784] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 0154001E .text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 0154004A .text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 01540F9E .text C:\Windows\system32\services.exe[784] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 01540065 .text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 01540F8D .text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 0154002F .text C:\Windows\system32\services.exe[784] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 01540F55 .text C:\Windows\system32\services.exe[784] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 015400CE .text C:\Windows\system32\services.exe[784] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 01540FDE .text C:\Windows\system32\services.exe[784] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 01540FEF .text C:\Windows\system32\services.exe[784] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 01540FCD .text C:\Windows\system32\services.exe[784] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 0154009B .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 014F0FBC .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 014F004A .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 014F0FEF .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 014F0FCD .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 014F0FA1 .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 014F0FDE .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 014F000A .text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 014F0039 .text C:\Windows\system32\services.exe[784] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 015A0FB4 .text C:\Windows\system32\services.exe[784] msvcrt.dll!system 76FC8B63 5 Bytes JMP 015A0FC5 .text C:\Windows\system32\services.exe[784] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 015A002E .text C:\Windows\system32\services.exe[784] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 015A000C .text C:\Windows\system32\services.exe[784] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 015A003F .text C:\Windows\system32\services.exe[784] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 015A001D .text C:\Windows\system32\services.exe[784] WS2_32.dll!socket 778B36D1 5 Bytes JMP 01600000 .text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenA 773B0A4D 5 Bytes JMP 015B0FEF .text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenUrlA 773B2713 5 Bytes JMP 015B0FCD .text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenW 773B30C8 5 Bytes JMP 015B0FDE .text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenUrlW 77408515 5 Bytes JMP 015B0014 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00250072 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00250F2C .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00250F07 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 002500A8 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00250F69 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00250FC3 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00250F86 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00250FA8 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00250F4E .text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00250F97 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00250025 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00250F3D .text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 002500B9 .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 0025000A .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00250FEF .text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00250FDE .text C:\Windows\system32\lsass.exe[800] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 0025008D .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00240F9E .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00240FAF .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00240000 .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00240040 .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00240F8D .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00240FE5 .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 0024001B .text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00240FCA .text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00260F95 .text C:\Windows\system32\lsass.exe[800] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00260FA6 .text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 0026000C .text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00260FE3 .text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00260FB7 .text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00260FD2 .text C:\Windows\system32\lsass.exe[800] WS2_32.dll!socket 778B36D1 5 Bytes JMP 008E0FEF .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00200F5B .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 002000A1 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00200F0A .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00200F2F .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00200064 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00200FD1 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00200F8A .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00200FB6 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00200075 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00200F9B .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 0020003D .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00200090 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 002000BC .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 0020001B .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00200000 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 0020002C .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00200F40 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00210F9C .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00210027 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 0021000C .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00210FE3 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00210FB7 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00210FD2 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 001F0073 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 001F0047 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 001F0000 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 001F0062 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 001F008E .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 001F0FE5 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 001F001B .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 001F0036 .text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 778B36D1 5 Bytes JMP 0022000A .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 002600AC .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 0026009B .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00260F4B .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 002600E2 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00260080 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 0026002F .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00260FB2 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 0026004A .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00260F95 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00260065 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00260FC3 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00260F70 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00260F3A .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00260FEF .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00260000 .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00260FDE .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 002600C7 .text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00270F97 .text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00270FB2 .text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00270018 .text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00270FEF .text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00270FCD .text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00270FDE .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 0025005E .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 760AB8AE 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00250FB2 .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00250FEF .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00250039 .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00250FA1 .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00250014 .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00250FD4 .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00250FC3 .text C:\Windows\system32\svchost.exe[1064] WS2_32.dll!socket 778B36D1 5 Bytes JMP 00280FE5 .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 010000A0 .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 0100008F .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 01000F13 .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 01000F2E .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 01000F7F .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 01000039 .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 01000F9A .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 01000FBC .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 0100007E .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 01000FAB .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 01000FCD .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 01000F64 .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 01000F02 .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 0100000A .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 01000FEF .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 01000FDE .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 01000F49 .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 01010053 .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!system 76FC8B63 5 Bytes JMP 01010038 .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 0101001D .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 01010FEF .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 01010FC8 .text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 0101000C .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 004D006C .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 004D0FE5 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 004D000A .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 004D0FD4 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 004D0FAF .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 004D0036 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 004D001B .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 004D0051 .text C:\Windows\System32\svchost.exe[1100] WS2_32.dll!socket 778B36D1 5 Bytes JMP 01260FEF .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 000D0F1F .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 000D0F3A .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 000D0EE9 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 000D0080 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 000D0F5C .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 000D0FB9 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 000D0040 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 000D0F94 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 000D0F4B .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 000D0F83 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 000D0025 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 000D005B .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 000D0ED8 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 000D0FD4 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 000D0FE5 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 000D0000 .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 000D0F04 .text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00980FAB .text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00980FBC .text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00980FCD .text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00980FEF .text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00980022 .text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00980FDE .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 000C0073 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 000C0047 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 000C0000 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 000C0062 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 000C0FC0 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 000C001B .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 000C0FDB .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 000C002C .text C:\Windows\System32\svchost.exe[1200] WS2_32.dll!socket 778B36D1 5 Bytes JMP 00990FEF .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 018E0090 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 018E0F54 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 018E0F0A .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 018E0F25 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 018E0064 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 018E0FB9 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 018E0053 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 018E002C .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 018E0F79 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 018E0F8A .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 018E001B .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 018E007F .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 018E0EF9 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 018E0000 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 018E0FE5 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 018E0FD4 .text C:\Windows\System32\svchost.exe[1236] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 018E00A1 .text C:\Windows\System32\svchost.exe[1236] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 018F004C .text C:\Windows\System32\svchost.exe[1236] msvcrt.dll!system 76FC8B63 5 Bytes JMP 018F0027 .text C:\Windows\System32\svchost.exe[1236] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 018F000C .text C:\Windows\System32\svchost.exe[1236] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 018F0FEF .text C:\Windows\System32\svchost.exe[1236] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 018F0FB7 .text C:\Windows\System32\svchost.exe[1236] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 018F0FD2 .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 01820F68 .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 01820FA8 .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 01820FEF .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 01820F8D .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 01820F57 .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 01820014 .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 01820FDE .text C:\Windows\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 01820FC3 .text C:\Windows\System32\svchost.exe[1236] WS2_32.dll!socket 778B36D1 5 Bytes JMP 01900000 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 76D01929 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 011A0F2D .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 011A0073 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 011A00A6 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 011A0095 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 011A0F7E .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 011A001B .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 011A0058 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 011A002C .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 011A0F63 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 011A003D .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 011A0FA5 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 011A0F48 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 011A00C1 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 011A0FDB .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 011A0000 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 011A0FCA .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 011A0084 .text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 011B0056 .text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!system 76FC8B63 5 Bytes JMP 011B0FC1 .text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 011B0027 .text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 011B0000 .text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 011B0FD2 .text C:\Windows\system32\svchost.exe[1252] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 011B0FE3 .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 0109006C .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 01090051 .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 01090000 .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 01090FCA .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 01090087 .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 01090025 .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 01090FE5 .text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 01090036 .text C:\Windows\system32\svchost.exe[1252] WS2_32.dll!socket 778B36D1 5 Bytes JMP 01240FEF .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00A20F04 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00A20F15 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00A20ED8 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00A20EE9 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00A20040 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00A20FC3 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00A2002F .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00A20F97 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00A20F4B .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00A20F72 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00A20FA8 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00A20F26 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00A20EC7 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00A20FE5 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00A2000A .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00A20FD4 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00A20065 .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00DC0040 .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00DC0FAB .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00DC0011 .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00DC0FEF .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00DC0FBC .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00DC0000 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 003A004E .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 003A0033 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 003A0000 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 003A0FAC .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 003A0F91 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 003A0022 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 003A0011 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 003A0FD1 .text C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket 778B36D1 5 Bytes JMP 00DE0FEF .text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenA 773B0A4D 5 Bytes JMP 00DD0000 .text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenUrlA 773B2713 5 Bytes JMP 00DD0FCA .text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenW 773B30C8 5 Bytes JMP 00DD0FE5 .text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenUrlW 77408515 5 Bytes JMP 00DD001B .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 008E0F68 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 008E00B8 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 008E0F3C .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 008E0F57 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 008E0071 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 008E0FDE .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 008E0F8D .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 008E0FA8 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 008E008C .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 008E004A .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 008E0FB9 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 008E00A7 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 008E00EE .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 008E0025 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 008E000A .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 008E0FEF .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 008E00D3 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 008F0FAF .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!system 76FC8B63 5 Bytes JMP 008F0FC0 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 008F0FE5 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 008F000C .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 008F003A .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 008F001D .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 008D0F83 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 008D0FAF .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 008D0000 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 008D0F94 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 008D0F72 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 008D0FCA .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 008D0FE5 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 008D001B .text C:\Windows\system32\svchost.exe[1636] WS2_32.dll!socket 778B36D1 5 Bytes JMP 00900000 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 01880087 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 01880F37 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 018800A2 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 01880F0B .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 0188006C .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 01880FD4 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 01880F88 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 01880040 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 01880F6D .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 01880051 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 01880FC3 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 01880F52 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 01880EFA .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 01880FEF .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 01880000 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 01880025 .text C:\Windows\system32\svchost.exe[1916] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 01880F26 .text C:\Windows\system32\svchost.exe[1916] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 01890051 .text C:\Windows\system32\svchost.exe[1916] msvcrt.dll!system 76FC8B63 5 Bytes JMP 01890FC6 .text C:\Windows\system32\svchost.exe[1916] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 0189002C .text C:\Windows\system32\svchost.exe[1916] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 01890000 .text C:\Windows\system32\svchost.exe[1916] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 01890FD7 .text C:\Windows\system32\svchost.exe[1916] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 01890011 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 0187002F .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyA 760AB8AE 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 01870FB2 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 01870000 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 01870F97 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 01870054 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 01870FD4 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 01870FE5 .text C:\Windows\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 01870FC3 .text C:\Windows\system32\svchost.exe[1916] WS2_32.dll!socket 778B36D1 5 Bytes JMP 018A0FEF .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00CE00B3 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00CE0F6D .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00CE0F52 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00CE00E9 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00CE007D .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00CE0040 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00CE0FA3 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00CE0062 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00CE0F88 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00CE0FC0 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00CE0051 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00CE00A2 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00CE0104 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00CE000A .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00CE0FEF .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00CE0025 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00CE00CE .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00CF0036 .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00CF0FAB .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00CF0011 .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00CF0FEF .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00CF0FBC .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00CF0000 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00CC0FB9 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00CC0051 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00CC0000 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00CC0FCA .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00CC006C .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00CC001B .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00CC0FEF .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00CC0036 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2152] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2152] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\Explorer.EXE[2712] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 03AE0F6D .text C:\Windows\Explorer.EXE[2712] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 03AE00B3 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 03AE0F41 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 03AE00CE .text C:\Windows\Explorer.EXE[2712] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 03AE0073 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 03AE001B .text C:\Windows\Explorer.EXE[2712] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 03AE0FA5 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 03AE0051 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 03AE0F7E .text C:\Windows\Explorer.EXE[2712] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 03AE0062 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 03AE002C .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 03AE0098 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 03AE00E9 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 03AE0000 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 03AE0FE5 .text C:\Windows\Explorer.EXE[2712] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 03AE0FCA .text C:\Windows\Explorer.EXE[2712] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 03AE0F52 .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 03A00FAF .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 03A00FCA .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 03A00000 .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 03A00051 .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 03A00F94 .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 03A00FE5 .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 03A0001B .text C:\Windows\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 03A0002C .text C:\Windows\Explorer.EXE[2712] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 03C70FA3 .text C:\Windows\Explorer.EXE[2712] msvcrt.dll!system 76FC8B63 5 Bytes JMP 03C70FB4 .text C:\Windows\Explorer.EXE[2712] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 03C7001D .text C:\Windows\Explorer.EXE[2712] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 03C70FEF .text C:\Windows\Explorer.EXE[2712] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 03C7002E .text C:\Windows\Explorer.EXE[2712] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 03C7000C .text C:\Windows\Explorer.EXE[2712] SHELL32.dll!InitNetworkAddressControl + 2939 7623006C 4 Bytes [00, 26, 6F, 01] .text C:\Windows\Explorer.EXE[2712] SHELL32.dll!ShellExecuteExW + 121F 762611DC 4 Bytes [10, 1B, 6F, 01] .text C:\Windows\Explorer.EXE[2712] WS2_32.dll!socket 778B36D1 5 Bytes JMP 03F6000A .text C:\Windows\Explorer.EXE[2712] WININET.dll!InternetOpenA 773B0A4D 5 Bytes JMP 03D70FEF .text C:\Windows\Explorer.EXE[2712] WININET.dll!InternetOpenUrlA 773B2713 5 Bytes JMP 03D70000 .text C:\Windows\Explorer.EXE[2712] WININET.dll!InternetOpenW 773B30C8 5 Bytes JMP 03D70FD4 .text C:\Windows\Explorer.EXE[2712] WININET.dll!InternetOpenUrlW 77408515 5 Bytes JMP 03D7001B .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 003100C2 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 003100B1 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 003100E7 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00310F50 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00310071 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00310FCA .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00310F97 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00310FA8 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 0031008C .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 0031004A .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00310FB9 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00310F7C .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00310F35 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 0031000A .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00310FEF .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00310025 .text C:\Windows\system32\svchost.exe[2744] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00310F61 .text C:\Windows\system32\svchost.exe[2744] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00320070 .text C:\Windows\system32\svchost.exe[2744] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00320055 .text C:\Windows\system32\svchost.exe[2744] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00320FE5 .text C:\Windows\system32\svchost.exe[2744] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 0032000C .text C:\Windows\system32\svchost.exe[2744] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00320044 .text C:\Windows\system32\svchost.exe[2744] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 0032001D .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00300F97 .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00300025 .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 0030000A .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00300FA8 .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00300054 .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00300FD4 .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00300FEF .text C:\Windows\system32\svchost.exe[2744] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00300FB9 .text C:\Windows\system32\svchost.exe[2744] WS2_32.dll!socket 778B36D1 5 Bytes JMP 00450FEF .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00DE00D8 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00DE0F88 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00DE00FD .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00DE0F66 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00DE0FAA .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00DE002C .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00DE0084 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00DE0058 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00DE0F99 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00DE0069 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00DE0047 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00DE00B3 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00DE0122 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00DE0FDB .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00DE0000 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00DE0011 .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00DE0F77 .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wsystem 76FC8A47 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00DF004B .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00DF003A .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00DF0FD4 .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00DF0000 .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00DF0029 .text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00DF0FEF .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00D70F97 .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyA 760AB8AE 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00D70FB2 .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00D70FEF .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00D70043 .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00D70F86 .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00D70FC3 .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00D70FD4 .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00D7001E .text C:\Windows\system32\svchost.exe[2980] WS2_32.dll!socket 778B36D1 5 Bytes JMP 01080000 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00100F1E .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00100F39 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00100EFC .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00100093 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00100F79 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00100022 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00100F8A .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00100FA5 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00100064 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00100047 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00100FC0 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00100F4A .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00100EEB .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00100011 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00100000 .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00100FDB .text C:\Windows\System32\svchost.exe[3044] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00100F0D .text C:\Windows\System32\svchost.exe[3044] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00110042 .text C:\Windows\System32\svchost.exe[3044] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00110FB7 .text C:\Windows\System32\svchost.exe[3044] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00110016 .text C:\Windows\System32\svchost.exe[3044] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00110FEF .text C:\Windows\System32\svchost.exe[3044] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00110027 .text C:\Windows\System32\svchost.exe[3044] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00110FDE .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 000F0FC0 .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 000F0058 .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 000F0000 .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 000F0FDB .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 000F0FAF .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 000F0022 .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 000F0011 .text C:\Windows\System32\svchost.exe[3044] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 000F0047 .text C:\Windows\System32\svchost.exe[3044] WS2_32.dll!socket 778B36D1 5 Bytes JMP 00250000 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00010F41 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00010F52 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00010EFA .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00010F15 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 0001006C .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00010025 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00010051 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00010FA8 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 0001007D .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00010040 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00010FB9 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00010F6D .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 000100AC .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00010FEF .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00010000 .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00010FDE .text C:\Windows\System32\svchost.exe[3652] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00010F26 .text C:\Windows\System32\svchost.exe[3652] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00050F75 .text C:\Windows\System32\svchost.exe[3652] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00050F90 .text C:\Windows\System32\svchost.exe[3652] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00050FBC .text C:\Windows\System32\svchost.exe[3652] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00050FEF .text C:\Windows\System32\svchost.exe[3652] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00050FAB .text C:\Windows\System32\svchost.exe[3652] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00050000 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00060FC0 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00060051 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00060FE5 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00060062 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00060073 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 0006001B .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00060000 .text C:\Windows\System32\svchost.exe[3652] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00060036 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 000100D7 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 000100BC .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 000100F2 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00010F5B .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00010090 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00010036 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00010FB6 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00010058 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00010FA5 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00010073 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00010047 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 000100AB .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00010117 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00010FE5 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00010000 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00010025 .text C:\Windows\system32\svchost.exe[4368] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00010F76 .text C:\Windows\system32\svchost.exe[4368] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 0009005D .text C:\Windows\system32\svchost.exe[4368] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00090FC8 .text C:\Windows\system32\svchost.exe[4368] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 0009001D .text C:\Windows\system32\svchost.exe[4368] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00090000 .text C:\Windows\system32\svchost.exe[4368] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00090038 .text C:\Windows\system32\svchost.exe[4368] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00090FE3 .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 000A0047 .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 000A0FAF .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 000A0FEF .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 000A002C .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 000A0F8A .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 000A0011 .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 000A0000 .text C:\Windows\system32\svchost.exe[4368] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 000A0FC0 .text C:\Windows\system32\svchost.exe[4368] WS2_32.dll!socket 778B36D1 5 Bytes JMP 000B0000 ? C:\Windows\System32\svchost.exe[4380] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00010081 .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00010F3B .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00010F19 .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 000100B0 .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00010F78 .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00010FCD .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00010F89 .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00010FAB .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00010F67 .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00010F9A .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00010FBC .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00010F4C .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 00010EFE .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00010FDE .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00010FEF .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 0001001E .text C:\Windows\System32\svchost.exe[4380] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 00010F2A .text C:\Windows\System32\svchost.exe[4380] WININET.dll!InternetOpenA 773B0A4D 5 Bytes JMP 00050FEF .text C:\Windows\System32\svchost.exe[4380] WININET.dll!InternetOpenUrlA 773B2713 5 Bytes JMP 00050FB9 .text C:\Windows\System32\svchost.exe[4380] WININET.dll!InternetOpenW 773B30C8 5 Bytes JMP 00050FCA .text C:\Windows\System32\svchost.exe[4380] WININET.dll!InternetOpenUrlW 77408515 5 Bytes JMP 00050FA8 .text C:\Windows\System32\svchost.exe[4380] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00060F97 .text C:\Windows\System32\svchost.exe[4380] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00060022 .text C:\Windows\System32\svchost.exe[4380] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00060FCD .text C:\Windows\System32\svchost.exe[4380] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00060FEF .text C:\Windows\System32\svchost.exe[4380] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00060FB2 .text C:\Windows\System32\svchost.exe[4380] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00060FDE .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00070036 .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00070F9E .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00070FEF .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00070025 .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00070047 .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00070FC3 .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00070FDE .text C:\Windows\System32\svchost.exe[4380] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 0007000A .text C:\Windows\System32\svchost.exe[4380] ws2_32.dll!socket 778B36D1 5 Bytes JMP 00290000 .text C:\Windows\Explorer.exe[4836] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00010F51 .text C:\Windows\Explorer.exe[4836] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00010F62 .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00010F18 .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 000100B9 .text C:\Windows\Explorer.exe[4836] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00010F95 .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 0001005B .text C:\Windows\Explorer.exe[4836] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00010FA6 .text C:\Windows\Explorer.exe[4836] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00010FDE .text C:\Windows\Explorer.exe[4836] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00010F84 .text C:\Windows\Explorer.exe[4836] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00010FC3 .text C:\Windows\Explorer.exe[4836] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00010FEF .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00010F73 .text C:\Windows\Explorer.exe[4836] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 000100CA .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00010025 .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00010000 .text C:\Windows\Explorer.exe[4836] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00010036 .text C:\Windows\Explorer.exe[4836] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 000100A8 .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00090051 .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00090FB9 .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00090FEF .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00090040 .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00090076 .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00090014 .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00090FDE .text C:\Windows\Explorer.exe[4836] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00090025 .text C:\Windows\Explorer.exe[4836] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 000A0FA1 .text C:\Windows\Explorer.exe[4836] msvcrt.dll!system 76FC8B63 5 Bytes JMP 000A0FB2 .text C:\Windows\Explorer.exe[4836] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 000A0022 .text C:\Windows\Explorer.exe[4836] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 000A0000 .text C:\Windows\Explorer.exe[4836] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 000A0FC3 .text C:\Windows\Explorer.exe[4836] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 000A0011 .text C:\Windows\Explorer.exe[4836] SHELL32.dll!InitNetworkAddressControl + 2939 7623006C 4 Bytes [00, 26, 34, 03] {ADD [ESI], AH; XOR AL, 0x3} .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetOpenA 773B0A4D 5 Bytes JMP 017B0FEF .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetOpenUrlA 773B2713 5 Bytes JMP 017B001B .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetOpenW 773B30C8 5 Bytes JMP 017B000A .text C:\Windows\Explorer.exe[4836] WININET.dll!HttpOpenRequestA 773B54E6 5 Bytes JMP 038029E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetConnectA 773B5F2E 5 Bytes JMP 03802AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetCloseHandle 773BAE0B 5 Bytes JMP 03802720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetReadFile 773BEE5F 5 Bytes JMP 03802840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Windows\Explorer.exe[4836] WININET.dll!InternetOpenUrlW 77408515 5 Bytes JMP 017B0036 .text C:\Windows\Explorer.exe[4836] WS2_32.dll!socket 778B36D1 5 Bytes JMP 02B10000 .text C:\Windows\Explorer.exe[4936] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 00010071 .text C:\Windows\Explorer.exe[4936] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 00010F2B .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00010EF5 .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 00010F06 .text C:\Windows\Explorer.exe[4936] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00010F7C .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00010FCD .text C:\Windows\Explorer.exe[4936] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00010F97 .text C:\Windows\Explorer.exe[4936] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 0001004A .text C:\Windows\Explorer.exe[4936] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 00010F61 .text C:\Windows\Explorer.exe[4936] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00010FA8 .text C:\Windows\Explorer.exe[4936] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 00010039 .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00010F50 .text C:\Windows\Explorer.exe[4936] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 000100A7 .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00010FEF .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 0001000A .text C:\Windows\Explorer.exe[4936] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00010FDE .text C:\Windows\Explorer.exe[4936] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 0001008C .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 00060051 .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00060FC0 .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00060FEF .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00060FAF .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00060062 .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00060011 .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00060000 .text C:\Windows\Explorer.exe[4936] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00060022 .text C:\Windows\Explorer.exe[4936] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00070049 .text C:\Windows\Explorer.exe[4936] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00070038 .text C:\Windows\Explorer.exe[4936] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00070FD2 .text C:\Windows\Explorer.exe[4936] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00070000 .text C:\Windows\Explorer.exe[4936] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 00070027 .text C:\Windows\Explorer.exe[4936] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00070FE3 .text C:\Windows\Explorer.exe[4936] SHELL32.dll!InitNetworkAddressControl + 2939 7623006C 4 Bytes [00, 26, 24, 03] {ADD [ESI], AH; AND AL, 0x3} .text C:\Windows\Explorer.exe[4936] SHELL32.dll!ShellExecuteExW + 121F 762611DC 4 Bytes [10, 1B, 24, 03] {ADC [EBX], BL; AND AL, 0x3} .text C:\Windows\Explorer.exe[4936] WININET.dll!InternetOpenA 773B0A4D 5 Bytes JMP 017B0000 .text C:\Windows\Explorer.exe[4936] WININET.dll!InternetOpenUrlA 773B2713 5 Bytes JMP 017B0FDB .text C:\Windows\Explorer.exe[4936] WININET.dll!InternetOpenW 773B30C8 5 Bytes JMP 017B0011 .text C:\Windows\Explorer.exe[4936] WININET.dll!InternetOpenUrlW 77408515 5 Bytes JMP 017B0022 .text C:\Windows\Explorer.exe[4936] WS2_32.dll!socket 778B36D1 5 Bytes JMP 02B20FEF .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!GetStartupInfoW 76D01929 5 Bytes JMP 000100A9 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!GetStartupInfoA 76D019C9 5 Bytes JMP 0001008E .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreateProcessW 76D01C01 5 Bytes JMP 00010F3E .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreateProcessA 76D01C36 5 Bytes JMP 000100D5 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!VirtualProtect 76D01DD1 5 Bytes JMP 00010062 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreateNamedPipeW 76D05C44 5 Bytes JMP 00010FC3 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!LoadLibraryExW 76D230C3 5 Bytes JMP 00010F94 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!LoadLibraryW 76D2361F 5 Bytes JMP 00010040 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!VirtualProtectEx 76D28D7E 5 Bytes JMP 0001007D .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!LoadLibraryExA 76D29469 5 Bytes JMP 00010051 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!LoadLibraryA 76D29491 5 Bytes JMP 0001002F .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreatePipe 76D30284 5 Bytes JMP 00010F63 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!GetProcAddress 76D4B8B6 5 Bytes JMP 000100FA .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreateFileW 76D4CC4E 5 Bytes JMP 00010FE5 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreateFileA 76D4CF71 5 Bytes JMP 00010000 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!CreateNamedPipeA 76D9430E 5 Bytes JMP 00010FD4 .text C:\Windows\system32\svchost.exe[5244] kernel32.dll!WinExec 76D954FF 5 Bytes JMP 000100C4 .text C:\Windows\system32\svchost.exe[5244] msvcrt.dll!_wsystem 76FC8A47 5 Bytes JMP 00050036 .text C:\Windows\system32\svchost.exe[5244] msvcrt.dll!system 76FC8B63 5 Bytes JMP 00050FAB .text C:\Windows\system32\svchost.exe[5244] msvcrt.dll!_creat 76FCC6F1 5 Bytes JMP 00050000 .text C:\Windows\system32\svchost.exe[5244] msvcrt.dll!_open 76FCDA7E 5 Bytes JMP 00050FE3 .text C:\Windows\system32\svchost.exe[5244] msvcrt.dll!_wcreat 76FCDC9E 5 Bytes JMP 0005001B .text C:\Windows\system32\svchost.exe[5244] msvcrt.dll!_wopen 76FCDE79 5 Bytes JMP 00050FD2 .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegCreateKeyExA 760AB5E7 5 Bytes JMP 0006004E .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegCreateKeyA 760AB8AE 5 Bytes JMP 00060033 .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegOpenKeyA 760B0BF5 5 Bytes JMP 00060FEF .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegCreateKeyW 760BB83D 5 Bytes JMP 00060FAC .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegCreateKeyExW 760BBCE1 5 Bytes JMP 00060F91 .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegOpenKeyExA 760BD4E8 5 Bytes JMP 00060011 .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegOpenKeyW 760C3CB0 5 Bytes JMP 00060000 .text C:\Windows\system32\svchost.exe[5244] ADVAPI32.dll!RegOpenKeyExW 760CF09D 5 Bytes JMP 00060022 .text C:\Windows\system32\svchost.exe[5244] WS2_32.dll!socket 778B36D1 5 Bytes JMP 002F0000 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D2] \SystemRoot\System32\Drivers\spia.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E040] \SystemRoot\System32\Drivers\spia.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E7FC] \SystemRoot\System32\Drivers\spia.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0BE] \SystemRoot\System32\Drivers\spia.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13C] \SystemRoot\System32\Drivers\spia.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069E048] \SystemRoot\System32\Drivers\spia.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745F88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745FB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745EFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745F7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745EEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7462B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745FBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745F074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745F06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745E71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7467D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74617379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745EE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745E697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745E69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745F2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [016F27E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [016F1D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [016F2B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [016F11D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 0D88EFE9 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] E9C30000 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 000D3625 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] F0D2C818 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] FF46B60F IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] F9D484F5 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 9268D800 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 9C4804AB IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 03FDE89C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 8D400000 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 0F442464 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 0D4B278C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] D0F7F900 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 07C0C19C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 84E13966 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 3C8966FB IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] FFC33124 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 11682434 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 66C1DF11 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 83D3A30F IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 896604ED IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 4589241C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] DEE92C24 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F6000D45 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 0FE2BA0F IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] F504CEC0 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 66C0D0F9 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 0F9CCAFF IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] C0FEC696 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] E2C1665A IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 663C2403 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] B5C0D281 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] 9C00558B IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] C583F8F9 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 2434FF04 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] FF381489 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] 8D602434 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] E92C2464 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 16332E68 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 604C689C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] E9540C24 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] 000D3A7E IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] 44247489 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] D6F7D6F7 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] 7C895E9C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] F7664024 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] B60F66D6 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 44C766F0 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] 1AF60424 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] 244C899C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 0F669C40 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 4C89F2B6 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] F4E94024 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 89000D34 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] 3C880045 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 24648D24 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 4547E934 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] AB820FD4 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 66000D45 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 66D5A30F IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] F876CB05 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 3166F5F9 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 85669CC3 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] ED8360C6 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 41A4E802 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9C9C9C3C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 44245C89 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 028AE99C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 00000000 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8EE90000 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 89000D6C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 000D325B IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 0D402AE9 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 06C58300 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 3A5DB868 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 2474FFB0 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 9C108808 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] F42404C6 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 24648D60 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 49C5E934 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 53BA000D IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 8D2DC16B IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 970F4E68 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C8FE60C2 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] BB0F669C IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] BE0F66EA IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] C0D05AD1 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] D3BE0F66 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 42242488 IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 94E9C0FE IAT C:\Windows\System32\svchost.exe[4380] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] C6000D39 IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [745F88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [746398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [745FB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [745EFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [745F7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [745EEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7462B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [745FBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [745F074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [745F06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [745E71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7467D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74617379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [745EE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [745E697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [745E69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [745F2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [033427E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [03341D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03342B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4836] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [033411D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [745F88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [746398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [745FB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [745EFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [745F7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [745EEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7462B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [745FBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [745F074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [745F06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [745E71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7467D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74617379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [745EE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [745E697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [745E69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [745F2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [032427E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [03241D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03242B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.exe[4936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [032411D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86A19370 Device \FileSystem\Ntfs \Ntfs 858B21F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\fastfat \FatCdrom 8761A1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 84F1C1F8 Device \Driver\usbuhci \Device\USBPDO-0 86B4C1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{EBBF1F27-43E9-4D45-BD0E-9D2AC39CB02C} 8757C500 Device \Driver\usbuhci \Device\USBPDO-1 86B4C1F8 Device \Driver\usbuhci \Device\USBPDO-2 86B4C1F8 Device \Driver\usbehci \Device\USBPDO-3 86A2A1F8 Device \Driver\usbuhci \Device\USBPDO-4 86B4C1F8 AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbuhci \Device\USBPDO-5 86B4C1F8 Device \Driver\usbuhci \Device\USBPDO-6 86B4C1F8 Device \Driver\volmgr \Device\HarddiskVolume1 84F1C1F8 Device \Driver\usbehci \Device\USBPDO-7 86A2A1F8 Device \Driver\volmgr \Device\HarddiskVolume2 84F1C1F8 Device \Driver\cdrom \Device\CdRom0 86B501F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 858B01F8 Device \Driver\atapi \Device\Ide\IdePort0 858B01F8 Device \Driver\atapi \Device\Ide\IdePort1 858B01F8 Device \Driver\atapi \Device\Ide\IdePort2 858B01F8 Device \Driver\atapi \Device\Ide\IdePort3 858B01F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 858B01F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 858B11F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 858B11F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 858B11F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 858B11F8 Device \Driver\volmgr \Device\HarddiskVolume3 84F1C1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 8757C500 Device \Driver\Smb \Device\NetbiosSmb 8758A1F8 Device \Driver\iScsiPrt \Device\RaidPort0 86C4C1F8 AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\netbt \Device\NetBT_Tcpip_{478D0893-E67D-4044-ABBF-F662E7943B56} 8757C500 AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbuhci \Device\USBFDO-0 86B4C1F8 Device \Driver\usbuhci \Device\USBFDO-1 86B4C1F8 Device \Driver\usbuhci \Device\USBFDO-2 86B4C1F8 Device \Driver\usbehci \Device\USBFDO-3 86A2A1F8 Device \Driver\usbuhci \Device\USBFDO-4 86B4C1F8 Device \Driver\usbuhci \Device\USBFDO-5 86B4C1F8 Device \Driver\usbuhci \Device\USBFDO-6 86B4C1F8 Device \Driver\usbehci \Device\USBFDO-7 86A2A1F8 Device \FileSystem\fastfat \Fat 8761A1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\cdfs \Cdfs 88294500 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] uoslupep <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\uoslupep@orqlkjis -582642459 Reg HKLM\SYSTEM\CurrentControlSet\Services\uoslupep@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\uoslupep@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\uoslupep@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\uoslupep@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\uoslupep@orqlkjis -582642459 Reg HKLM\SYSTEM\ControlSet002\Services\uoslupep@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\uoslupep@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\uoslupep@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\uoslupep@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\uoslupep@orqlkjis -582642459 Reg HKLM\SYSTEM\ControlSet003\Services\uoslupep@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\uoslupep@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\uoslupep@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\uoslupep@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ----