Thread: Popup help
View Single Post
Old 12-05-2008, 01:49 AM   #25 (permalink)
AWildrick
Registered User
 
Join Date: Dec 2008
Posts: 20
OS: WinXP


Re: Popup help
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-05 02:48:24
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA8B1A9CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA8B1A978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA8B1A98C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA8B1AA0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA8B1A950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA8B1A964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA8B1A9DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA8B1A9B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA8B1A9A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA8B1AA39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA8B1AA20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA8B1A9F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A8B1A9F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A8B1A9CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A8B1AA0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A8B1AA24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A8B1A9E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A8B1A954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A8B1A968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A8B1A9A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A8B1A990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A8B1A97C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A8B1A9BA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A8B1AA3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01650FEF
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01650F77
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01650076
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01650FA8
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0165005B
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0165002F
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01650F52
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016500A4
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01650F37
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016500C6
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 016500EB
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01650040
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01650014
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01650087
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01650FC3
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01650FD4
.text C:\WINDOWS\Explorer.EXE[384] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 016500B5
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0156001B
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01560047
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01560FD4
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01560FE5
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01560F94
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0156000A
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01560FA5
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 76, 89 ]
.text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0156002C
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01540FDE
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01540FEF
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 01540020
.text C:\WINDOWS\Explorer.EXE[384] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 01540FCD
.text C:\WINDOWS\Explorer.EXE[384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01530FEF
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F20093
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F20F9E
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20FB9
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F2006C
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F20047
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F200B8
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F20F7C
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F20F30
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F20F4B
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F20F1F
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F2001B
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F20F8D
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F2002C
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F20FDB
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F200D3
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F1003D
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F10FA5
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F1002C
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F10011
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F10062
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F10FC0
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 11, 89 ]
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F10FDB
.text C:\WINDOWS\system32\svchost.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070082
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700E1
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700D0
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F77
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F88
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F5C
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070106
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 000600A2
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006007D
.text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01210073
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01210062
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01210051
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01210F94
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0121002C
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012100B5
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01210F6D
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01210F23
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01210F48
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 012100D7
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01210FA5
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01210FCA
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01210098
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0121001B
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01210000
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 012100C6
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0120001B
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01200F83
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0120000A
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01200FD4
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01200040
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01200FEF
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01200F9E
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 40, 89 ]
.text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01200FB9
.text C:\WINDOWS\system32\lsass.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011E0FE5
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028D0FEF
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028D0F5C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028D0051
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028D0F77
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028D0040
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028D0FB9
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028D008E
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028D007D
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028D00B0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028D0F17
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 028D0F06
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 028D0F9E
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 028D0000
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 028D006C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 028D0025
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 028D0FD4
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 028D009F
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 028C0FB9
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 028C0040
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 028C0FCA
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 028C0000
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 028C002F
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 028C0FE5
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 028C0F97
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ AC, 8A ]
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 028C0FA8
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028A0FE5
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01190FEF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011900A4
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01190FAF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01190093
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0119006C
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01190040
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011900DC
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01190F8A
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01190119
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011900FE
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0119012A
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0119005B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01190FDE
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 011900B5
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01190025
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01190014
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 011900ED
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01180FB9
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01180051
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01180FD4
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01180FEF
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01180F94
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01180000
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01180036
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0118001B
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01160000
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F6F
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F8A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F9006E
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FCA
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90F4D
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90089
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900BA
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F17
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F90F06
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F90011
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F90F5E
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90036
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F90FDB
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F90F28
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F80F9E
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F8002C
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F80FAF
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F80FC0
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 18, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F80051
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05140FEF
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05140F5C
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05140F77
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0514005B
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0514004A
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0514001E
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05140076
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05140F3A
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05140EE7
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05140F02
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 05140ED6
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0514002F
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 05140FD4
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 05140F4B
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 05140FB2
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 05140FC3
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 05140F13
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 05130000
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 05130039
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 05130FAF
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 05130FCA
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 05130F72
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 05130FEF
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 05130F83
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 33, 8D ]
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 05130F94
.text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 050A0FE5
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 05110FEF
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 05110000
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 05110025
.text C:\WINDOWS\System32\svchost.exe[1552] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 05110040
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0F53
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F64
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F75
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0F86
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FA8
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F1D
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F2E
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0080
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0EE7
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DC0EC2
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DC0F97
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DC0FDE
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DC0059
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DC0FC3
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DC001E
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DC0F02
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DB0FB9
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DB0051
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DB0014
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DB0F94
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DB002F
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01630FEF
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01630F83
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01630078
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01630067
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01630F9E
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01630025
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01630089
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01630F4D
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016300C9
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016300AE
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 016300DA
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01630040
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0163000A
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01630F5E
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01630FC3
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01630FD4
.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01630F30
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0162002C
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01620080
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01620FDB
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01620011
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01620065
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01620000
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01620FB9
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 82, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01620FCA
.text C:\WINDOWS\system32\svchost.exe[1728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015F0000
.text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01600FE5
.text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01600000
.text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 0160001B
.text C:\WINDOWS\system32\svchost.exe[1728] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 01600FD4
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1984] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3092] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011D0FE5
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011D0F3F
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011D0F50
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011D0F6B
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011D0F7C
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011D0FA8
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011D0065
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011D0F13
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011D0EDD
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011D0EEE
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 011D0ECC
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 011D0F97
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011D0FD4
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 011D0F24
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 011D0014
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 011D0FC3
.text C:\WINDOWS\System32\svchost.exe[3956] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 011D0076
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF001E
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF004D
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF0FCD
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0F90
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FF0FA1
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 1F, 89 ]
.text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0FB2
.text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F63
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F74
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0058
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0047
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0084
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F48
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0095
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F06
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00A6
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0073
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\dllhost.exe[4568] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F17
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A0FC0
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A005B
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\dllhost.exe[4568] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\dllhost.exe[4568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0026007D
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600B5
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F2D
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600D0
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 002600E1
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 011D2482 c:\windows\system32\feyiweku.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00260098
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00260FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00260F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00360FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00360040
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00360FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0036002F
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0036001E
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00360F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00380FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00380FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00380025
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[5380] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 011D2AA1 c:\windows\system32\feyiweku.dll

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A63BCD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@CPMbb7c96ae Rundll32.exe "c:\windows\system32\gehayipe.dll",a
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C72D3FBA-64F2-9F1E-BAC2-DAC12F05686A}\InprocServer32@ C:\Program Files\Common Files\MSSoap\Binaries\WHSC30.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{C72D3FBA-64F2-9F1E-BAC2-DAC12F05686A}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C72D3FBA-64F2-9F1E-BAC2-DAC12F05686A}\ProgID@ MSSOAP.WinHttpConnector30
Reg HKLM\SOFTWARE\Classes\CLSID\{C72D3FBA-64F2-9F1E-BAC2-DAC12F05686A}\TypeLib@ {46BF17C2-9257-11D5-87EA-00B0D0BE6479}
Reg HKLM\SOFTWARE\Classes\CLSID\{CE8EC9FD-1451-F211-1F56-707BB8F1CB5A}\InProcServer32@ C:\Program Files\Yahoo!\Common\yiesrvc.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{CE8EC9FD-1451-F211-1F56-707BB8F1CB5A}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32@ c:\windows\system32\gehayipe.dll

---- EOF - GMER 1.0.14 ----
AWildrick is offline