---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F68
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F79
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F94
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0051
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FAF
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F3C
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00B0
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F17
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00CB
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0040
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0078
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C009F
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0084
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0073
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0062
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410067
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00410FD2
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00410FE3
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0041000C
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410038
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0041001D
.text C:\WINDOWS\system32\svchost.exe[592] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F3A
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F55
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F0B
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0007009D
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA4
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB5
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD7
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC6
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0093
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0082
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F83
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00C9
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F57
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00FA
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetProcAddress
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F68
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F79
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F94
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0051
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FAF
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F3C
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F4D
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00B0
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F17
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00CB
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0040
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0000
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0078
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C001B
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C009F
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0084
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0073
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0062
.text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00410067
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00410FD2
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00410FE3
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0041000C
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00410038
.text C:\WINDOWS\system32\svchost.exe[592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0041001D
.text C:\WINDOWS\system32\svchost.exe[592] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F3A
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F55
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F0B
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0007009D
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA4
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB5
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD7
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC6
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0093
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0082
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED005B
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9E
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0FC3
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F83
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED00C9
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F57
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00FA
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetProcAddress