1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

bluescreens and unstable environment

Discussion in 'Virus & Other Malware Removal' started by AviadG, Dec 26, 2010.

Thread Status:
Not open for further replies.
  1. AviadG

    AviadG Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    3
    Hello , i'm experiancing some problems with my girlfriend computer .
    the computer is fujitsu siemes esprimo 6515
    i have installed win7 32bit ultimate instead of the win vista that came along wiht the computer .
    its been about 6 months since I did the installation.
    the problums are :
    bluescreen - from many types : IRQL_IS_MISSING
    CSRBth something and some others , I tried to check if there is any up to date drivers from fujitsu with no success .
    the browser (IE8) is hanging up and crushes every now and then (i can't install FF)...
    office application sometimes hang up as well .

    HiJackThis Log :

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:35:37 PM, on 12/26/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Wireless_Utility\Wireless Selector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
    O4 - HKLM\..\Run: [ConMgr] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [CSRBIP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
    O4 - HKLM\..\Run: [CSRFTP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless_Selector] C:\Program Files\Fujitsu\Wireless_Utility\Wireless Selector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: ??? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: ?&?? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Bluetooth Feature Support (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
    --
    End of file - 8043 bytes

    DDS :

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Inbal at 17:36:45.43 on Sun 12/26/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1534.736 [GMT 2:00]
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu\Wireless_Utility\Wireless Selector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\conhost.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.co.il/
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe
    mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [CSRBIP] c:\program files\csr\bluetooth feature pack 5.0\CSRBipPushResponder.exe
    mRun: [CSRFTP] c:\program files\csr\bluetooth feature pack 5.0\CSRBthFtpServer.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Wireless_Selector] c:\program files\fujitsu\wireless_utility\Wireless Selector.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &????? ?? Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    ============= SERVICES / DRIVERS ===============
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-6-30 343664]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-8-31 21256]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-8-31 146448]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-8-31 66896]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-6-30 70728]
    R3 FSCSLII;FSCSLII;c:\windows\system32\drivers\FSCSLII.sys [2009-5-18 16384]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-30 91672]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-30 43288]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\csr\bluetooth feature pack 5.0\VFPRadioSupportService.exe [2009-7-28 111488]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-30 65448]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-2 1343400]
    =============== Created Last 30 ================
    2010-12-26 15:31:20 388096 ----a-r- c:\users\inbal\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-26 15:31:18 -------- d-----w- c:\program files\Trend Micro
    2010-12-25 15:56:53 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-12-25 08:52:37 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2010-12-25 08:52:36 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2010-12-25 08:47:48 -------- d-----w- c:\windows\PCHEALTH
    2010-12-25 08:44:28 -------- d-----w- C:\IDE
    2010-12-25 08:44:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2010-12-24 08:58:21 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bdd90fd8-2b21-451b-aba3-d5b6e6af45d9}\mpengine.dll
    2010-12-15 19:37:08 516096 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-15 19:37:02 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-15 19:35:58 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-15 19:35:56 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-10 13:43:09 -------- d-sh--w- C:\found.001
    ==================== Find3M ====================
    9316-06-16 19:57:44 481280 ----a-w- c:\windows\system32\mscms.dll
    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 08:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
    ============= FINISH: 17:38:34.82 ===============


    GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-26 19:51:26
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C
    Running: kn3qvnkv.exe; Driver: C:\Users\Inbal\AppData\Local\Temp\pglcrpow.sys

    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x87B6E68A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x87B6E5E8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x87B6E5FC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x87B6E612]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x87B6E6C8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x87B6E64E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x87B6E69E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x87B6E662]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x87B6E63A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x87B6E626]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x87B6E6F7]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x87B6E6DE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x87B6E6B4]
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwYieldExecution 82C6B148 5 Bytes JMP 87B6E6B8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C83599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00370098
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 003700BD
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00370F28
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00370FB9
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00370F6F
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00370F94
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 0037006C
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 0037005B
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 0037000A
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 003700CE
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 0037002F
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00370040
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00370FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00370F5E
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00370FDE
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00370F39
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 0037007D
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00380000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00380055
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00380044
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00380029
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00380FD4
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00380FEF
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 003A0000
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 003A0FB6
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 003A0058
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 003A0047
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 003A0FE5
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 003A0F9B
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 1 Byte [E9]
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 003A0011
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 003A0022
    .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[320] WS2_32.dll!socket 77613F00 5 Bytes JMP 003B0000
    .text C:\Windows\system32\services.exe[516] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00140F0D
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00140ECD
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00140062
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 0014001B
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00140F28
    .text C:\Windows\system32\services.exe[516] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00140F5E
    .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00140F6F
    .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00140036
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00140FDB
    .text C:\Windows\system32\services.exe[516] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 0014007D
    .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00140FA5
    .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00140F94
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00140000
    .text C:\Windows\system32\services.exe[516] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00140047
    .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00140FCA
    .text C:\Windows\system32\services.exe[516] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00140EE8
    .text C:\Windows\system32\services.exe[516] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00140F39
    .text C:\Windows\system32\services.exe[516] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00150FEF
    .text C:\Windows\system32\services.exe[516] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00150058
    .text C:\Windows\system32\services.exe[516] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00150047
    .text C:\Windows\system32\services.exe[516] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00150018
    .text C:\Windows\system32\services.exe[516] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00150FCD
    .text C:\Windows\system32\services.exe[516] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00150FDE
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 003B0000
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 003B004E
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 003B005F
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 003B0FC7
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 003B001B
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 003B0FA2
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 003B002C
    .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 003B003D
    .text C:\Windows\system32\services.exe[516] WS2_32.dll!socket 77613F00 5 Bytes JMP 003C0000
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00050F6F
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 000500C7
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00050F32
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00050FC0
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00050098
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00050F94
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 0005006C
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00050047
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00050000
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00050F0D
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00050FA5
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 0005002C
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00050FE5
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00050F54
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00050011
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00050F43
    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00050087
    .text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00060FEF
    .text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00060F7F
    .text C:\Windows\system32\lsass.exe[552] msvcrt.dll!system 76CCB16F 5 Bytes JMP 0006000A
    .text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00060FAB
    .text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00060F90
    .text C:\Windows\system32\lsass.exe[552] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00060FC6
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00070000
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00070058
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 00070FB6
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 00070FC7
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 0007001B
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00070F9B
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 0007002C
    .text C:\Windows\system32\lsass.exe[552] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00070047
    .text C:\Windows\system32\lsass.exe[552] WS2_32.dll!socket 77613F00 5 Bytes JMP 00080FE5
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00260F3F
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00260EF8
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00260F13
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00260FCD
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 0026005E
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00260F61
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00260F72
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00260F8D
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00260FDE
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00260EE7
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00260FB2
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00260039
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00260FEF
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00260F2E
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00260014
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00260097
    .text C:\Windows\system32\svchost.exe[612] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00260F50
    .text C:\Windows\system32\svchost.exe[612] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00280FEF
    .text C:\Windows\system32\svchost.exe[612] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00280FB2
    .text C:\Windows\system32\svchost.exe[612] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00280FC3
    .text C:\Windows\system32\svchost.exe[612] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00280033
    .text C:\Windows\system32\svchost.exe[612] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00280FD4
    .text C:\Windows\system32\svchost.exe[612] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00280018
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00290FEF
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00290039
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 0029005B
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 0029004A
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00290FDE
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00290F9E
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 0029001E
    .text C:\Windows\system32\svchost.exe[612] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00290FCD
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 0001006F
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 0001009B
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 0001008A
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00010F94
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00010054
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00010028
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00010F50
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00010F61
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00010FCA
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 000100B6
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00010F83
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00010F72
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00010FE5
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00010F2B
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00010FAF
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00010F10
    .text C:\Windows\System32\svchost.exe[620] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00010039
    .text C:\Windows\System32\svchost.exe[620] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00060FEF
    .text C:\Windows\System32\svchost.exe[620] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00060027
    .text C:\Windows\System32\svchost.exe[620] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00060F9C
    .text C:\Windows\System32\svchost.exe[620] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00060FC8
    .text C:\Windows\System32\svchost.exe[620] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00060FAD
    .text C:\Windows\System32\svchost.exe[620] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 0006000C
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00070FE5
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00070025
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 00070036
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 00070F9E
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00070000
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00070F79
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 00070FCA
    .text C:\Windows\System32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00070FB9
    .text C:\Windows\System32\svchost.exe[620] WS2_32.dll!socket 77613F00 5 Bytes JMP 002E0000
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 002200A8
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00220100
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 002200E5
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 0022002F
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00220097
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00220F90
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 0022005E
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00220FA1
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00220FDE
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00220111
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00220FCD
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00220FBC
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00220FEF
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 002200B9
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 0022001E
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 002200D4
    .text C:\Windows\system32\svchost.exe[716] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00220F7F
    .text C:\Windows\system32\svchost.exe[716] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00230000
    .text C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00230FB7
    .text C:\Windows\system32\svchost.exe[716] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00230FC8
    .text C:\Windows\system32\svchost.exe[716] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00230FE3
    .text C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00230038
    .text C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 0023001D
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 002D0FEF
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 002D0040
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 002D006C
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 002D0051
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 002D000A
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 002D0087
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 002D001B
    .text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 002D0FD4
    .text C:\Windows\system32\svchost.exe[716] WS2_32.dll!socket 77613F00 5 Bytes JMP 002E0FEF
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 0021006F
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 002100C3
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00210F24
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00210FB9
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00210F50
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00210F6B
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00210043
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00210F7C
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00210014
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00210F13
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00210FA8
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00210F97
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00210FEF
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00210F35
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00210FDE
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00210094
    .text C:\Windows\system32\svchost.exe[820] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 0021005E
    .text C:\Windows\system32\svchost.exe[820] msvcrt.dll!_open 76C97E48 5 Bytes JMP 0022000C
    .text C:\Windows\system32\svchost.exe[820] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00220FD4
    .text C:\Windows\system32\svchost.exe[820] msvcrt.dll!system 76CCB16F 5 Bytes JMP 0022005F
    .text C:\Windows\system32\svchost.exe[820] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00220FEF
    .text C:\Windows\system32\svchost.exe[820] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 0022004E
    .text C:\Windows\system32\svchost.exe[820] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00220029
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 002B0FEF
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 002B0025
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 002B0F83
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 002B0F94
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 002B0FD4
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 002B0F68
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 002B0FB9
    .text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 002B000A
    .text C:\Windows\system32\svchost.exe[820] WS2_32.dll!socket 77613F00 5 Bytes JMP 002C0FEF
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 009800B6
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 009800E2
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 009800D1
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 0098001E
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 009800A5
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 0098008A
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00980079
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 0098005E
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00980FDE
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00980F3C
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00980FBC
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00980043
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00980FEF
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00980F68
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00980FCD
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00980F57
    .text C:\Windows\System32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00980F97
    .text C:\Windows\System32\svchost.exe[884] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00990FEF
    .text C:\Windows\System32\svchost.exe[884] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00990FA6
    .text C:\Windows\System32\svchost.exe[884] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00990FB7
    .text C:\Windows\System32\svchost.exe[884] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00990016
    .text C:\Windows\System32\svchost.exe[884] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00990027
    .text C:\Windows\System32\svchost.exe[884] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00990FD2
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00E80FEF
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00E80FC3
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 00E80054
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 00E80FB2
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00E8000A
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00E80F97
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 00E80FD4
    .text C:\Windows\System32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00E8002F
    .text C:\Windows\System32\svchost.exe[884] WS2_32.dll!socket 77613F00 5 Bytes JMP 00E90000
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00940F54
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00940EFC
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00940F0D
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00940FB6
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00940073
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00940058
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 0094003D
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00940F80
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00940FE5
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00940EE1
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00940FA5
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00940022
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00940000
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00940F43
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00940011
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00940F32
    .text C:\Windows\System32\svchost.exe[960] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00940F65
    .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_open 76C97E48 5 Bytes JMP 009D0000
    .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 009D004E
    .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!system 76CCB16F 5 Bytes JMP 009D0033
    .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 009D0FD7
    .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 009D0022
    .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 009D0011
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00DD0FEF
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00DD0FC0
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 00DD0FA5
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 00DD0051
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00DD0000
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00DD006C
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 00DD0025
    .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00DD0036
    .text C:\Windows\System32\svchost.exe[960] WS2_32.dll!socket 77613F00 5 Bytes JMP 00EE0000
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00A400A2
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00A40F39
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00A400CE
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00A4001B
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00A40F83
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00A4007D
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00A40062
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00A40047
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00A40FE5
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00A40F1E
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00A40FAF
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00A40036
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00A40000
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00A400BD
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00A40FCA
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00A40F54
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00A40F94
    .text C:\Windows\system32\svchost.exe[992] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00B10FE3
    .text C:\Windows\system32\svchost.exe[992] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00B10FA3
    .text C:\Windows\system32\svchost.exe[992] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00B1002E
    .text C:\Windows\system32\svchost.exe[992] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00B1001D
    .text C:\Windows\system32\svchost.exe[992] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00B10FBE
    .text C:\Windows\system32\svchost.exe[992] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00B10000
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00E70000
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00E7003D
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 00E7005F
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 00E7004E
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00E70011
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00E70070
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 00E7002C
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00E70FD1
    .text C:\Windows\system32\svchost.exe[992] WS2_32.dll!socket 77613F00 5 Bytes JMP 00E80FEF
    .text C:\Windows\system32\svchost.exe[992] WININET.dll!InternetOpenA 75B27DE4 5 Bytes JMP 010E0000
    .text C:\Windows\system32\svchost.exe[992] WININET.dll!InternetOpenW 75B29D60 5 Bytes JMP 010E0011
    .text C:\Windows\system32\svchost.exe[992] WININET.dll!InternetOpenUrlA 75B2DBD8 5 Bytes JMP 010E0FE5
    .text C:\Windows\system32\svchost.exe[992] WININET.dll!InternetOpenUrlW 75B7DD6C 5 Bytes JMP 010E0036
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00140F57
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00140F17
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 001400B6
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00140036
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00140F68
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 0014006C
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00140051
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00140F9E
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00140011
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00140EFC
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00140FCA
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00140FAF
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00140000
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00140F3C
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00140FDB
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 001400A5
    .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00140F79
    .text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00150000
    .text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00150FB4
    .text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00150FC5
    .text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 0015002E
    .text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 0015003F
    .text C:\Windows\system32\svchost.exe[1140] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 0015001D
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00380FEF
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00380F9E
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 00380F83
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 00380025
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00380014
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 773CB946 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 0038004A
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 00380FD4
    .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00380FC3
    .text C:\Windows\system32\svchost.exe[1140] WS2_32.dll!socket 77613F00 5 Bytes JMP 00820000
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 010C005B
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 010C0EFC
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 010C0091
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 010C0FB9
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 010C0F3C
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 010C0F57
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 010C0F7C
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 010C0039
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 010C0FD4
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 010C0EEB
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 010C0F9E
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 010C0F8D
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 010C0FEF
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 010C0F21
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 010C000A
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 010C0076
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 010C004A
    .text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_open 76C97E48 5 Bytes JMP 010D0FE3
    .text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 010D0F70
    .text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!system 76CCB16F 5 Bytes JMP 010D0F8B
    .text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 010D0FC1
    .text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 010D0FA6
    .text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 010D0FD2
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 010E0000
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 010E002C
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 010E0047
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 010E0F9B
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 010E0FEF
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 010E0F8A
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 010E001B
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 010E0FC0
    .text C:\Windows\system32\svchost.exe[1352] WS2_32.dll!socket 77613F00 5 Bytes JMP 010F0000
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 00FC0094
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 00FC00F6
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00FC00DB
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00FC0FBC
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00FC0083
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00FC0F75
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00FC004D
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00FC003C
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00FC0FDE
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00FC0F46
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00FC0FAB
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00FC0F9A
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00FC0FEF
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00FC00AF
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00FC0FCD
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 00FC00C0
    .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00FC0068
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00FD0000
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00FD0FC3
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00FD0FD4
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00FD003A
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00FD0FE5
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00FD0029
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 01020FEF
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 01020FB9
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 0102004A
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 01020FA8
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 0102000A
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 01020F8D
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 01020FD4
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 01020025
    .text C:\Windows\system32\svchost.exe[1540] WS2_32.dll!socket 77613F00 5 Bytes JMP 01030000
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 004800BD
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 0048010E
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00480F79
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00480036
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00480F94
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 758F50AB 1 Byte [E9]
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00480FAF
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00480087
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 0048006C
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 0048001B
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00480F5E
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00480051
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00480FC0
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 0048000A
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 004800CE
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00480FE5
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 004800F3
    .text C:\Windows\system32\svchost.exe[1708] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 004800A2
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00490FEF
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00490042
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00490FAD
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00490FD2
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 0049001D
    .text C:\Windows\system32\svchost.exe[1708] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00490000
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 004A0000
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 004A0033
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 004A0FA5
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 004A0FB6
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 004A0011
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 004A0F8A
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 004A0FDB
    .text C:\Windows\system32\svchost.exe[1708] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 004A0022
    .text C:\Windows\system32\svchost.exe[1708] WS2_32.dll!socket 77613F00 5 Bytes JMP 004B0FEF
    .text C:\Windows\system32\svchost.exe[1708] WININET.dll!InternetOpenA 75B27DE4 5 Bytes JMP 00940000
    .text C:\Windows\system32\svchost.exe[1708] WININET.dll!InternetOpenW 75B29D60 5 Bytes JMP 0094001B
    .text C:\Windows\system32\svchost.exe[1708] WININET.dll!InternetOpenUrlA 75B2DBD8 5 Bytes JMP 00940036
    .text C:\Windows\system32\svchost.exe[1708] WININET.dll!InternetOpenUrlW 75B7DD6C 5 Bytes JMP 00940047
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 001F0F4A
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 001F00B0
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 001F009F
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 001F0FB9
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 001F007D
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 001F0062
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 001F0051
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 001F0040
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 001F000A
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 001F00C1
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 001F0FA8
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 001F002F
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 001F0FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 001F0F39
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateNamedPipeA 7593D5BF 3 Bytes JMP 001F0FD4
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!CreateNamedPipeA + 4 7593D5C3 1 Byte [8A]
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!WinExec 7593E76D 3 Bytes JMP 001F008E
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!WinExec + 4 7593E771 1 Byte [8A]
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!VirtualProtectEx 7593F729 3 Bytes JMP 001F0F6F
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] kernel32.dll!VirtualProtectEx + 4 7593F72D 1 Byte [8A]
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] msvcrt.dll!_open 76C97E48 5 Bytes JMP 003B0000
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 003B0F97
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] msvcrt.dll!system 76CCB16F 5 Bytes JMP 003B0FA8
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 003B0FDE
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 003B0FCD
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 003B0FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 003C0FEF
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 003C0FB2
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 003C0FA1
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 003C0039
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 003C0014
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 003C0054
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 003C0FDE
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 003C0FCD
    .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1760] WS2_32.dll!socket 77613F00 5 Bytes JMP 003D0000
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 01C20F39
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 01C20F0D
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 01C200A2
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 01C2001B
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 01C20F4A
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 01C20062
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 01C20F8A
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 01C20051
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 01C20FCA
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 01C200B3
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 01C2002C
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 01C20FA5
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 01C20FEF
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 01C20F28
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 01C20000
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 01C20087
    .text C:\Windows\Explorer.EXE[2204] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 01C20F6F
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 01C50FE5
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 01C50FAC
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 01C50047
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 01C50F9B
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 01C50000
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 01C50F8A
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 1 Byte [E9]
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 01C50011
    .text C:\Windows\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 01C50022
    .text C:\Windows\Explorer.EXE[2204] msvcrt.dll!_open 76C97E48 5 Bytes JMP 01C40FE3
    .text C:\Windows\Explorer.EXE[2204] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 01C40FA6
    .text C:\Windows\Explorer.EXE[2204] msvcrt.dll!system 76CCB16F 5 Bytes JMP 01C40FB7
    .text C:\Windows\Explorer.EXE[2204] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 01C4000C
    .text C:\Windows\Explorer.EXE[2204] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 01C40027
    .text C:\Windows\Explorer.EXE[2204] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 01C40FD2
    .text C:\Windows\Explorer.EXE[2204] WININET.dll!InternetOpenA 75B27DE4 5 Bytes JMP 01C30FEF
    .text C:\Windows\Explorer.EXE[2204] WININET.dll!InternetOpenW 75B29D60 5 Bytes JMP 01C3000A
    .text C:\Windows\Explorer.EXE[2204] WININET.dll!InternetOpenUrlA 75B2DBD8 5 Bytes JMP 01C30FD4
    .text C:\Windows\Explorer.EXE[2204] WININET.dll!InternetOpenUrlW 75B7DD6C 5 Bytes JMP 01C3002F
    .text C:\Windows\Explorer.EXE[2204] WS2_32.dll!socket 77613F00 5 Bytes JMP 032C000A
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 0001009F
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 000100E9
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 00010F4A
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00010025
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 0001008E
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00010062
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00010F94
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00010051
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00010FDE
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 00010F39
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00010036
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00010FA5
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00010FEF
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 00010F65
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00010014
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 000100C4
    .text C:\Windows\system32\wuauclt.exe[3144] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 0001007D
    .text C:\Windows\system32\wuauclt.exe[3144] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00080FE3
    .text C:\Windows\system32\wuauclt.exe[3144] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00080FB2
    .text C:\Windows\system32\wuauclt.exe[3144] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00080047
    .text C:\Windows\system32\wuauclt.exe[3144] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00080011
    .text C:\Windows\system32\wuauclt.exe[3144] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 0008002C
    .text C:\Windows\system32\wuauclt.exe[3144] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00080000
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 00090FEF
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 00090FCA
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 0009006C
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 0009005B
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 00090014
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 00090087
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 00090025
    .text C:\Windows\system32\wuauclt.exe[3144] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 00090036
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!GetStartupInfoA 758B1DF0 5 Bytes JMP 0001007D
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreateProcessW 758B202D 5 Bytes JMP 000100DF
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreateProcessA 758B2062 5 Bytes JMP 000100C4
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreateNamedPipeW 758E1FD6 5 Bytes JMP 00010FD1
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreatePipe 758E4A8B 5 Bytes JMP 00010F4A
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!VirtualProtect 758F50AB 5 Bytes JMP 00010062
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!LoadLibraryExW 758FB6BF 5 Bytes JMP 00010F94
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!LoadLibraryExA 758FBC8B 5 Bytes JMP 00010051
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreateFileW 75900B7D 5 Bytes JMP 00010011
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!GetProcAddress 75901857 5 Bytes JMP 000100F0
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!LoadLibraryA 75902884 5 Bytes JMP 00010FC0
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!LoadLibraryW 759028D2 5 Bytes JMP 00010FAF
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreateFileA 7590291C 5 Bytes JMP 00010000
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!GetStartupInfoW 75907CD5 5 Bytes JMP 0001008E
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!CreateNamedPipeA 7593D5BF 5 Bytes JMP 00010022
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!WinExec 7593E76D 5 Bytes JMP 000100A9
    .text C:\Windows\System32\svchost.exe[3860] kernel32.dll!VirtualProtectEx 7593F729 5 Bytes JMP 00010F65
    .text C:\Windows\System32\svchost.exe[3860] msvcrt.dll!_open 76C97E48 5 Bytes JMP 00060000
    .text C:\Windows\System32\svchost.exe[3860] msvcrt.dll!_wsystem 76CCB04F 5 Bytes JMP 00060FA1
    .text C:\Windows\System32\svchost.exe[3860] msvcrt.dll!system 76CCB16F 5 Bytes JMP 00060FBC
    .text C:\Windows\System32\svchost.exe[3860] msvcrt.dll!_creat 76CCED29 5 Bytes JMP 00060FD7
    .text C:\Windows\System32\svchost.exe[3860] msvcrt.dll!_wcreat 76CD038E 5 Bytes JMP 00060036
    .text C:\Windows\System32\svchost.exe[3860] msvcrt.dll!_wopen 76CD0570 5 Bytes JMP 00060011
    .text C:\Windows\System32\svchost.exe[3860] WS2_32.dll!socket 77613F00 5 Bytes JMP 000B0FEF
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegOpenKeyA 773BD2ED 5 Bytes JMP 002D0FEF
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegCreateKeyA 773BD3C1 5 Bytes JMP 002D0FB2
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegCreateKeyExA 773C1B71 5 Bytes JMP 002D0F86
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegCreateKeyW 773C1CC0 5 Bytes JMP 002D0FA1
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegOpenKeyW 773C3129 5 Bytes JMP 002D0FDE
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegCreateKeyExW 773CB946 5 Bytes JMP 002D0043
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegOpenKeyExA 773CBC0D 5 Bytes JMP 002D0014
    .text C:\Windows\System32\svchost.exe[3860] ADVAPI32.dll!RegOpenKeyExW 773CBEC4 5 Bytes JMP 002D0FC3
    ---- Devices - GMER 1.0.15 ----
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    Device \Driver\BTHUSB \Device\0000006c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    ---- Processes - GMER 1.0.15 ----
    Library C:\Users\Inbal\Desktop\ (*** hidden *** ) @ C:\Users\Inbal\Desktop\??????\fixing\kn3qvnkv.exe [3692] 0x00400000
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f243a0b
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f243a0b (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----

    your help will be much appreciated

    Aviad.
     
  2. AviadG

    AviadG Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    3
    :eek:
     

    Attached Files:

  3. AviadG

    AviadG Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    3
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970745

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice