1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Wireless not working possible virus

Discussion in 'Virus & Other Malware Removal' started by Annoyed2, Jan 22, 2013.

Thread Status:
Not open for further replies.
  1. Annoyed2

    Annoyed2 Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    8
    Hi, some programs stop and start, running slow now it can see wireless connections but won't connect. it keeps asking for the security when it has already been connected before. i can connect to broadband through the usb but still keeps asking for the code. Thanks for the help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:19:43 PM, on 22/01/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Dell AIO Printer 948\dldfmon.exe
    C:\Program Files\Dell AIO Printer 948\memcard.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au/?ocid=OIE9HP
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/?ocid=ww
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110606042041.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
    O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files\pocketwifi\pocketwifi
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.primarygames.com/arcade/sports/sewerrun/gamecode.htm"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program Files/Big City Adventure/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program Files/Big City Adventure/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
    O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
    --
    End of file - 14835 bytes

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:19:43 PM, on 22/01/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Dell AIO Printer 948\dldfmon.exe
    C:\Program Files\Dell AIO Printer 948\memcard.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au/?ocid=OIE9HP
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/?ocid=ww
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110606042041.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
    O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files\pocketwifi\pocketwifi
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.primarygames.com/arcade/sports/sewerrun/gamecode.htm"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program Files/Big City Adventure/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program Files/Big City Adventure/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
    O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
    --
    End of file - 14835 bytes


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 22/06/2009 5:36:06 PM
    System Uptime: 22/01/2013 11:31:56 AM (4 hours ago)
    .
    Motherboard: Dell Inc. | | 0G437N
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 43.048 GiB free.
    D: is Removable
    E: is FIXED (NTFS) - 15 GiB total, 8.411 GiB free.
    F: is CDROM ()
    G: is CDROM (CDFS)
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&0043\8&110F2BDC&0&002266178793_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&0043\8&110F2BDC&0&002266178793_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&0043\8&110F2BDC&0&002266178793_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&0043\8&110F2BDC&0&002266178793_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&0043\8&110F2BDC&0&002266178793_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&0043\8&110F2BDC&0&002266178793_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    3 Mobile Broadband
    3 MobileBroadband
    32 Bit HP CIO Components Installer
    4500_Help
    7-Zip 4.65
    A Gypsy's Tale: The Tower of Secrets
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ares 3.1.5.3033
    Bejeweled 2 Deluxe
    Big City Adventure
    Big Fish Games: Game Manager
    Bonjour
    BookSmart® 2.9.5 2.9.5
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    ccc-utility
    Choice Guard
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Classic Games
    Compatibility Pack for the 2007 Office system
    Corel Snapfire Plus
    Definition update for Microsoft Office 2010 (KB982726)
    Dell-eBay
    Dell AIO Printer 948
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Resource CD
    Dell Support Center
    Dell Touchpad
    Dell Video Chat
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocMgr
    DocProc
    DocProcQFolder
    e-tax 2009
    e-tax 2010
    EPSON TX100 Series Printer Uninstall
    Fax
    Flux Family Secrets - The Rabbit Hole
    GoToAssist 8.0.0.514
    Hidden Expedition - Everest (remove only)
    High-Definition Video Playback
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Document Manager 1.0
    HP Imaging Device Functions 10.0
    HP Officejet J4500 Series
    ImagXpress
    Integrated Webcam Driver (1.02.01.0320)
    Intel® Matrix Storage Manager
    iriver plus 4
    iTunes
    J4500
    Java 7 Update 10
    Java Auto Updater
    Java(TM) 6 Update 13
    Junk Mail filter update
    Kyodai
    LeapFrog Connect
    LeapFrog My Pals Plugin
    Live! Cam Avatar Creator
    Margrave Manor
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Minecraft 1.4.5
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero Core Components 10
    Nero Dolby Files 10
    Nero Kwik Media
    Nero Update
    NeroKwikMedia Help (CHM)
    neroxml
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    OCR Software by I.R.I.S. 10.0
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    pocketwifi
    PowerDVD
    ProductContext
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Excel 2010 (KB2523021)
    Security Update for Microsoft InfoPath 2010 (KB2510065)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Status
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    VLC media player 1.1.4
    WebReg
    WIDCOMM Bluetooth Software 6.2.0.6600
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Driver Package - Nokia Modem (06/01/2009 4.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== End Of File ===========================


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-22 15:23:35
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0003 232.89GB
    Running: m1pn4wkg.exe; Driver: C:\Users\Renae\AppData\Local\Temp\pxldipow.sys

    ---- System - GMER 2.0 ----
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8BB4B1E8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8BB4B212]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8BB4B1FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8BB4B1D4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!ZwYieldExecution 82643982 5 Bytes JMP 8BB4B1D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 82809143 5 Bytes JMP 8BB4B216 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 8282889A 7 Bytes JMP 8BB4B1EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82828B5D 5 Bytes JMP 8BB4B202 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90204000, 0x23100A, 0xE8000020]
    ? C:\Users\Renae\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Windows\system32\services.exe[760] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 001C0000
    .text C:\Windows\system32\services.exe[760] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 001C0FDE
    .text C:\Windows\system32\services.exe[760] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 001C0FEF
    .text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 001B0076
    .text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 001B0065
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 001B0087
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 001B0EF0
    .text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 001B0F66
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 001B0FD4
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 001B0025
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 001B0F30
    .text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 001B0040
    .text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 001B0FA8
    .text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 001B0F8D
    .text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 001B0FB9
    .text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 001B0F4B
    .text C:\Windows\system32\services.exe[760] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 001B0ED5
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 001B0014
    .text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 001B0FEF
    .text C:\Windows\system32\services.exe[760] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 001B0F0B
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00340FB6
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00340058
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00340000
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 76A8391E 3 Bytes JMP 00340FDB
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW + 4 76A83922 1 Byte [89]
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 76A841F1 3 Bytes JMP 00340FA5
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW + 4 76A841F5 1 Byte [89]
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 76A87C42 3 Bytes JMP 0034002C
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA + 4 76A87C46 1 Byte [89]
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 3 Bytes JMP 0034001B
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW + 4 76A8E2B9 1 Byte [89]
    .text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00340047
    .text C:\Windows\system32\services.exe[760] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 0035002C
    .text C:\Windows\system32\services.exe[760] msvcrt.dll!system 7769804B 5 Bytes JMP 00350011
    .text C:\Windows\system32\services.exe[760] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00350FB5
    .text C:\Windows\system32\services.exe[760] msvcrt.dll!_open 7769D106 5 Bytes JMP 00350FE3
    .text C:\Windows\system32\services.exe[760] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00350000
    .text C:\Windows\system32\services.exe[760] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00350FD2
    .text C:\Windows\system32\services.exe[760] WS2_32.dll!socket 762936D1 5 Bytes JMP 00330000
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 001E0000
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 001E0040
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 001E0025
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 001D00A1
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 001D0F65
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 001D00E8
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 001D00CD
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 001D0F9B
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 001D0022
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 001D0FD1
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 001D0090
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 001D0075
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 001D004E
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 001D0FB6
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 001D003D
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 001D0F8A
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 001D00F9
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 001D0011
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 001D0000
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 001D00B2
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 005F0FA5
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 005F0FC0
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 005F000A
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 005F0047
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 005F0062
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 005F001B
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 005F0FEF
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 005F0036
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00D10FB7
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!system 7769804B 5 Bytes JMP 00D10FC8
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00D10FD9
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_open 7769D106 5 Bytes JMP 00D10000
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00D1002E
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00D1001D
    .text C:\Windows\system32\lsass.exe[776] WS2_32.dll!socket 762936D1 5 Bytes JMP 001F0FEF
    .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00260000
    .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00260FCA
    .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00260FE5
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 002500E1
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 002500D0
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00250F5B
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 002500F2
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00250FA5
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 0025002C
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00250FDB
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 002500B5
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00250089
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 0025006C
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00250FCA
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00250047
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 0025009A
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00250F40
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 0025001B
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 0025000A
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00250F76
    .text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 0041001D
    .text C:\Windows\system32\svchost.exe[972] msvcrt.dll!system 7769804B 5 Bytes JMP 0041000C
    .text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00410FC1
    .text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_open 7769D106 5 Bytes JMP 00410FEF
    .text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00410FA6
    .text C:\Windows\system32\svchost.exe[972] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00410FD2
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00280065
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00280025
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00280FEF
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 0028004A
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00280076
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00280FD4
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 0028000A
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00280FB9
    .text C:\Windows\system32\svchost.exe[972] WS2_32.dll!socket 762936D1 5 Bytes JMP 00270FEF
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00430FEF
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 0043001E
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00430FDE
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 004100E7
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00410FA1
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00410F7C
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00410113
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00410FBC
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00410040
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00410051
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 004100CC
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00410FCD
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00410076
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00410FDE
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00410FEF
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 004100B1
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00410124
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 0041001B
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00410000
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 004100F8
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 0090004E
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!system 7769804B 5 Bytes JMP 0090003D
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00900022
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_open 7769D106 5 Bytes JMP 00900000
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00900FCD
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00900011
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 008F007D
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 008F0062
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 008F0000
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 008F0FDB
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 008F008E
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 008F002C
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 008F0011
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 008F003D
    .text C:\Windows\system32\svchost.exe[1036] WS2_32.dll!socket 762936D1 5 Bytes JMP 008E0000
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 0023000A
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 0023002C
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 0023001B
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 002200DC
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 002200B7
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 002200FE
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 002200ED
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00220084
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 0022001B
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00220036
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 002200A6
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00220FA0
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00220058
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00220069
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00220047
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00220095
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00220119
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 00220000
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00220FE5
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00220F71
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 008E0042
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!system 7769804B 5 Bytes JMP 008E0FB7
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 008E001D
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_open 7769D106 5 Bytes JMP 008E0000
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 008E0FC8
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 008E0FEF
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00250F94
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00250FAF
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00250FEF
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00250036
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 0025005B
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00250FCA
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00250000
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00250011
    .text C:\Windows\System32\svchost.exe[1192] WS2_32.dll!socket 762936D1 5 Bytes JMP 00240FEF
    .text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 0099000A
    .text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00990FDE
    .text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00990FEF
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 00940F64
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00940F75
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 009400D6
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00940F3F
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00940FA1
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00940FCD
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00940028
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 009400A0
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 0094006F
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00940FBC
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 0094005E
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00940043
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00940F86
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 009400E7
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 00940FDE
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00940FEF
    .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 009400BB
    .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00D9006B
    .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system 7769804B 5 Bytes JMP 00D90050
    .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00D9002E
    .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open 7769D106 5 Bytes JMP 00D9000C
    .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00D9003F
    .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00D9001D
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00D80F7C
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00D80FA8
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00D80000
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00D80F8D
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00D80043
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00D80FD4
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00D80FE5
    .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00D80FB9
    .text C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket 762936D1 5 Bytes JMP 00D30000
    .text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenA 77784E33 5 Bytes JMP 010F0FEF
    .text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 7778BFCE 5 Bytes JMP 010F000A
    .text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenW 777BC02E 5 Bytes JMP 010F0FDE
    .text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 777ED70A 5 Bytes JMP 010F0FAF
    .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00DE0000
    .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00DE0FD4
    .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00DE0FEF
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 00A30062
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00A30F26
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00A3007D
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00A30EF0
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00A30F6D
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00A30FC3
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00A3000A
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 00A30F41
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00A30047
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00A3001B
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00A30036
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00A30F94
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00A30F5C
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00A3008E
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 00A30FD4
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00A30FEF
    .text C:\Windows\system32\svchost.exe[1244] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00A30F01
    .text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 01000049
    .text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!system 7769804B 5 Bytes JMP 01000038
    .text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 01000FC8
    .text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_open 7769D106 5 Bytes JMP 01000FE3
    .text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 01000027
    .text C:\Windows\system32\svchost.exe[1244] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 01000000
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00A40076
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00A4004A
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00A40000
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00A4005B
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00A40087
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00A40FDE
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00A40FEF
    .text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00A40025
    .text C:\Windows\system32\svchost.exe[1244] WS2_32.dll!socket 762936D1 5 Bytes JMP 00DF0000
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 007D0FEF
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 007D0FCA
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 007D000A
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 000B0F61
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 000B009D
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 000B0F35
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 000B0F46
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 000B0071
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 000B0FDB
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 000B0036
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 000B008C
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 000B0F8D
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 000B0FB9
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 000B0FA8
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 000B0FCA
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 000B0F7C
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 000B0F24
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 000B0011
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 000B0000
    .text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 000B00B8
    .text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 007F0FD4
    .text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!system 7769804B 5 Bytes JMP 007F005F
    .text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 007F0FEF
    .text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_open 7769D106 5 Bytes JMP 007F000C
    .text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 007F0044
    .text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 007F0029
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 000D004D
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 000D0028
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 000D0FEF
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 000D0FA1
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 000D0F90
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 000D0FCD
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 000D0FDE
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 000D0FB2
    .text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 762936D1 5 Bytes JMP 007E0000
    .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00DD0FEF
    .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00DD001B
    .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00DD0000
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 009700CC
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00970F86
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00970109
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 009700EE
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 0097007B
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00970FCD
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 0097001E
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 009700A7
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 0097005E
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00970039
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00970FA1
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00970FB2
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00970096
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00970124
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 00970FDE
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00970FEF
    .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 009700DD
    .text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00DF0FC8
    .text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!system 7769804B 5 Bytes JMP 00DF0FD9
    .text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00DF002E
    .text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_open 7769D106 5 Bytes JMP 00DF0000
    .text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00DF0049
    .text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00DF0011
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 009C0058
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 009C0FC0
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 009C0000
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 009C003D
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 009C0F9B
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 009C0022
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 009C0011
    .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 009C0FDB
    .text C:\Windows\system32\svchost.exe[1464] WS2_32.dll!socket 762936D1 5 Bytes JMP 00DE0000
    .text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenA 77784E33 5 Bytes JMP 00D80000
    .text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 7778BFCE 5 Bytes JMP 00D80022
    .text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenW 777BC02E 5 Bytes JMP 00D80011
    .text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 777ED70A 5 Bytes JMP 00D80033
    .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00950FEF
    .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00950025
    .text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 0095000A
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 0012006C
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 0012005B
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 0012009B
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00120EFA
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00120F55
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00120FCA
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00120FB9
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 0012004A
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00120F7C
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00120F9E
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00120F8D
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00120025
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00120F44
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7686925B 3 Bytes JMP 00120EDF
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetProcAddress + 4 7686925F 1 Byte [89]
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7686B0EB 3 Bytes JMP 00120000
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileW + 4 7686B0EF 1 Byte [89]
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7686D07F 3 Bytes JMP 00120FEF
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileA + 4 7686D083 1 Byte [89]
    .text C:\Windows\system32\svchost.exe[1500] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00120F0B
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00140056
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!system 7769804B 5 Bytes JMP 0014003B
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00140FD2
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_open 7769D106 5 Bytes JMP 00140000
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00140FC1
    .text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00140FE3
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00130058
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 0013003D
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00130000
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00130FB6
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00130F9B
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00130FD1
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00130011
    .text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00130022
    .text C:\Windows\system32\svchost.exe[1500] WS2_32.dll!socket 762936D1 5 Bytes JMP 000D0FEF
    .text C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 003E000A
    .text C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 003E0FE5
    .text C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 003E001B
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 003C00B5
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 003C0F79
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 003C0F2F
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 003C00C6
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 003C0089
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 003C0FEF
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 003C0036
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 003C00A4
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 003C006E
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 003C0047
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 003C0FA5
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 003C0FC0
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 003C0F94
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 003C00D7
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 003C0025
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 003C000A
    .text C:\Windows\system32\svchost.exe[1648] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 003C0F54
    .text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 009E0075
    .text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!system 7769804B 5 Bytes JMP 009E0050
    .text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 009E002E
    .text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_open 7769D106 5 Bytes JMP 009E0000
    .text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 009E003F
    .text C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 009E001D
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 003D0F8D
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 003D0FA8
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 003D0FEF
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 003D002F
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 003D004A
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 003D0FDE
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 003D000A
    .text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 003D0FC3
    .text C:\Windows\system32\svchost.exe[1648] WS2_32.dll!socket 762936D1 5 Bytes JMP 003F0000
    .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00420000
    .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 0042001B
    .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00420FE5
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 002E0F66
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 002E0F81
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 002E0F4B
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 002E00E2
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 002E0FAD
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 002E0FE5
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 002E0036
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 002E0F92
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 002E0087
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 002E0FCA
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 002E0076
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 002E0047
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 002E0098
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 002E0F3A
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 002E001B
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 002E0000
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 002E00C7
    .text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 0041004C
    .text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!system 7769804B 5 Bytes JMP 00410FB7
    .text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00410FD2
    .text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_open 7769D106 5 Bytes JMP 00410000
    .text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00410027
    .text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00410FE3
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 002F0FD4
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 002F005B
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 002F000A
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 002F0076
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 002F0FC3
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 002F0036
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 002F0025
    .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 002F0FEF
    .text C:\Windows\system32\svchost.exe[2020] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 01630FE5
    .text C:\Windows\system32\svchost.exe[2020] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 01630FB9
    .text C:\Windows\system32\svchost.exe[2020] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 01630FD4
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 015B00BC
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 015B00AB
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 015B0F25
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 015B0F40
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 015B0F9E
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 015B0FE5
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 015B0036
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 015B009A
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 015B0FAF
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 015B005B
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 015B006C
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 015B0FD4
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 015B0089
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 015B0F14
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 015B0011
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 015B0000
    .text C:\Windows\system32\svchost.exe[2020] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 015B0F5B
    .text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 015D002C
    .text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!system 7769804B 5 Bytes JMP 015D0FA1
    .text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 015D001B
    .text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_open 7769D106 5 Bytes JMP 015D0FE3
    .text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 015D0FC6
    .text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 015D0000
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 015C0F79
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 015C0FA5
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 015C0000
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 015C0F94
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 015C0036
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 015C0FD4
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 015C0FEF
    .text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 015C001B
    .text C:\Windows\system32\svchost.exe[2020] WS2_32.dll!socket 762936D1 5 Bytes JMP 015A0000
    .text C:\Windows\system32\svchost.exe[2472] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00340000
    .text C:\Windows\system32\svchost.exe[2472] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00340FE5
    .text C:\Windows\system32\svchost.exe[2472] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 0034001B
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 001B0F54
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 001B0F6F
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 001B0F1E
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 001B0F2F
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 001B0078
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 001B0FE5
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 001B002C
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 001B009A
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 001B005B
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 001B0FB9
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 001B0F9E
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 001B0FCA
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 001B0089
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 001B00D0
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 001B001B
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 001B0000
    .text C:\Windows\system32\svchost.exe[2472] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 001B00B5
    .text C:\Windows\system32\svchost.exe[2472] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00330FB7
    .text C:\Windows\system32\svchost.exe[2472] msvcrt.dll!system 7769804B 5 Bytes JMP 00330042
    .text C:\Windows\system32\svchost.exe[2472] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00330016
    .text C:\Windows\system32\svchost.exe[2472] msvcrt.dll!_open 7769D106 5 Bytes JMP 00330FE3
    .text C:\Windows\system32\svchost.exe[2472] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00330027
    .text C:\Windows\system32\svchost.exe[2472] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00330FD2
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00320036
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00320025
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00320FEF
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00320F9E
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00320051
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00320FC3
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00320FD4
    .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00320014
    .text C:\Windows\system32\svchost.exe[2472] WS2_32.dll!socket 762936D1 5 Bytes JMP 00140FE5
    .text C:\Windows\system32\svchost.exe[2588] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 005D0FEF
    .text C:\Windows\system32\svchost.exe[2588] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 005D001B
    .text C:\Windows\system32\svchost.exe[2588] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 005D0000
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 004300B8
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00430F72
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00430F46
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 004300D3
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00430082
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 0043002C
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00430FE5
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 00430093
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00430065
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00430FB9
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00430FA8
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00430FD4
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00430F8D
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00430F21
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 0043001B
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00430000
    .text C:\Windows\system32\svchost.exe[2588] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00430F57
    .text C:\Windows\system32\svchost.exe[2588] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 005C0FDB
    .text C:\Windows\system32\svchost.exe[2588] msvcrt.dll!system 7769804B 5 Bytes JMP 005C0066
    .text C:\Windows\system32\svchost.exe[2588] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 005C003A
    .text C:\Windows\system32\svchost.exe[2588] msvcrt.dll!_open 7769D106 5 Bytes JMP 005C0000
    .text C:\Windows\system32\svchost.exe[2588] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 005C0055
    .text C:\Windows\system32\svchost.exe[2588] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 005C0029
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 005B0F9B
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 005B0022
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 005B0000
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 005B003D
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 005B0F8A
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 005B0011
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 005B0FE5
    .text C:\Windows\system32\svchost.exe[2588] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 005B0FB6
    .text C:\Windows\system32\svchost.exe[2588] WS2_32.dll!socket 762936D1 5 Bytes JMP 003E0000
    .text C:\Windows\System32\svchost.exe[2652] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00100FEF
    .text C:\Windows\System32\svchost.exe[2652] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00100FD4
    .text C:\Windows\System32\svchost.exe[2652] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00100014
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 00050F6A
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 000500BA
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 000500F0
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00050F59
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 0005008E
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00050025
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00050036
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 00050F99
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 0005007D
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00050FC0
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00050062
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00050047
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 0005009F
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 0005010B
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 0005000A
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00050FEF
    .text C:\Windows\System32\svchost.exe[2652] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 000500CB
    .text C:\Windows\System32\svchost.exe[2652] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00070F7F
    .text C:\Windows\System32\svchost.exe[2652] msvcrt.dll!system 7769804B 5 Bytes JMP 00070014
    .text C:\Windows\System32\svchost.exe[2652] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00070FB5
    .text C:\Windows\System32\svchost.exe[2652] msvcrt.dll!_open 7769D106 5 Bytes JMP 00070FE3
    .text C:\Windows\System32\svchost.exe[2652] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 00070FA4
    .text C:\Windows\System32\svchost.exe[2652] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00070FD2
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00060039
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00060FA8
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00060FEF
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00060F97
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00060F72
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 0006000A
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00060FDE
    .text C:\Windows\System32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00060FB9
    .text C:\Windows\System32\svchost.exe[2652] WS2_32.dll!socket 762936D1 5 Bytes JMP 002F0000
    .text C:\Windows\System32\svchost.exe[2932] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00020FEF
    .text C:\Windows\System32\svchost.exe[2932] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00020014
    .text C:\Windows\System32\svchost.exe[2932] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00020FD4
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 00010094
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00010F58
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 000100B6
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00010F1F
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00010F7A
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 0001001B
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00010FD4
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 00010083
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00010F95
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00010FB2
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00010054
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00010FC3
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00010F69
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 000100C7
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateFileW 7686B0EB 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 00010FEF
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00010000
    .text C:\Windows\System32\svchost.exe[2932] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 000100A5
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!_wsystem 77697F2F 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 001B0033
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!system 7769804B 5 Bytes JMP 001B0FB2
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 001B0FCD
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!_open 7769D106 5 Bytes JMP 001B0FEF
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 001B0018
    .text C:\Windows\System32\svchost.exe[2932] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 001B0FDE
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00060F80
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00060FB6
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00060FE5
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00060F91
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00060047
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00060011
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00060000
    .text C:\Windows\System32\svchost.exe[2932] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00060022
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2960] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 6E6D9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2960] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 6E6D9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00040000
    .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00040FC0
    .text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00040FDB
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 000100B2
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 00010F6C
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00010F25
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00010F36
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 0001006B
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00010FC0
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00010011
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 00010097
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 0001005A
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 0001003D
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00010F91
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00010022
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 0001007C
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 000100D7
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 00010000
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00010FEF
    .text C:\Windows\Explorer.EXE[3924] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00010F47
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00060047
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00060FB6
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 00060000
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00060FA5
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 00060062
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 00060FDB
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 00060011
    .text C:\Windows\Explorer.EXE[3924] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 0006002C
    .text C:\Windows\Explorer.EXE[3924] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00070FAD
    .text C:\Windows\Explorer.EXE[3924] msvcrt.dll!system 7769804B 5 Bytes JMP 00070FBE
    .text C:\Windows\Explorer.EXE[3924] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 0007001D
    .text C:\Windows\Explorer.EXE[3924] msvcrt.dll!_open 7769D106 5 Bytes JMP 00070000
    .text C:\Windows\Explorer.EXE[3924] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 0007002E
    .text C:\Windows\Explorer.EXE[3924] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 00070FEF
    .text C:\Windows\Explorer.EXE[3924] WININET.dll!InternetOpenA 77784E33 5 Bytes JMP 032B0000
    .text C:\Windows\Explorer.EXE[3924] WININET.dll!InternetOpenUrlA 7778BFCE 5 Bytes JMP 032B0040
    .text C:\Windows\Explorer.EXE[3924] WININET.dll!InternetOpenW 777BC02E 5 Bytes JMP 032B0025
    .text C:\Windows\Explorer.EXE[3924] WININET.dll!InternetOpenUrlW 777ED70A 5 Bytes JMP 032B0FEF
    .text C:\Windows\Explorer.EXE[3924] WS2_32.dll!socket 762936D1 5 Bytes JMP 026B0FE5
    .text C:\Windows\system32\svchost.exe[5552] ntdll.dll!NtCreateFile 77A74224 5 Bytes JMP 00040FE5
    .text C:\Windows\system32\svchost.exe[5552] ntdll.dll!NtCreateProcess 77A742E4 5 Bytes JMP 00040011
    .text C:\Windows\system32\svchost.exe[5552] ntdll.dll!NtProtectVirtualMemory 77A74B84 5 Bytes JMP 00040000
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!GetStartupInfoW 76821929 5 Bytes JMP 000100B5
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!GetStartupInfoA 768219C9 5 Bytes JMP 000100A4
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreateProcessW 76821BF3 5 Bytes JMP 00010F28
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreateProcessA 76821C28 5 Bytes JMP 00010F43
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!VirtualProtect 76821DC3 5 Bytes JMP 00010078
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreateNamedPipeA 76822EF5 5 Bytes JMP 00010FDB
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreateNamedPipeW 76825C0C 5 Bytes JMP 00010FCA
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreatePipe 76848F06 5 Bytes JMP 00010093
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!LoadLibraryExW 7684927C 5 Bytes JMP 00010067
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!LoadLibraryW 76849400 5 Bytes JMP 00010FAF
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!LoadLibraryExA 76849554 5 Bytes JMP 00010F9E
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!LoadLibraryA 7684957C 5 Bytes JMP 00010036
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!VirtualProtectEx 7684DC52 5 Bytes JMP 00010F83
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!GetProcAddress 7686925B 5 Bytes JMP 00010F17
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreateFileW 7686B0EB 5 Bytes JMP 0001001B
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!CreateFileA 7686D07F 5 Bytes JMP 00010000
    .text C:\Windows\system32\svchost.exe[5552] kernel32.dll!WinExec 768B60CF 5 Bytes JMP 00010F5E
    .text C:\Windows\system32\svchost.exe[5552] msvcrt.dll!_wsystem 77697F2F 5 Bytes JMP 00060038
    .text C:\Windows\system32\svchost.exe[5552] msvcrt.dll!system 7769804B 5 Bytes JMP 00060FAD
    .text C:\Windows\system32\svchost.exe[5552] msvcrt.dll!_creat 7769BBE1 5 Bytes JMP 00060FC8
    .text C:\Windows\system32\svchost.exe[5552] msvcrt.dll!_open 7769D106 5 Bytes JMP 00060FEF
    .text C:\Windows\system32\svchost.exe[5552] msvcrt.dll!_wcreat 7769D326 5 Bytes JMP 0006001D
    .text C:\Windows\system32\svchost.exe[5552] msvcrt.dll!_wopen 7769D501 5 Bytes JMP 0006000C
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegCreateKeyExA 76A739AB 5 Bytes JMP 00070062
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegCreateKeyA 76A73BA9 5 Bytes JMP 00070FCA
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegOpenKeyA 76A789C7 5 Bytes JMP 0007000A
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegCreateKeyW 76A8391E 5 Bytes JMP 00070051
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegCreateKeyExW 76A841F1 5 Bytes JMP 0007007D
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegOpenKeyExA 76A87C42 5 Bytes JMP 0007002C
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegOpenKeyW 76A8E2B5 5 Bytes JMP 0007001B
    .text C:\Windows\system32\svchost.exe[5552] ADVAPI32.dll!RegOpenKeyExW 76A97BA1 5 Bytes JMP 00070FE5
    .text C:\Windows\system32\svchost.exe[5552] WS2_32.dll!socket 762936D1 5 Bytes JMP 00090FE5
    ---- User IAT/EAT - GMER 2.0 ----
    IAT C:\Windows\system32\mfevtps.exe[2280] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [01057740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[2280] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [010577A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7493A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74918395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7496CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7490C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    ---- Registry - GMER 2.0 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cb256c9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xCA 0x28 0x16 0x18 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x58 0xE2 0xB0 0xE2 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242cb256c9 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xCA 0x28 0x16 0x18 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x58 0xE2 0xB0 0xE2 ...
    ---- EOF - GMER 2.0 ----
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Closing duplicate.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086356

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice