It ran fine this time, saved the log.. Then I tried to open it, and it went to blue screen again and reset... here is the log, thanks for ur time SD.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-09-09 23:57:39
Windows 6.0.6002 Service Pack 2
Running: ark.exe; Driver: C:\Users\Tyler\AppData\Local\Temp\uflyrpod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8A99DC50]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8A99DC7A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A99DCA2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8A99DC64]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8A99DC3C]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8A99DC28]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A99DCD1]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A99DCB8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A99DC8E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 828659D2 5 Bytes JMP 8A99DC92 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 00210F6D
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 002100B3
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 002100DF
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 00210F3E
.text C:\Windows\system32\services.exe[744] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 00210F92
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 0021001B
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 00210FCA
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 002100A2
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 0021006C
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 00210051
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 00210FAF
.text C:\Windows\system32\services.exe[744] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 0021002C
.text C:\Windows\system32\services.exe[744] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 0021007D
.text C:\Windows\system32\services.exe[744] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 002100F0
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 00210FEF
.text C:\Windows\system32\services.exe[744] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 00210000
.text C:\Windows\system32\services.exe[744] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 002100C4
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA 776D39AB 5 Bytes JMP 00200040
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA 776D3BA9 5 Bytes JMP 00200025
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA 776D89C7 5 Bytes JMP 00200FEF
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyW 776E391E 5 Bytes JMP 00200F9E
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW 776E41F1 5 Bytes JMP 00200F83
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA 776E7C42 5 Bytes JMP 00200FCA
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyW 776EE2B5 5 Bytes JMP 0020000A
.text C:\Windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW 776F7BA1 5 Bytes JMP 00200FB9
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 001F0042
.text C:\Windows\system32\services.exe[744] msvcrt.dll!system 7722804B 5 Bytes JMP 001F0FB7
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 001F0FD9
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_open 7722D106 5 Bytes JMP 001F0000
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_wcreat 7722D326 5 Bytes JMP 001F0FC8
.text C:\Windows\system32\services.exe[744] msvcrt.dll!_wopen 7722D501 5 Bytes JMP 001F0011
.text C:\Windows\system32\services.exe[744] WS2_32.dll!socket 77C636D1 5 Bytes JMP 00370FEF
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 000C00B3
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 000C0F6D
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 000C00DF
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 000C00CE
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 000C007D
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 000C000A
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 000C0FAF
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 000C0F88
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 000C006C
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 000C0040
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 000C005B
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 000C0025
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 000C008E
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 000C0F2D
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\lsass.exe[756] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 000C0F48
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA 776D39AB 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA 776D3BA9 5 Bytes JMP 000B0051
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA 776D89C7 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyW 776E391E 5 Bytes JMP 000B006C
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW 776E41F1 5 Bytes JMP 000B007D
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA 776E7C42 5 Bytes JMP 000B002F
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyW 776EE2B5 5 Bytes JMP 000B0014
.text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW 776F7BA1 5 Bytes JMP 000B0040
.text C:\Windows\system32\lsass.exe[756] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 000A0044
.text C:\Windows\system32\lsass.exe[756] msvcrt.dll!system 7722804B 5 Bytes JMP 000A0FB9
.text C:\Windows\system32\lsass.exe[756] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 000A0029
.text C:\Windows\system32\lsass.exe[756] msvcrt.dll!_open 7722D106 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\lsass.exe[756] msvcrt.dll!_wcreat 7722D326 5 Bytes JMP 000A0FD4
.text C:\Windows\system32\lsass.exe[756] msvcrt.dll!_wopen 7722D501 5 Bytes JMP 000A0018
.text C:\Windows\system32\lsass.exe[756] WS2_32.dll!socket 77C636D1 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 00730F4B
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 00730F5C
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 007300B6
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 00730F1F
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 00730F8B
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 00730FB9
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 00730087
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 00730065
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 00730FA8
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 0073004A
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 0073002F
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 00730076
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 00730F0E
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 00730FD4
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 00730FE5
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 00730F30
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 00180FA8
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!system 7722804B 5 Bytes JMP 00180FB9
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_open 7722D106 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wcreat 7722D326 5 Bytes JMP 00180FDE
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wopen 7722D501 5 Bytes JMP 00180029
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 776D39AB 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 776D3BA9 5 Bytes JMP 0019005B
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 776D89C7 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 776E391E 5 Bytes JMP 00190076
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 776E41F1 5 Bytes JMP 00190091
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 776E7C42 5 Bytes JMP 0019002F
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 776EE2B5 5 Bytes JMP 00190014
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 776F7BA1 5 Bytes JMP 00190040
.text C:\Windows\system32\svchost.exe[948] WS2_32.dll!socket 77C636D1 5 Bytes JMP 00740FEF
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 008700AB
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 00870F65
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 00870F40
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 008700CD
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 00870075
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 0087002C
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 0087003D
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 00870F80
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 00870F9B
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 00870FAC
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 0087004E
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 00870FC7
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 00870090
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 008700E8
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 00870011
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 008700BC
.text C:\Windows\system32\svchost.exe[1020] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 002C0FB7
.text C:\Windows\system32\svchost.exe[1020] msvcrt.dll!system 7722804B 5 Bytes JMP 002C0FD2
.text C:\Windows\system32\svchost.exe[1020] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 002C0027
.text C:\Windows\system32\svchost.exe[1020] msvcrt.dll!_open 7722D106 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[1020] msvcrt.dll!_wcreat 7722D326 5 Bytes JMP 002C0042
.text C:\Windows\system32\svchost.exe[1020] msvcrt.dll!_wopen 7722D501 5 Bytes JMP 002C0FE3
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 776D39AB 5 Bytes JMP 00860F9E
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 776D3BA9 5 Bytes JMP 0086002F
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 776D89C7 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 776E391E 5 Bytes JMP 0086004A
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 776E41F1 5 Bytes JMP 00860F8D
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 776E7C42 5 Bytes JMP 00860FCD
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 776EE2B5 5 Bytes JMP 00860FDE
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 776F7BA1 5 Bytes JMP 0086001E
.text C:\Windows\system32\svchost.exe[1020] WS2_32.dll!socket 77C636D1 5 Bytes JMP 00880FEF
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 0135006C
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 01350F26
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 01350EF0
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 01350091
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 01350F52
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 0135001B
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 01350FC0
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 01350F41
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 01350F79
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 01350FA5
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 01350F94
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 0135002C
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 01350047
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 01350ED5
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 0135000A
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 01350FEF
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 01350F0B
.text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 01330F9C
.text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!system 7722804B 5 Bytes JMP 01330027
.text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 0133000C
.text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_open 7722D106 5 Bytes JMP 01330FEF
.text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_wcreat 7722D326 5 Bytes JMP 01330FB7
.text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_wopen 7722D501 5 Bytes JMP 01330FD2
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 776D39AB 5 Bytes JMP 01340036
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 776D3BA9 5 Bytes JMP 01340025
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 776D89C7 5 Bytes JMP 01340000
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 776E391E 5 Bytes JMP 01340F94
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 776E41F1 5 Bytes JMP 01340F79
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 776E7C42 5 Bytes JMP 01340FCA
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 776EE2B5 5 Bytes JMP 01340FE5
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 776F7BA1 5 Bytes JMP 01340FB9
.text C:\Windows\System32\svchost.exe[1060] WS2_32.dll!socket 77C636D1 5 Bytes JMP 01430FE5
.text C:\Windows\System32\svchost.exe[1060] wininet.dll!InternetOpenA 7793D690 5 Bytes JMP 01360FEF
.text C:\Windows\System32\svchost.exe[1060] wininet.dll!InternetOpenW 7793DB09 5 Bytes JMP 01360FDE
.text C:\Windows\System32\svchost.exe[1060] wininet.dll!InternetOpenUrlA 7793F3A4 5 Bytes JMP 01360FC3
.text C:\Windows\System32\svchost.exe[1060] wininet.dll!InternetOpenUrlW 77986DDF 5 Bytes JMP 01360FB2
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 007100CE
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 007100BD
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 007100FA
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 007100E9
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 0071007D
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 00710025
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 00710FD4
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 00710F88
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 0071006C
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 00710040
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 0071005B
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 00710FC3
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 00710098
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 00710F52
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 0071000A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 00710FEF
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 00710F6D
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 006B0F95
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!system 7722804B 5 Bytes JMP 006B0FA6
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 006B0016
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_open 7722D106 5 Bytes JMP 006B0FE3
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wcreat 7722D326 5 Bytes JMP 006B0FC1
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wopen 7722D501 5 Bytes JMP 006B0FD2
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 776D39AB 5 Bytes JMP 006E0058
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 776D3BA9 5 Bytes JMP 006E003D
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 776D89C7 5 Bytes JMP 006E0000
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 776E391E 5 Bytes JMP 006E0FB6
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 776E41F1 5 Bytes JMP 006E0073
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 776E7C42 5 Bytes JMP 006E001B
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 776EE2B5 5 Bytes JMP 006E0FDB
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 776F7BA1 5 Bytes JMP 006E002C
.text C:\Windows\System32\svchost.exe[1128] WS2_32.dll!socket 77C636D1 5 Bytes JMP 00730FEF
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 77811929 5 Bytes JMP 0172006C
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 778119C9 5 Bytes JMP 01720F26
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 77811BF3 5 Bytes JMP 01720F01
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 77811C28 5 Bytes JMP 01720098
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 77811DC3 5 Bytes JMP 01720F5C
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 77812EF5 5 Bytes JMP 01720FB9
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 77815C0C 5 Bytes JMP 0172000A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreatePipe 77838E6E 5 Bytes JMP 01720047
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 77839109 5 Bytes JMP 01720F6D
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 77839362 5 Bytes JMP 0172002C
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 778394B4 5 Bytes JMP 01720F8A
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 778394DC 5 Bytes JMP 0172001B
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7783DBDA 5 Bytes JMP 01720F37
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 7785903B 5 Bytes JMP 01720EE6
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileW 7785AECB 5 Bytes JMP 01720FD4
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!CreateFileA 7785CE5F 5 Bytes JMP 01720FEF
.text C:\Windows\System32\svchost.exe[1220] kernel32.dll!WinExec 778A5CF7 5 Bytes JMP 01720087
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_wsystem 77227F2F 5 Bytes JMP 015B0040
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!system 7722804B 5 Bytes JMP 015B0FB5
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_creat 7722BBE1 5 Bytes JMP 015B0FC6
.text C:\Windows\System32\svchost.exe[1220] msvcrt.dll!_open&nb