Page 2 of 14 FirstFirst 12345612 ... LastLast
Results 11 to 20 of 136

Thread: Can't run HJT

  1. #11
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Do I need to copy and paste the Attach.txt file or zip it?
    Yes, post attach.txt too. You may paste contents in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #12
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    Here's the attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)


    ==== Disk Partitions =========================


    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    3D Groove Playback Engine
    Abacast Distributed Live
    Abacast Distributed On-Demand
    ABBYY FineReader 5.0 Sprint
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player 11
    Apple Mobile Device Support
    Apple Software Update
    Atari Arcade Hits 1
    Banctec Service Agreement
    Barbie(TM) as The Princess and the Pauper
    BitZipper 2009
    Bonjour
    Business Complete Care Services Agreement
    Camera Support Core Library
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DS for ZoomBrowser EX
    Canon Camera Window MC 5 for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon ZoomBrowser EX
    CCScore
    Charlie and the Chocolate Factory (remove only)
    Critical Update for Windows Media Player 11 (KB959772)
    Dangerous Mines Lite
    DAO
    Dell AIO Printer A940
    Dell Digital Jukebox Driver
    Dell Picture Studio - Dell Image Expert
    Dell Solution Center
    Dell Support Center
    DellSupport
    Diner Dash 2
    Disney's Toontown Online
    Disney Pirates of the Caribbean Online
    Disney Princess Royal Horse Show
    DVDSentry
    Easy CD Creator 5 Basic
    Emperor's Mahjong
    ESPNMotion
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSSONIC
    ESSTOOLS
    ESSvpaht
    ESSvpot
    FamilyFun edition of Disney Motion
    FaxTools
    Google Earth
    Google Toolbar for Internet Explorer
    Grandmaster Challenge
    Hardwood Solitaire III Lite
    Hawaiian Explorer Pearl Harbor 1.0.0.30
    HDView for Internet Explorer
    Help and Support Customization
    Hidden Expedition Titanic (remove only)
    HijackThis 2.0.2
    HLPIndex
    HLPRFO
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB970653-v3)
    ImageMixer VCD/DVD2 for OLYMPUS
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    InterActual Player
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_04
    Java(TM) 6 Update 3
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Jewel Quest (remove only)
    Kodak EasyShare software
    KSU
    Luxor - Quest for the Afterlife
    Luxor (remove only)
    Luxor 3
    Mall Tycoon 3
    McAfee SecurityCenter
    McAfee Virtual Technician
    Merriam-Webster Online Toolbar
    MiaMath
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 3.7
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Interactive Training
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    Microsoft Pandora's Box
    Microsoft Reader
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MovieEdit Task
    MSN Messenger 6.1
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    MUSICMATCH® Jukebox
    My Family Health Portrait
    My Wal-Mart Digital Photo Center
    Netflix Movie Viewer
    Notifier
    NVIDIA Drivers
    OLYMPUS Master
    OTtBPSDK
    Paint Shop Pro 7
    PCDADDIN
    PCDHELP
    PhotoStitch
    Poppit To Go
    PowerDVD
    Princess Fashion Boutique 2
    QuickTime
    RAW Image Task 2.1
    RealPlayer
    Rio Audio Manager
    RunAlyzer
    School Tycoon
    Search for the Secret Keys
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    SFR
    SHASTA
    Shockwave
    SKIN0001
    SKINXSDK
    Sound Blaster Live!
    SpongeBob SquarePants Diner Dash (remove only)
    SpongeBob SquarePants Employee of the Month
    SpongeBob SquarePants Krabby Quest (remove only)
    SpongeBob SquarePants Obstacle Odyssey (remove only)
    Spybot - Search & Destroy
    Study Helpers Math Booster
    Study Helpers Spelling Bee
    The Game of Life - SpongeBob SquarePants Edition
    UltimateBet
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Virtual Earth 3D (Beta)
    VPRINTOL
    WebFldrs XP
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WIRELESS
    Yahoo! Companion
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
    Yahoo! Widgets
    Zuma Deluxe 1.0

    ==== End Of File ===========================

  3. #13
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    I will try the GMER scan now.

  4. #14
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    I just finished running GMER and had a big problem. When the scan completed, it said it had detected rootkit problems but I could not use my mouse! It would not work at all. I hit enter for "ok", but could not move the cursor to copy the scan. I unplugged and then replugged my mouse back in, and the light on the mouse came on, but it did not work. Eventually, I had to turn my computer off and then on again, which means I lost the log. I'll restart GMER once again to scan a second time. If you know of a way to speed GMER up, let me know. If not, I'll just do it again.

    Thanks!

  5. #15
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    On the good side...I downloaded and ran GMER again and produced a log...YEA!!!

    On the weird side...my computer had a box open (in addition to the box stating I had rootkit activity) after the scan that said windows did not have the resources to complete the task. Don't know which task it's talking about. I could copy the log and I also could save it to my desktop, but I could not connect online to send it or post it. I couldn't print it either. But, since I saved it to my desktop, I shut down my computer and everything seems to be normal since restart.

    Hope this works!

    GMER 1.0.15.15077 [n9wk7u3k.exe] - http://www.gmer.net
    Rootkit scan 2009-08-31 20:57:18
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF588E4EA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF588E498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF588E4AC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF588E52A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF588E470]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF588E484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF588E4FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF588E4D6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF588E4C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF588E559]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF588E540]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF588E514]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F588E518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetInformationProcess 8056BDCD 5 Bytes JMP F588E4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F588E4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F588E544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F588E52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F588E474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F588E502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP F588E4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP F588E55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F588E488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcess 805B0B34 5 Bytes JMP F588E49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetContextThread 8062C4B3 5 Bytes JMP F588E4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ? win32k.sys:1 The system cannot find the file specified. !
    ? win32k.sys:2 The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E30FE5
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30090
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E3007F
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E30062
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E30051
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E3002C
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E30F76
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E300BE
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E300FE
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E300E3
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E3010F
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E30FAF
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E30000
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E300A1
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E30FCA
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E30011
    .text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E30F65
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00960036
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00960FCA
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00960FDB
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00960011
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00960087
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00960000
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00960062
    .text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00960051
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00950033
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00950022
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00950011
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00950FE3
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00950FB2
    .text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00950000
    .text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E7000A
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E70098
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E7007D
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E7006C
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E7005B
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E70FCA
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E700B5
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E70F6D
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E700F5
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E700DA
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E70F41
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E70FB9
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E70025
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E70F7E
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E70FDB
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E70036
    .text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E70F5C
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E60FB2
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E60F6B
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E60FC3
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E60FDE
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E60F7C
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E60FEF
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E6001E
    .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E60F97
    .text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0F89
    .text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0F9A
    .text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FAB
    .text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
    .text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FC6
    .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B50000
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30000
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A300A9
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30098
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A30087
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30FCA
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A3005B
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A30F88
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A30F99
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300FC
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A30F63
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A30F48
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A3006C
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A3001B
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A300C4
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A30040
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A30FE5
    .text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A300EB
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A20FC3
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A20F68
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A20FDE
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A20014
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A20025
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A20FEF
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A20F8D
    .text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A20F9E
    .text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10F89
    .text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10FA4
    .text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FC6
    .text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
    .text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FB5
    .text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FD7
    .text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00950FEF
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B3000A
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B30F7B
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30F96
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B30070
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B3005F
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B3004E
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B30F4D
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B30F6A
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B30F21
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B30F32
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B30F06
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B30FBD
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B3001B
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B3008B
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B3003D
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B3002C
    .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B300B0
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00B20FD4
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B20F83
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00B20025
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00B20014
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B20F94
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00B20FEF
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00B20FAF
    .text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00B20036
    .text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10FBE
    .text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B1003F
    .text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B1001D
    .text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10000
    .text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B1002E
    .text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FE3
    .text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B00000
    .text C:\Program Files\iTunes\iTunesHelper.exe[1072] GDI32.dll!GetHFONT + 51

  6. #16
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[1072] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[1072] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01710FEF
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0171007D
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01710F92
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0171006C
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01710051
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01710FAF
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 017100A9
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01710F61
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01710F3C
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 017100D5
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01710F21
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01710036
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01710FD4
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0171008E
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0171001B
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0171000A
    .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 017100BA
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 016F0047
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 016F0FB9
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 016F002C
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 016F0011
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 016F0FCA
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 016F0000
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 016F0FDB
    .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 016F0058
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 016E003D
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 016E0FBC
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 016E0018
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 016E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 016E0FCD
    .text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 016E0FDE
    .text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 016D0FE5
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01700000
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01700FEF
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01700025
    .text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01700FD4
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00900000
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00900F66
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0090005B
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00900040
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00900F8D
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00900FB9
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00900076
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00900F2E
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00900EEE
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00900087
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00900EDD
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00900F9E
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00900FE5
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00900F55
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00900025
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00900FD4
    .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00900F09
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008E001B
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008E0058
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008E0FCA
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008E000A
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008E0F9B
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008E0047
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008E0036
    .text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0FD4
    .text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FE5
    .text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0044
    .text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
    .text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0055
    .text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D001D
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 008F0FE5
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 008F0FCA
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 008F0FB9
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 008F0000
    .text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0000
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00640000
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00640F52
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00640F77
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00640F94
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00640051
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00640FB9
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00640F1F
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00640F30
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006400AE
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0064009D
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006400C9
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00640040
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00640FEF
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00640F41
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00640025
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00640FDE
    .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0064008C
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00630FB9
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00630F7C
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0063000A
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00630FDE
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00630039
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00630FEF
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00630F97
    .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00630FA8
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0062005F
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 0062004E
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00620018
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00620FEF
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0062003D
    .text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00620FDE
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 3 Bytes JMP 010C0000
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileA + 4 7C801A28 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 3 Bytes JMP 010C0F9E
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtectEx + 4 7C801A61 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 3 Bytes JMP 010C0089
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtect + 4 7C801AD4 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010C0078
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 3 Bytes JMP 010C005B
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExA + 4 7C801D53 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 3 Bytes JMP 010C0FB9
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryA + 4 7C801D7B 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E50 3 Bytes JMP 010C0F57
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoW + 4 7C801E54 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010C0F68
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 3 Bytes JMP 010C00D5
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessW + 4 7C802336 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 3 Bytes JMP 010C0F32
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessA + 4 7C80236B 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80ADB0 3 Bytes JMP 010C0F21
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetProcAddress + 4 7C80ADB4 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AE5B 3 Bytes JMP 010C004A
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryW + 4 7C80AE5F 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810770 3 Bytes JMP 010C0FDB
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileW + 4 7C810774 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 010C0F83
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 010C0FCA
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 010C0011
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 010C00BA
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 010B0FCD
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 010B0F8D
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 010B0FDE
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 010B0014
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 010B0054
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 010B0FEF
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 010B0FBC
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 010B0039
    .text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010A003D
    .text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!system 77C293C7 5 Bytes JMP 010A0FB2
    .text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010A0FDE
    .text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010A000C
    .text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010A0FCD
    .text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010A0FEF
    .text C:\WINDOWS\System32\svchost.exe[1256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01090FEF
    .text C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006E0079
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006E0F84
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006E005E
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006E004D
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006E0FBC
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006E0F4C
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006E0094
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006E0F16
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006E00AF
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006E0F05
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006E0FAB
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006E0FDE
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006E0F69
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006E0FCD
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006E001E
    .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006E0F31
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006D0014
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006D0036
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006D0FC3
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006D0FDE
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006D0F83
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006D0FEF
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006D0025
    .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006D0FA8
    .text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0FC3
    .text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0044
    .text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0FDE
    .text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C000C
    .text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0033
    .text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FEF
    .text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006B0FEF
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF0FE5
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CF00A9
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CF0098
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CF0FCA
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CF007D
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CF0047
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CF00D0
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CF0F88
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF00EB
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF0F5C
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CF0F37
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CF006C
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF000A
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CF0F99
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CF0036
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CF0025
    .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CF0F6D
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C20025
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C2005B
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C20FDE
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C20FEF
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C20040
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C2000A
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C20F9E
    .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C20FB9
    .text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FA4
    .text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FB5
    .text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FD7
    .text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000
    .text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FC6
    .text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10011
    .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00C4000A
    .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00C40FEF
    .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00C40FD4
    .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00C40FC3
    .text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BF0FE5
    .text c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] USER32.dll!TrackMouseEvent + 94

  7. #17
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B006E
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F83
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F94
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FA5
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0047
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F3A
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F4B
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0093
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0EFA
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0EE9
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0FCA
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FE5
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F68
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0036
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B001B
    .text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B0F1F
    .text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FB2
    .text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FC3
    .text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290029
    .text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FDE
    .text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029000C
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A001B
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FC0
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0000
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A0047
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0FE5
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0FAF
    .text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A002C
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2608] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2608] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E0FE5
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009E006C
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009E0F6D
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009E0F8A
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009E0F9B
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009E0033
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009E0F3A
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009E0F4B
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009E00D3
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009E00B8
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009E00EE
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009E0FB6
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009E0000
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009E0F5C
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009E0022
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009E0011
    .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009E00A7
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009D0FAF
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009D0036
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009D0FCA
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009D0FE5
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009D0025
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009D0000
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009D0F83
    .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009D0F94
    .text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0F9A
    .text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C001B
    .text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C0000
    .text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C0FE3
    .text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FAB
    .text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C0FD2

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\iTunes\iTunesHelper.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    IAT C:\Program Files\iTunes\iTunesHelper.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    IAT C:\Program Files\DellSupport\DSAgnt.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] 35672AAE
    IAT C:\Program Files\DellSupport\DSAgnt.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 35672A38
    IAT C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    IAT C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    IAT c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
    IAT c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll

  8. #18
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat F11C5C8A

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ---- Processes - GMER 1.0.15 ----

    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [248] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\SiteAdvisor\6172\SiteAdv.exe [608] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [992] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1072] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1088] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1256] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [1336] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [1348] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1888] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\LEXPPS.EXE [1900] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2212] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [2264] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ c:\program files\common files\mcafee\mna\mcnasvc.exe [2564] 0x35670000
    Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2608] 0x35670000

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

    ---- Files - GMER 1.0.15 ----

    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2029\A0144163.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2029\A0144178.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2030\A0144241.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2030\A0145240.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2031\A0145259.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2032\A0145279.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2034\A0145328.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2034\A0145364.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2035\A0145450.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2036\A0145466.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2037\A0145479.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2038\A0145505.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2039\A0145517.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2039\A0146517.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2040\A0146534.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2041\A0146547.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2042\A0146565.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2043\A0146583.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2044\A0146593.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2045\A0146608.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2046\A0146621.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2047\A0146633.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2048\A0146645.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2050\A0146660.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2051\A0146683.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2052\A0146697.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2053\A0146715.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2054\A0146734.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2055\A0146749.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2055\A0147749.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2056\A0147768.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2057\A0147784.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2058\A0147798.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2060\A0147816.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2061\A0147839.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2061\A0148839.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2005\A0136877.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2005\A0136893.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2005\A0136989.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2006\A0137058.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2008\A0138049.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2008\A0138059.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2009\A0138075.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139075.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139099.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139110.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139137.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139150.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140156.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140219.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140173.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140232.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2014\A0141268.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2014\A0141233.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2014\A0141279.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0141308.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0142306.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0142327.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0142355.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2016\A0143353.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2017\A0143385.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2017\A0143404.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2018\A0143421.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2018\A0143446.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2019\A0143491.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2019\A0143507.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2021\A0143532.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2021\A0143557.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2021\A0143574.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2022\A0143617.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143650.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143635.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143677.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143696.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2024\A0143714.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2024\A0143724.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2024\A0143741.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2025\A0143760.sys:1 8192 bytes executable
    ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2027\A0144136.sys:1 8192 bytes executable
    File C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Wave\U2L3CR.WAV 0 bytes
    File C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Wave\U4L1DR.WAV 0 bytes

    ---- EOF - GMER 1.0.15 ----

  9. #19
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #20
    Senior Member
    Join Date
    Jul 2009
    Posts
    101

    Default

    Downloaded and tried to run. I received and error message that said it encountered a problem and needed to close. I'll try again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •