Can't run HJT

W

wonder

New member
Hi,
Below is (hopefully) the link to my earlier post today which describes the problems I have been having with my computer. I have never tried to link to another thread, so I may not have done this right.


http://forums.spybot.info/showthread.php?t=51234

Here is the name of the post, just in case the link doesn't work right:

"google redirect, spybot won't run, etc."


I have read and tried to follow the directions on "BEFORE you POST". As stated in my earlier thread I am not able to disable TeaTimer by accessing Spybot. So I didn't try to get an HJT log created and posted on that post because the "Before you Post" said to disable TeaTimer first.

Since that earlier post, I decided to download and install HJT anyway and hopefully that won't create a problem. I followed the directions on "Before you Post" but after installing and clicking on "Do a system scan..." the program apparently did not work right. It seemed to be scanning, but then the program closed and I don't know if a log was created or not. I don't see one anywhere.

If you need me too, I can just copy and paste my previous post - if that would be easier. I would greatly appreciate any help with this!

Thank you!
 
Last edited by a moderator:
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
Hi Blade81!
I am not familiar with computer terms but willing to learn. Could you tell me what a script blocker is?
I appreciate your help!
 
Hi,

Some protection software has script blockers to prevent malicious scripts from running. Unfortunately, that may prevent run of non malicious one too.

You may not have script blocker there but disable your antivirus program before running DDS :)
 
Hello
McAfee is not working on my computer. It tries to update and then says to reinstall the program, so I'm assuming the script blocker for that isn't working anyway. Do I need to disable the TeaTimer somehow?
 
Hopefully I did this right. I opened McAfee's Security Center (even though it is supposedly not working) and clicked on "Advanced Menu" and then "Computer and Files". Spyware protection and System Guard protection are both selected as "on". I selected "off" for "Script Scanning Protection". Now it says script scanning is diabled.

Do I need to move Spyware protection and System Guard protection to off also?

And do I need to stop the Teatimer?

Thanks!
 
Do I need to move Spyware protection and System Guard protection to off also?
Click to expand...
Please do.

And do I need to stop the Teatimer?
Click to expand...
TeaTimer won't prevent DDS from running but we can disable it now since it would be needed to disable it during the process anyway.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer
 
One of the issues I have is that I am unable to get Spybot to run. I have "Spybot-SD Resident" on my taskbar. I can right click on it and the menu has the option to "run spybot-S&D" but nothing happens when I click on it. When I click on the Spybot icon on my desktop, it tell me that I may not have appropriate permissions to access.
 
Okay, here is the dds.txt file. Do I need to copy and paste the Attach.txt file or zip it? The instructions said not to post it unless specifically requested.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Mary at 9:10:53.51 on Mon 08/31/2009
Internet Explorer: 7.0.5730.13

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy162-8-10-2009\SDHelper.dll
BHO: c:\windows\system32\ghaf8jkdfd.dll: {a36d2a01-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\ghaf8jkdfd.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_19_0.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll
TB: Merriam-Webster Online: {b7b76dd6-b6f0-4443-af81-6a3ecf12a57d} - c:\windows\_MWOLTB.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {11359F4A-B191-42D7-905A-594F8CF0387B} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [AbacastDistributedOnDemand:11] c:\documents and settings\mary\local settings\application data\abacastdistributedondemand\node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [mswindows restore service] c:\docume~1\mary\locals~1\temp\w2ovzh.exe
uRun: [Windows System Recover!] c:\docume~1\mary\locals~1\temp\1158995548.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy162-8-10-2009\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.msnbc.msn.com/id/20044245/ns/entertainment-comics_games_news_of_the_weird/?cat=uj"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Atari Launcher] c:\program files\hasbro interactive\atari arcade hits 1\Atari icon.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\documents and settings\mary\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-explorer: <NO NAME> =
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\mary\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy162-8-10-2009\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,73/mcinsctl.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156782442455
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-46c60f1cf692a806.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.37.7/ttinst.cab
DPF: {C487F60B-59B9-47D9-BFDF-AB26786F8823} - hxxp://zone.msn.com/bingame/zpagames/zpa_stoo.cab62201.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {93371bdd-9a5e-4ab6-a81c-16ec87c7bbb2} -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\ghaf8jkdfd.dll: {a36d2a01-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\ghaf8jkdfd.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXNDUOE

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-28 12:34 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 08:24 <DIR> --d----- c:\docume~1\mary\applic~1\EurekaLog
2009-08-10 09:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-08-10 09:53 <DIR> --d----- c:\program files\Citrix
2009-08-10 09:52 61,224 a------- c:\documents and settings\mary\GoToAssistDownloadHelper.exe
2009-08-10 07:11 <DIR> --d----- c:\program files\Spybot - Search & Destroy162-8-10-2009
2009-08-07 01:35 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-07 01:33 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 01:33 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-07 01:33 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 01:33 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-07 01:33 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 01:33 <DIR> --d----- C:\6ac41002c281cabaddbad3
2009-08-07 01:33 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-07 01:33 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 01:27 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-06 21:24 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-08-05 09:35 <DIR> --d----- c:\docume~1\mary\applic~1\BitZipper
2009-08-05 09:35 <DIR> --d----- c:\program files\BitZipper
2009-08-04 17:02 <DIR> --d----- c:\windows\system32\CatRoot

==================== Find3M ====================

2009-08-26 08:11 77,688 a------- c:\docume~1\mary\applic~1\GDIPFONTCACHEV1.DAT
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\dllcache\quartz.dll

============= FINISH: 9:12:15.14 ===============
 
Here's the attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


3D Groove Playback Engine
Abacast Distributed Live
Abacast Distributed On-Demand
ABBYY FineReader 5.0 Sprint
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Atari Arcade Hits 1
Banctec Service Agreement
Barbie(TM) as The Princess and the Pauper
BitZipper 2009
Bonjour
Business Complete Care Services Agreement
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCScore
Charlie and the Chocolate Factory (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Dangerous Mines Lite
DAO
Dell AIO Printer A940
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
Diner Dash 2
Disney's Toontown Online
Disney Pirates of the Caribbean Online
Disney Princess Royal Horse Show
DVDSentry
Easy CD Creator 5 Basic
Emperor's Mahjong
ESPNMotion
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
ESSvpaht
ESSvpot
FamilyFun edition of Disney Motion
FaxTools
Google Earth
Google Toolbar for Internet Explorer
Grandmaster Challenge
Hardwood Solitaire III Lite
Hawaiian Explorer Pearl Harbor 1.0.0.30
HDView for Internet Explorer
Help and Support Customization
Hidden Expedition Titanic (remove only)
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest (remove only)
Kodak EasyShare software
KSU
Luxor - Quest for the Afterlife
Luxor (remove only)
Luxor 3
Mall Tycoon 3
McAfee SecurityCenter
McAfee Virtual Technician
Merriam-Webster Online Toolbar
MiaMath
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Pandora's Box
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0
MovieEdit Task
MSN Messenger 6.1
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MUSICMATCH® Jukebox
My Family Health Portrait
My Wal-Mart Digital Photo Center
Netflix Movie Viewer
Notifier
NVIDIA Drivers
OLYMPUS Master
OTtBPSDK
Paint Shop Pro 7
PCDADDIN
PCDHELP
PhotoStitch
Poppit To Go
PowerDVD
Princess Fashion Boutique 2
QuickTime
RAW Image Task 2.1
RealPlayer
Rio Audio Manager
RunAlyzer
School Tycoon
Search for the Secret Keys
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
Sound Blaster Live!
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Employee of the Month
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
Spybot - Search & Destroy
Study Helpers Math Booster
Study Helpers Spelling Bee
The Game of Life - SpongeBob SquarePants Edition
UltimateBet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Earth 3D (Beta)
VPRINTOL
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Companion
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Widgets
Zuma Deluxe 1.0

==== End Of File ===========================
 
I just finished running GMER and had a big problem. When the scan completed, it said it had detected rootkit problems but I could not use my mouse! It would not work at all. I hit enter for "ok", but could not move the cursor to copy the scan. I unplugged and then replugged my mouse back in, and the light on the mouse came on, but it did not work. Eventually, I had to turn my computer off and then on again, which means I lost the log. I'll restart GMER once again to scan a second time. If you know of a way to speed GMER up, let me know. If not, I'll just do it again.

Thanks!
 
On the good side...I downloaded and ran GMER again and produced a log...YEA!!!

On the weird side...my computer had a box open (in addition to the box stating I had rootkit activity) after the scan that said windows did not have the resources to complete the task. Don't know which task it's talking about. I could copy the log and I also could save it to my desktop, but I could not connect online to send it or post it. I couldn't print it either. But, since I saved it to my desktop, I shut down my computer and everything seems to be normal since restart.

Hope this works!

GMER 1.0.15.15077 [n9wk7u3k.exe] - http://www.gmer.net
Rootkit scan 2009-08-31 20:57:18
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF588E4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF588E498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF588E4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF588E52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF588E470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF588E484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF588E4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF588E4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF588E4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF588E559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF588E540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF588E514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F588E518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BDCD 5 Bytes JMP F588E4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F588E4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F588E544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F588E52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F588E474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F588E502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP F588E4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP F588E55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F588E488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0B34 5 Bytes JMP F588E49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C4B3 5 Bytes JMP F588E4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30090
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E3007F
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E30062
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E30051
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E3002C
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E30F76
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E300BE
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E300FE
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E300E3
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E3010F
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E30FAF
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E300A1
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E30FCA
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E30011
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E30F65
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00960036
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00960FCA
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00960FDB
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00960011
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00960087
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00960062
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00960051
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00950033
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00950022
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00950011
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00950FE3
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00950FB2
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E70098
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E7007D
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E7006C
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E7005B
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E70FCA
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E700B5
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E70F6D
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E700F5
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E700DA
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E70F41
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E70FB9
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E70F7E
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E70FDB
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E70F5C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E60FB2
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E60F6B
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E60FC3
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E60F7C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E6001E
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E60F97
.text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0F89
.text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0F9A
.text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FAB
.text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FC6
.text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A300A9
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30098
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A30087
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A3005B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A30F88
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A30F99
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300FC
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A30F63
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A30F48
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A3006C
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A3001B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A300C4
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A30040
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A30FE5
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A300EB
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A20FC3
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A20F68
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A20014
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A20025
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A20F8D
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A20F9E
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10F89
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10FA4
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FC6
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FB5
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FD7
.text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B3000A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B30F7B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30F96
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B30070
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B3005F
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B3004E
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B30F4D
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B30F6A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B30F21
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B30F32
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B30F06
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B30FBD
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B3008B
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B3003D
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B3002C
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B300B0
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00B20FD4
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00B20F83
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00B20025
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00B20014
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00B20F94
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00B20FAF
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00B20036
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10FBE
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B1003F
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B1001D
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B1002E
.text C:\WINDOWS\system32\svchost.exe[992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FE3
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B00000
.text C:\Program Files\iTunes\iTunesHelper.exe[1072] GDI32.dll!GetHFONT + 51
 
77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1072] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1072] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01710FEF
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0171007D
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01710F92
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0171006C
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01710051
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01710FAF
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 017100A9
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01710F61
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01710F3C
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 017100D5
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01710F21
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01710036
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01710FD4
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0171008E
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0171001B
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0171000A
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 017100BA
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 016F0047
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 016F0FB9
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 016F002C
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 016F0011
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 016F0FCA
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 016F0000
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 016F0FDB
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 016F0058
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 016E003D
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 016E0FBC
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 016E0018
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 016E0FEF
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 016E0FCD
.text C:\WINDOWS\System32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 016E0FDE
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 016D0FE5
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 01700000
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 01700FEF
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 01700025
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 01700FD4
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00900F66
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0090005B
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00900040
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00900F8D
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00900FB9
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00900076
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00900F2E
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00900EEE
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00900087
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00900EDD
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00900F9E
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00900FE5
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00900F55
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00900025
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00900F09
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008E001B
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008E0058
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008E000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008E0F9B
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008E0047
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008E0036
.text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0044
.text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
.text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0055
.text C:\WINDOWS\System32\svchost.exe[1144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D001D
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 008F0FE5
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 008F0FCA
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 008F0FB9
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 008F0000
.text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00640F52
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00640F77
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00640F94
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00640051
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00640F1F
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00640F30
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006400AE
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0064009D
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006400C9
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00640F41
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0064008C
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00630FB9
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00630F7C
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00630039
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00630F97
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00630FA8
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0062005F
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 0062004E
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00620018
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00620FEF
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0062003D
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00620FDE
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 3 Bytes JMP 010C0000
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileA + 4 7C801A28 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 3 Bytes JMP 010C0F9E
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtectEx + 4 7C801A61 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 3 Bytes JMP 010C0089
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtect + 4 7C801AD4 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010C0078
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 3 Bytes JMP 010C005B
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExA + 4 7C801D53 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 3 Bytes JMP 010C0FB9
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryA + 4 7C801D7B 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E50 3 Bytes JMP 010C0F57
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoW + 4 7C801E54 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010C0F68
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 3 Bytes JMP 010C00D5
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessW + 4 7C802336 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 3 Bytes JMP 010C0F32
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessA + 4 7C80236B 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80ADB0 3 Bytes JMP 010C0F21
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetProcAddress + 4 7C80ADB4 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AE5B 3 Bytes JMP 010C004A
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryW + 4 7C80AE5F 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810770 3 Bytes JMP 010C0FDB
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileW + 4 7C810774 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 010C0F83
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 010C0FCA
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 010C0011
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 010C00BA
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 010B0FCD
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 010B0F8D
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 010B0FDE
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 010B0014
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 010B0054
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 010B0FEF
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 010B0FBC
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 010B0039
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010A003D
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!system 77C293C7 5 Bytes JMP 010A0FB2
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010A0FDE
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010A000C
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010A0FCD
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\System32\svchost.exe[1256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01090FEF
.text C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006E0079
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006E0F84
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006E005E
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006E004D
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006E0FBC
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006E0F4C
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006E0094
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006E0F16
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006E00AF
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006E0F05
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006E0FAB
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006E0FDE
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006E0F69
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006E0FCD
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006E001E
.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006E0F31
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006D0014
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006D0036
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006D0FC3
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006D0FDE
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006D0F83
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006D0025
.text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006D0FA8
.text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0FC3
.text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0044
.text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0FDE
.text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0033
.text C:\WINDOWS\System32\svchost.exe[1380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CF00A9
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CF0098
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CF007D
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CF0047
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CF00D0
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CF0F88
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF00EB
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF0F5C
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CF0F37
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CF006C
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CF0F99
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CF0036
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CF0025
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CF0F6D
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C20025
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C2005B
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C20040
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C20F9E
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FA4
.text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FB5
.text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FD7
.text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000
.text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FC6
.text C:\WINDOWS\Explorer.EXE[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10011
.text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BF0FE5
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] USER32.dll!TrackMouseEvent + 94
 
7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B006E
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F83
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F94
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F3A
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0093
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0EFA
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0EE9
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F68
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2588] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B0F1F
.text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FB2
.text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FC3
.text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290029
.text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FDE
.text C:\WINDOWS\system32\wuauclt.exe[2588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FC0
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2588] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A002C
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2608] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2608] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009E006C
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009E0F6D
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009E0F8A
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009E0F9B
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009E0033
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009E0F3A
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009E0F4B
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009E00D3
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009E00B8
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009E00EE
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009E0FB6
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009E0000
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009E0F5C
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009E0022
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009E0011
.text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009E00A7
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009D0036
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009D0025
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009D0000
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009D0F83
.text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009D0F94
.text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0F9A
.text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C001B
.text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C0FE3
.text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FAB
.text C:\WINDOWS\System32\svchost.exe[3224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C0FD2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\iTunes\iTunesHelper.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
IAT C:\Program Files\DellSupport\DSAgnt.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] 35672AAE
IAT C:\Program Files\DellSupport\DSAgnt.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 35672A38
IAT C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
IAT C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
IAT c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
IAT c:\program files\common files\mcafee\mna\mcnasvc.exe[2564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\EEF508EC.x86.dll
 
---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat F11C5C8A

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [248] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\SiteAdvisor\6172\SiteAdv.exe [608] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [992] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1072] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1088] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1256] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Documents and Settings\Mary\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [1336] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [1348] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1888] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\LEXPPS.EXE [1900] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2212] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [2264] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ c:\program files\common files\mcafee\mna\mcnasvc.exe [2564] 0x35670000
Library \\?\globalroot\Device\__max++>\EEF508EC.x86.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2608] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2029\A0144163.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2029\A0144178.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2030\A0144241.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2030\A0145240.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2031\A0145259.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2032\A0145279.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2034\A0145328.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2034\A0145364.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2035\A0145450.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2036\A0145466.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2037\A0145479.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2038\A0145505.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2039\A0145517.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2039\A0146517.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2040\A0146534.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2041\A0146547.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2042\A0146565.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2043\A0146583.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2044\A0146593.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2045\A0146608.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2046\A0146621.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2047\A0146633.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2048\A0146645.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2050\A0146660.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2051\A0146683.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2052\A0146697.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2053\A0146715.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2054\A0146734.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2055\A0146749.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2055\A0147749.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2056\A0147768.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2057\A0147784.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2058\A0147798.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2060\A0147816.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2061\A0147839.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2061\A0148839.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2005\A0136877.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2005\A0136893.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2005\A0136989.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2006\A0137058.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2008\A0138049.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2008\A0138059.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2009\A0138075.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139075.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139099.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139110.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139137.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2010\A0139150.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140156.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140219.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140173.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2011\A0140232.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2014\A0141268.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2014\A0141233.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2014\A0141279.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0141308.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0142306.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0142327.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2015\A0142355.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2016\A0143353.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2017\A0143385.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2017\A0143404.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2018\A0143421.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2018\A0143446.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2019\A0143491.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2019\A0143507.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2021\A0143532.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2021\A0143557.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2021\A0143574.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2022\A0143617.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143650.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143635.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143677.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2023\A0143696.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2024\A0143714.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2024\A0143724.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2024\A0143741.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2025\A0143760.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2027\A0144136.sys:1 8192 bytes executable
File C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Wave\U2L3CR.WAV 0 bytes
File C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Wave\U4L1DR.WAV 0 bytes

---- EOF - GMER 1.0.15 ----
 
Hi again,

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
 
Downloaded and tried to run. I received and error message that said it encountered a problem and needed to close. I'll try again.
 
You must log in or register to reply here.
Back
Top