Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

think i got hit with spyware protect 2009


  • Please log in to reply
8 replies to this topic

#1 fscguy

fscguy

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 09 March 2009 - 05:14 PM

i think i got hit with spyware protect 2009. i could use some help to get it off my computer. i think i have some adware also. i am running windows xp and using firefox if that helps.

Edited by fscguy, 09 March 2009 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:23 PM

Posted 09 March 2009 - 06:34 PM

Hi and welcome to BleepingComputer :thumbsup:

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 09 March 2009 - 08:03 PM

thank you. after i restarted it found no malware. what should i do next?

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:23 PM

Posted 09 March 2009 - 09:06 PM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.


If you have any problems, let us know.
For your next post, I will be looking for a SDFix log.

Thanks

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 11 March 2009 - 05:09 PM

here is the log



SDFix: Version 1.240
Run by jam on Wed 03/11/2009 at 06:01 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1213745417\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"="C:\\WINDOWS\\system32\\wbem\\unsecapp.exe:*:Enabled:unsecapp"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:services"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\svcho.exe"="C:\\WINDOWS\\svcho.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"

Remaining Files :



Files with Hidden Attributes :

Tue 3 Jun 2008 46,432 A..H. --- "C:\Program Files\AOL 9.1\AOLphx.exe"
Tue 3 Jun 2008 54,624 A..H. --- "C:\Program Files\AOL 9.1\AOLphxex.exe"
Tue 3 Jun 2008 33,120 A..H. --- "C:\Program Files\AOL 9.1\rbm.exe"
Wed 2 May 2007 146,432 ..SHR --- "C:\Program Files\Sprint music manager\Setup.exe"
Thu 22 Feb 2007 53,248 A.SHR --- "C:\Program Files\Sprint music manager\_Setupx.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 8 Mar 2009 86,016 A.SH. --- "C:\WINDOWS\system32\fupibaka.dll"
Mon 9 Mar 2009 123,392 A.SH. --- "C:\WINDOWS\system32\ifmyks.dll"
Sun 8 Mar 2009 86,016 A.SH. --- "C:\WINDOWS\system32\jeruroni.dll"
Sun 8 Mar 2009 123,392 A.SH. --- "C:\WINDOWS\system32\lisabavo.dll"
Mon 9 Mar 2009 123,392 A.SH. --- "C:\WINDOWS\system32\wekoperi.dll"
Sun 8 Mar 2009 123,392 A.SH. --- "C:\WINDOWS\system32\xhxkvp.dll"
Wed 16 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Feb 2009 20,688 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sat 14 Feb 2009 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Tue 19 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 28 Dec 2008 10,361,984 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8982e7ae7b29351ffbb2833f0ab82ed1\BITBEB.tmp"
Wed 16 Jul 2008 20 A..H. --- "C:\Documents and Settings\jam\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 17 Jun 2008 96,072 ...H. --- "C:\Program Files\Common Files\AOL\TopSpeed\3.0\WBUnins.exe"
Thu 22 Jan 2009 20,326 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\download\BIT1F.tmp"
Mon 9 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 9 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Mon 9 Jun 2008 8 A..H. --- "C:\Documents and Settings\jam\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"

Finished!

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:23 PM

Posted 12 March 2009 - 11:20 AM

Lets see if anything is left out there.

Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 12 March 2009 - 06:43 PM

i couldnt run superantispy. it says the administrator set polices against the installation. i was using the admin login.

#8 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:23 PM

Posted 13 March 2009 - 11:43 AM

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#9 fscguy

fscguy
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 13 March 2009 - 07:41 PM

here is the log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-13 20:38:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8C10]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB019C44A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB019C4F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB019C523]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB019C591]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB019C57B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB019C48A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB019C5BD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB019C4CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB019C3D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB019C3E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB019C45E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB019C5F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB019C565]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB019C54F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB019C50D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB019C5E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB019C5D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB019C436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB019C422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB019C4B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB019C5A7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB019C4A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB019C474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AB0 7 Bytes JMP B019C478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F8E 5 Bytes JMP B019C44E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E36 7 Bytes JMP B019C48E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C44 5 Bytes JMP B019C4A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7216 7 Bytes JMP B019C462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA150 5 Bytes JMP B019C3D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3DC 5 Bytes JMP B019C3E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCB9A 5 Bytes JMP B019C426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0430 5 Bytes JMP B019C43A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D167A 5 Bytes JMP B019C4BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80620638 7 Bytes JMP B019C553 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80620986 5 Bytes JMP B019C5D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620F06 7 Bytes JMP B019C5AB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062174C 7 Bytes JMP B019C569 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621FA4 7 Bytes JMP B019C511 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80622A0E 7 Bytes JMP B019C4FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622BDE 7 Bytes JMP B019C527 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DBE 7 Bytes JMP B019C595 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80623028 7 Bytes JMP B019C57F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80623914 5 Bytes JMP B019C4D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80623C38 7 Bytes JMP B019C5FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062415E 5 Bytes JMP B019C5E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80624278 5 Bytes JMP B019C5C1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00830FE5
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00830064
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00830053
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00830F79
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00830036
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0083001B
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00830F28
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00830F43
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008300A9
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00830F06
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00830EF5
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00830F94
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00830F54
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00830FAF
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00830FC0
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00830F17
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00820076
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00820FE5
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0082001B
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0082005B
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0082004A
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00820FC3
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C60091
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C60076
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C60FA8
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C60FB9
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C60040
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C600E4
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C600C9
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C60F77
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C60110
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C6012B
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C6005B
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C600A2
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C60FDE
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C6002F
.text C:\WINDOWS\Explorer.EXE[572] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C600F5
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B10040
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B1009B
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B1002F
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B1000A
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B10FDE
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B10080
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\Explorer.EXE[572] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B10065
.text C:\WINDOWS\Explorer.EXE[572] WININET.dll!InternetOpenW 771BAED5 5 Bytes JMP 00AF0014
.text C:\WINDOWS\Explorer.EXE[572] WININET.dll!InternetOpenA 771C574E 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\Explorer.EXE[572] WININET.dll!InternetOpenUrlA 771C5A01 5 Bytes JMP 00AF0FDE
.text C:\WINDOWS\Explorer.EXE[572] WININET.dll!InternetOpenUrlW 771D5B4A 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\Explorer.EXE[572] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AE0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[936] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[936] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0097006C
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00970F77
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00970051
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00970040
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00970F9E
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00970F3F
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00970087
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00970F09
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009700A2
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00970EF8
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00970025
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00970F5C
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00970F24
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00960FCA
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00960047
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00960F8A
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00960FAF
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00960036
.text C:\WINDOWS\system32\services.exe[1064] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CD0F5A
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CD0F6B
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CD0F7C
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CD0F8D
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CD0F3D
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CD0085
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CD00AA
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CD0F11
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00CD00C5
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00CD0074
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00CD0F2C
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CC0FB9
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CC0F79
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CC0F9E
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\lsass.exe[1076] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009B0F57
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009B0F68
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009B0F83
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009B0F94
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009B0F2B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009B0073
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009B0EFF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009B0F10
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009B0EDA
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009B0F3C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009B008E
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009A002C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009A0F6F
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009A0FDB
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009A0011
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009A0F80
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009A0FA5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009A0FC0
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C4004C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C40F57
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C40F68
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C40F79
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C40FA5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C40F1A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C40F2B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C4008E
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C4007D
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C40EDA
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C40F8A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C40F3C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C40011
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C40EFF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C30FAF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C3004A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C30FCA
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C30F8D
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C30025
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C30F9E
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02800FE5
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0280007D
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02800062
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02800051
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02800F94
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02800FAF
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 028000AB
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0280009A
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02800F23
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02800F3E
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 028000E1
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02800036
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02800000
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02800F63
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02800FD4
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02800025
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 028000BC
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 027F0025
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 027F0F91
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 027F0000
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 027F0FCA
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 027F0058
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 027F0047
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 027F0FE5
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 027F0036
.text C:\WINDOWS\System32\svchost.exe[1352] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01360FE5
.text C:\WINDOWS\System32\svchost.exe[1352] WININET.dll!InternetOpenW 771BAED5 5 Bytes JMP 0137000A
.text C:\WINDOWS\System32\svchost.exe[1352] WININET.dll!InternetOpenA 771C574E 5 Bytes JMP 01370FEF
.text C:\WINDOWS\System32\svchost.exe[1352] WININET.dll!InternetOpenUrlA 771C5A01 5 Bytes JMP 01370FD4
.text C:\WINDOWS\System32\svchost.exe[1352] WININET.dll!InternetOpenUrlW 771D5B4A 5 Bytes JMP 01370FC3
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00800F69
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0080005E
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00800043
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00800F86
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00800FA1
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0080009E
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00800F58
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00800F16
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00800F3B
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008000D4
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00800032
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00800FDE
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00800083
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00800FB2
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00800FCD
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008000AF
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 007F0076
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 007F005B
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 007F004A
.text C:\WINDOWS\system32\svchost.exe[1476] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D0000
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B30FE5
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B30F8F
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30084
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B30073
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B30FB6
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B3003D
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B300BA
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B30F7E
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B30F2B
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B30F3C
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B30F1A
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B3004E
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B3009F
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B3002C
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B30011
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B30F57
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B20FD4
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B20065
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B20025
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B20FA8
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B20FB9
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B20040
.text C:\WINDOWS\system32\svchost.exe[1500] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenW 771BAED5 5 Bytes JMP 00B00FDE
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenA 771C574E 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenUrlA 771C5A01 5 Bytes JMP 00B00FC1
.text C:\WINDOWS\system32\svchost.exe[1500] WININET.dll!InternetOpenUrlW 771D5B4A 5 Bytes JMP 00B0001E
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00700F99
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00700FB4
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0070008E
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0070007D
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0070005B
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007000BF
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00700F77
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00700F44
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00700F55
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007000F8
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0070006C
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00700F88
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00700036
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00700025
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00700F66
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006F0022
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006F0044
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006F0011
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006F0033
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006F0F9B
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006F0FB6
.text C:\WINDOWS\System32\svchost.exe[1640] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00700FE5
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00700F94
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00700FAF
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00700093
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00700076
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00700040
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007000C1
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007000B0
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007000ED
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00700F54
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00700F39
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0070005B
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00700F83
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0070002F
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007000D2
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006F002F
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006F0054
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006F0014
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006F0FDE
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006F0FA1
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006F0FB2
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006F0FCD
.text C:\WINDOWS\System32\svchost.exe[2224] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F73
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F84
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B005E
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FA1
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F47
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F62
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00CF
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00BE
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B00E0
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B008D
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B001E
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2304] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B0F36
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002B0065
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002B0014
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002B0054
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002B0039
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2304] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002B0FB2
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00990F77
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0099006C
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00990F92
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00990FB9
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00990098
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00990F46
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00990F10
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009900A9
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009900C4
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00990040
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0099001B
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0099007D
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00990FCA
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00990FDB
.text C:\WINDOWS\system32\svchost.exe[3544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00990F35
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0098003D
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00980FC0
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0098002C
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00980011
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0098007D
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00980FDB
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[3544] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00980058
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F83
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0078
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F37
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00BC
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00AB
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0EFE
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0089
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\svchost.exe[4784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A009A
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F8D
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FA8
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FB9
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\svchost.exe[4784] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\svchost.exe[4784] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[4784] WININET.dll!InternetOpenW 771BAED5 5 Bytes JMP 00B80014
.text C:\WINDOWS\system32\svchost.exe[4784] WININET.dll!InternetOpenA 771C574E 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[4784] WININET.dll!InternetOpenUrlA 771C5A01 5 Bytes JMP 00B80031
.text C:\WINDOWS\system32\svchost.exe[4784] WININET.dll!InternetOpenUrlW 771D5B4A 5 Bytes JMP 00B80042

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[4888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat AB421C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52E0C88156D3CAD4C9004738BF4A7CBE\Usage@statusexe 980223619

---- EOF - GMER 1.0.14 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users