GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-21 00:06:40 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3500320AS rev.SD15 Running: gmer_1.0.15.15641.exe; Driver: C:\DOCUME~1\MOSLEY~1\LOCALS~1\Temp\afpdraow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA441640] Code szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwSetSecurityObject [0xBA0ACE24] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous Code szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) NtSetSecurityObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAEA0 5 Bytes JMP AA6019F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF828 5 Bytes JMP AA601DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) PAGE ntkrnlpa.exe!NtSetSecurityObject 805BE9BA 5 Bytes JMP BA0ACE28 szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8BC8000, 0x2C8F24, 0xE8000020] init C:\WINDOWS\system32\drivers\fixustor.sys entry point in "init" section [0xBA626E12] ? C:\DOCUME~1\MOSLEY~1\LOCALS~1\Temp\frueirke.sys The system cannot find the file specified. ! .text ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes [E9, 19, A4, A1, A3] {JMP 0xffffffffa3a1a41e} .text ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes [E9, EC, CF, A0, A3] {JMP 0xffffffffa3a0cff1} .text ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes [E9, 48, 1D, A1, A3] {JMP 0xffffffffa3a11d4d} ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\Ati2evxx.exe[224] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\WINDOWS\system32\Ati2evxx.exe[224] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\WINDOWS\system32\Ati2evxx.exe[224] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\WINDOWS\system32\Ati2evxx.exe[224] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\WINDOWS\system32\spoolsv.exe[492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\WINDOWS\system32\spoolsv.exe[492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\WINDOWS\system32\spoolsv.exe[492] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\WINDOWS\system32\spoolsv.exe[492] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 201529B8 .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20152CE2 .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!send 71AB428A 5 Bytes JMP 2015296A .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20152E3F .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20152C73 .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20152D57 .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20152FFB .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20152F1A .text C:\WINDOWS\system32\spoolsv.exe[492] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20152DC8 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[552] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 20121610 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 201268E0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 20126860 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 201268A0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 20126050 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 20126110 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 20125FF0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 20127DF0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 20127EB0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 20127B20 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 20126750 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 201267C0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 20125DA0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 20125D70 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 20127D20 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!PeekMessageA 7E41C96C 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 20126170 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 20127B60 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 20125E30 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 20125F40 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 20126920 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 20126800 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 20127D60 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 20127E50 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 20127F10 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 20127BA0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 20127A80 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 20127B00 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 201260B0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!GetUpdateRgn 7E42F5AC 5 Bytes JMP 201269C0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 20127C20 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 20127CA0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 20127BE0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 20127C60 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 20127CE0 .text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 20125DF0 .text C:\WINDOWS\System32\GEARSec.exe[788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\WINDOWS\System32\GEARSec.exe[788] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\WINDOWS\System32\GEARSec.exe[788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\WINDOWS\System32\GEARSec.exe[788] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Documents and Settings\Mosley Family\Desktop\gmer_1.0.15.15641.exe[804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Documents and Settings\Mosley Family\Desktop\gmer_1.0.15.15641.exe[804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Documents and Settings\Mosley Family\Desktop\gmer_1.0.15.15641.exe[804] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Documents and Settings\Mosley Family\Desktop\gmer_1.0.15.15641.exe[804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 201529B8 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20152CE2 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!send 71AB428A 5 Bytes JMP 2015296A .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20152E3F .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20152C73 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20152D57 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20152FFB .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20152F1A .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20152DC8 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetCloseHandle 3D944261 5 Bytes JMP 201544EC .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2015491C .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20154949 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20154861 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20154542 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20153CF3 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20154976 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20153B9D .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20153DB5 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20153D54 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20154746 .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2015469F .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2015499D .text C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe[868] wininet.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20153C48 ? C:\WINDOWS\Explorer.EXE[1084] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll .text C:\WINDOWS\Explorer.EXE[1084] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\WINDOWS\Explorer.EXE[1084] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\WINDOWS\Explorer.EXE[1084] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\WINDOWS\Explorer.EXE[1084] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 202E44EC .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 202E491C .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 202E4949 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 202E4861 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 202E4542 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 202E3CF3 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 202E4976 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 202E3B9D .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 202E3DB5 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 202E3D54 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 202E4746 .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 202E469F .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 202E499D .text C:\WINDOWS\Explorer.EXE[1084] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 202E3C48 ? C:\WINDOWS\system32\services.exe[1256] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll .text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\WINDOWS\system32\services.exe[1256] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 201529B8 .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20152CE2 .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!send 71AB428A 5 Bytes JMP 2015296A .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20152E3F .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20152C73 .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20152D57 .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20152FFB .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20152F1A .text C:\WINDOWS\system32\services.exe[1256] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20152DC8 .text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 201529B8 .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20152CE2 .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!send 71AB428A 5 Bytes JMP 2015296A .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20152E3F .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20152C73 .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20152D57 .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20152FFB .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20152F1A .text C:\WINDOWS\system32\lsass.exe[1268] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20152DC8 .text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1440] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text C:\WINDOWS\system32\Ati2evxx.exe[1456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\WINDOWS\system32\Ati2evxx.exe[1456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\WINDOWS\system32\Ati2evxx.exe[1456] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1456] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 ? C:\WINDOWS\system32\svchost.exe[1472] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E29B8 .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E2CE2 .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E296A .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E2E3F .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E2C73 .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E2D57 .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E2FFB .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E2F1A .text C:\WINDOWS\system32\svchost.exe[1472] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E2DC8 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 201529B8 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20152CE2 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!send 71AB428A 5 Bytes JMP 2015296A .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20152E3F .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20152C73 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20152D57 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20152FFB .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20152F1A .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20152DC8 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 201544EC .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2015491C .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20154949 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20154861 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20154542 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20153CF3 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20154976 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20153B9D .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20153DB5 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20153D54 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20154746 .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2015469F .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2015499D .text c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe[1552] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20153C48 ? C:\WINDOWS\system32\svchost.exe[1604] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E29B8 .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E2CE2 .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E296A .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E2E3F .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E2C73 .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E2D57 .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E2FFB .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E2F1A .text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E2DC8 .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe[1652] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe[1652] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe[1652] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe[1652] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 ? C:\WINDOWS\System32\svchost.exe[1728] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\WINDOWS\System32\svchost.exe[1728] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E29B8 .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E2CE2 .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E296A .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E2E3F .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E2C73 .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E2D57 .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E2FFB .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E2F1A .text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E2DC8 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 202E44EC .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 202E491C .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 202E4949 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 202E4861 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 202E4542 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 202E3CF3 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 202E4976 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 202E3B9D .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 202E3DB5 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 202E3D54 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 202E4746 .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 202E469F .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 202E499D .text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 202E3C48 ? C:\WINDOWS\system32\svchost.exe[1772] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\WINDOWS\system32\svchost.exe[1772] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 ? C:\WINDOWS\system32\svchost.exe[1844] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20157B8C .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2014AB2F .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20157A08 .text C:\WINDOWS\system32\svchost.exe[1844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20151AF8 .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 201529B8 .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20152CE2 .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!send 71AB428A 5 Bytes JMP 2015296A .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20152E3F .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20152C73 .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20152D57 .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20152FFB .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20152F1A .text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20152DC8 ? C:\WINDOWS\system32\svchost.exe[2020] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\WINDOWS\system32\svchost.exe[2020] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E29B8 .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E2CE2 .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E296A .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E2E3F .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E2C73 .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E2D57 .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E2FFB .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E2F1A .text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E2DC8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2036] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\WINDOWS\system32\CTsvcCDA.exe[2040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\WINDOWS\system32\CTsvcCDA.exe[2040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\WINDOWS\system32\CTsvcCDA.exe[2040] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\WINDOWS\system32\CTsvcCDA.exe[2040] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\Kontiki\KService.exe[2440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\Kontiki\KService.exe[2440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\Kontiki\KService.exe[2440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\Kontiki\KService.exe[2440] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\Program Files\Kontiki\KService.exe[2440] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 200244EC .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2002491C .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20024949 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20024861 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20024542 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20023CF3 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20024976 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20023B9D .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20023DB5 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20023D54 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20024746 .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2002469F .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2002499D .text C:\Program Files\Kontiki\KService.exe[2440] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20023C48 .text C:\WINDOWS\system32\umonit.exe[2580] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\WINDOWS\system32\umonit.exe[2580] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\WINDOWS\system32\umonit.exe[2580] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\WINDOWS\system32\umonit.exe[2580] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\WINDOWS\VM305_STI.EXE[2588] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\WINDOWS\VM305_STI.EXE[2588] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\WINDOWS\VM305_STI.EXE[2588] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\WINDOWS\VM305_STI.EXE[2588] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 203229B8 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20322CE2 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!send 71AB428A 5 Bytes JMP 2032296A .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20322E3F .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20322C73 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20322D57 .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20322FFB .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20322F1A .text C:\Program Files\AVG\AVG2012\avgtray.exe[2596] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20322DC8 .text C:\program files\real\realplayer\update\realsched.exe[2612] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\program files\real\realplayer\update\realsched.exe[2612] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\program files\real\realplayer\update\realsched.exe[2612] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\program files\real\realplayer\update\realsched.exe[2612] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\program files\real\realplayer\update\realsched.exe[2612] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe[2700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe[2700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe[2700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe[2700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2784] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\WINDOWS\RTHDCPL.EXE[2808] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\WINDOWS\RTHDCPL.EXE[2808] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\WINDOWS\RTHDCPL.EXE[2808] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\WINDOWS\RTHDCPL.EXE[2808] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe[2836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe[2836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe[2836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe[2836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[3000] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[3000] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[3000] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[3000] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 203229B8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20322CE2 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!send 71AB428A 5 Bytes JMP 2032296A .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20322E3F .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20322C73 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20322D57 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20322FFB .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20322F1A .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20322DC8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 203244EC .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2032491C .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20324949 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20324861 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20324542 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20323CF3 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20324976 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20323B9D .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20323DB5 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20323D54 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20324746 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2032469F .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2032499D .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3016] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20323C48 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3064] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\Program Files\WinTV\Ir.exe[3096] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\WinTV\Ir.exe[3096] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\WinTV\Ir.exe[3096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\WinTV\Ir.exe[3096] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202E7B8C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202DAB2F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202E7A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 202E29B8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 202E2CE2 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!send 71AB428A 5 Bytes JMP 202E296A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 202E2E3F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!recv 71AB615A 5 Bytes JMP 202E2C73 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 202E2D57 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 202E2FFB .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 202E2F1A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 202E2DC8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 202E1AF8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!GetWindowInfo 7E41E77C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0188B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 203229B8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20322CE2 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!send 71AB428A 5 Bytes JMP 2032296A .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20322E3F .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20322C73 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20322D57 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20322FFB .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20322F1A .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20322DC8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 203244EC .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2032491C .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20324949 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20324861 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20324542 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20323CF3 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20324976 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20323B9D .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20323DB5 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20323D54 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20324746 .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2032469F .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2032499D .text C:\Program Files\Mozilla Firefox\firefox.exe[3124] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20323C48 .text C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[3160] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[3160] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[3160] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe[3160] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe[3236] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe[3236] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe[3236] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe[3236] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20037B8C .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2002AB2F .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20037A08 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20031AF8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200329B8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20032CE2 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!send 71AB428A 5 Bytes JMP 2003296A .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20032E3F .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20032C73 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20032D57 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20032FFB .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20032F1A .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20032DC8 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 200344EC .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2003491C .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20034949 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20034861 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20034542 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20033CF3 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20034976 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20033B9D .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20033DB5 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20033D54 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20034746 .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2003469F .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2003499D .text C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe[3264] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20033C48 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3400] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20067B8C .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005AB2F .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20067A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20061AF8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200629B8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20062CE2 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!send 71AB428A 5 Bytes JMP 2006296A .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20062E3F .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20062C73 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20062D57 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20062FFB .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20062F1A .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3536] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20062DC8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3656] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3656] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3656] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3656] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 ? C:\WINDOWS\system32\svchost.exe[3708] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[3708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\WINDOWS\system32\svchost.exe[3708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\WINDOWS\system32\svchost.exe[3708] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\WINDOWS\system32\svchost.exe[3708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[3800] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[3856] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3972] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\WINDOWS\System32\alg.exe[4172] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\WINDOWS\System32\alg.exe[4172] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\WINDOWS\System32\alg.exe[4172] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\WINDOWS\System32\alg.exe[4172] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\WINDOWS\System32\alg.exe[4172] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\WINDOWS\system32\wuauclt.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20327B8C .text C:\WINDOWS\system32\wuauclt.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2031AB2F .text C:\WINDOWS\system32\wuauclt.exe[4320] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20327A08 .text C:\WINDOWS\system32\wuauclt.exe[4320] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20321AF8 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 200244EC .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2002491C .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!HttpOpenRequestW 3D94C49A 5 Bytes JMP 20024949 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 20024861 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 20024542 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 20023CF3 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 20024976 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 20023B9D .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 20023DB5 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 20023D54 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetReadFileExW 3D96334C 5 Bytes JMP 20024746 .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 2002469F .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 2002499D .text C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe[4440] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 20023C48 .text C:\WINDOWS\system32\HPZipm12.exe[4584] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\WINDOWS\system32\HPZipm12.exe[4584] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\WINDOWS\system32\HPZipm12.exe[4584] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\WINDOWS\system32\HPZipm12.exe[4584] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text C:\WINDOWS\system32\HPZipm12.exe[4584] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[4696] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[4696] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[4696] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[4696] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[4740] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 200229B8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 20022CE2 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!send 71AB428A 5 Bytes JMP 2002296A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 20022E3F .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!recv 71AB615A 5 Bytes JMP 20022C73 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 20022D57 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 20022FFB .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 20022F1A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 20022DC8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4892] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4992] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4992] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4992] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 ? C:\WINDOWS\system32\svchost.exe[5068] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[5068] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\WINDOWS\system32\svchost.exe[5068] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\WINDOWS\system32\svchost.exe[5068] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\WINDOWS\system32\svchost.exe[5068] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[5096] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20027B8C .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[5096] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001AB2F .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[5096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 20027A08 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[5096] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20021AF8 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\ubohci \Device\UBOHCI0 UB1394.SYS (FireAPIŽ 1394 Class Driver (XP)/Unibrain S.A.) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\ubohci \Device\C1394 UB1394.SYS (FireAPIŽ 1394 Class Driver (XP)/Unibrain S.A.) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\dnhj@ VAtO~LSflvW}U_nsf Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\kFxkpmrrw@ smGwJQMeZ^onCuXD Reg HKLM\SOFTWARE\Classes\CLSID\{909FCFE5-19B5-D007-74EB-19EE542DABFF}\rjApcsrg@ qnmiEFt{QvhFIgRfpKIQKMNuwAq` ---- EOF - GMER 1.0.15 ----