GMER...
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-16 01:28:30
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\asli\LOCALS~1\Temp\pwxoipoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEE5A0B0]
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF84E6394]
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF8A85E00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF8927F00]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF71D5340, 0x106FDF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x238E10, 0xF8000020]
? C:\DOCUME~1\asli\LOCALS~1\Temp\pwxoipob.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C1000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP BB000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP B8000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP BE000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP C4000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 76000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 7C000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 85000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!send 71AB428A 8 Bytes JMP 82000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP B2000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 79000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!recv 71AB615A 8 Bytes JMP B5000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 7F000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP A3000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 9A000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 94000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 97000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP A9000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 8B000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP AC000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 88000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP A6000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP A0000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 9D000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP AF000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 8E000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 91000025
.text C:\Program Files\DIGStream\digstream.exe[180] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\DIGStream\digstream.exe[180] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP C7000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 27000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 1E000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 18000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 1B000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 2D000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 0F000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 30000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 0C000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 2A000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 24000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 21000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 33000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 12000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 15000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 45000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3F000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 3C000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 42000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 48000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 4B000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP FA000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 00000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 09000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!send 71AB428A 8 Bytes JMP 06000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 36000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP FD000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!recv 71AB615A 8 Bytes JMP 39000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 03000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 4D000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 47000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 44000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 4A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 50000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 2F000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 26000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 20000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 23000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 35000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 17000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 38000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 14000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 32000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 2C000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 29000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 3B000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 1A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 1D000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 53000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP BA000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 08000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 11000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!send 71AB428A 8 Bytes JMP 0E000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 6E007200
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 05000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!recv 71AB615A 8 Bytes JMP 41000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 0B000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 91000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 8B000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 88000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 8E000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 94000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 73000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 6A000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 64000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 67000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 79000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 5B000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 7C000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 58000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 76000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 70000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 6D000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 7F000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 5E000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 61000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Verizon\McciTrayApp.exe[300] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 97000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 46000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 4C000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 55000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!send 71AB428A 8 Bytes JMP 52000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 82000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 49000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!recv 71AB615A 8 Bytes JMP 85000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 4F000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 28000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 22000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 1F000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 25000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 2B000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 0A000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetReadFile 3D94654B 8 Bytes [55, 90, FF, 25, 00, 00, 01, ...] {PUSH EBP; NOP ; JMP [0x2010000]}
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP FB000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP FE000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 10000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP F2000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 13000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP EF000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 0D000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 07000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 16000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP F5000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP F8000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP DD000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP E3000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP EC000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!sendto + 7 71AB2C70 1 Byte [01]
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!send 71AB428A 8 Bytes JMP E9000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 19000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP E0000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!recv 71AB615A 8 Bytes JMP 1C000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP E6000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 2E000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 90000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 8A000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 87000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 8D000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 93000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 45000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 4B000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 54000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!send 71AB428A 8 Bytes JMP 51000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 81000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 48000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!recv 71AB615A 8 Bytes JMP 84000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 4E000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 96000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 72000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 69000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 63000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 66000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 78000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 5A000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 7B000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 57000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 75000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 6F000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 6C000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 7E000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 5D000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 60000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 5C000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!PeekMessageW 7E41929B 6 Bytes JMP 56000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!PeekMessageW + 7 7E4192A2 1 Byte [01]
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 53000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 59000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 5F000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 6E007200
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 35000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 2F000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 32000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 44000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 26000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 47000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 23000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 41000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 3B000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 38000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 4A000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 29000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 2C000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Apoint2K\Apntex.exe[464] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 62000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F0000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP F6000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 20000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!send 71AB428A 8 Bytes JMP 1D000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 4D000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP F3000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!recv 71AB615A 8 Bytes JMP 50000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP F9000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 6D000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 66000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 63000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 69000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 70000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 4E000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 45000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 3F000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 42000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 54000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 36000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 57000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 33000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 51000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 4B000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 48000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 5A000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 39000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 3C000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 73000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP EB000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 26000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 2F000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!send 71AB428A 8 Bytes JMP 2C000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 5D000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 23000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!recv 71AB615A 8 Bytes JMP 60000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 29000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 39000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 33000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 30000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 36000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 3C000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Internet Explorer\iexplore.exe[544] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 3F000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 8D000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 87000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 84000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 8A000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 90000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 6F000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 66000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 60000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 63000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 75000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 57000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 78000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 54000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 72000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 6C000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 69000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 7B000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 5A000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 5D000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 42000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 48000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 51000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!send 71AB428A 8 Bytes JMP 4E000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 7E000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 45000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!recv 71AB615A 8 Bytes JMP 81000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 74FCDE32
.text C:\Program Files\iTunes\iTunesHelper.exe[644] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\iTunes\iTunesHelper.exe[644] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 93000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 41000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3B000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 38000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 6E007200
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 44000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 23000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 1A000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 14000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 17000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 29000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 0B000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 2C000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 08000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 26000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 20000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 1D000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 2F000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 0E000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 11000025
.text C:\WINDOWS\system32\ctfmon.exe[648] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\ctfmon.exe[648] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 47000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F6000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP FC000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 05000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!send 71AB428A 8 Bytes JMP 02000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 32000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP F9000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!recv 71AB615A 8 Bytes JMP 35000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP FF000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C7000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C1000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP BE000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP C4000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP CA000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 3F000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 82000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 8B000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!send 71AB428A 8 Bytes JMP 88000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP B8000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 7F000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!recv 71AB615A 8 Bytes JMP BB000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 85000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP A9000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP A0000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 9A000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 9D000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP AF000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 91000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP B2000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 8E000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP AC000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP A6000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP A3000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP B5000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 94000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 97000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP CD000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP A4000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 9E000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 9B000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP A1000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP A7000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 86000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP C4FF3161
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP FF50046A
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 7A000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 8C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 6E000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 8F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 6B000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 89000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 83000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 80000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 92000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 71000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 74000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP AA000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 59000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 5F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 68000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!send 71AB428A 8 Bytes JMP 65000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 95000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 5C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!recv 71AB615A 8 Bytes JMP 98000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 62000025
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0101000A
.text C:\WINDOWS\System32\svchost.exe[1016] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00AA000A
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 48000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 42000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 3F000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 45000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 4B000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 2A000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 21000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 1B000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 1E000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 30000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 12000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 33000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 0F000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 2D000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 27000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 24000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 36000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 15000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 18000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 4E000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP FD000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 03000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 0C000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!send 71AB428A 8 Bytes JMP 09000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 39000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 00000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!recv 71AB615A 8 Bytes JMP 3C000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 06000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP EA000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP E4000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP E1000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP E7000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP ED000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP CC000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP C3000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP BD000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP C0000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP D2000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP B4000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP D5000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP B1000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP CF000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP C9000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP C6000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP D8000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP B7000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP BA000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP F0000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 7E000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 84000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP AE000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!send 71AB428A 8 Bytes JMP AB000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP DB000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 81000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!recv 71AB615A 8 Bytes JMP DE000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 87000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP F3000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 80000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP C4FF3161
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 83000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP F6000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP F9000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 68000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 5F000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 59000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 5C000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 6E000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 50000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 71000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 4D000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 6B000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 65000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 62000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 74000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 53000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 56000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 3B000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 41000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 4A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!send 71AB428A 8 Bytes JMP 47000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP FF50046A
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 6E007200
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!recv 71AB615A 8 Bytes JMP 7A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 44000025
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP B8000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 92000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 8F000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 95000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP BB000025
.text C:\WINDOWS\Explorer.EXE[1624] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\Explorer.EXE[1624] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP BD000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP D0000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP CA000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP C7000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP CD000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP D3000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 4D000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 44000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 6E007200
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 41000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 53000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 35000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 56000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 32000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 50000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 4A000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 47000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 59000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 38000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 3B000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Apoint2K\Apoint.exe[1904] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP D6000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 1E000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 24000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 2F000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!send 71AB428A 8 Bytes JMP 2C000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 5C000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 21000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!recv 71AB615A 8 Bytes JMP 5F000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 29000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 75000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 6F000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 6C000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 72000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 78000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 57000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 4E000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 48000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 4B000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 5D000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 3F000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 60000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 3C000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 5A000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 54000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 51000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 63000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 42000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 45000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\AGRSMMSG.exe[1916] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 7B000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 2A000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 30000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 39000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!send 71AB428A 8 Bytes JMP 36000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 66000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 2D000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!recv 71AB615A 8 Bytes JMP 69000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 33000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 1E000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 18000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 15000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 1B000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 21000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 00000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP F7000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP F1000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP F4000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 06000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP E8000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 09000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP E5000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 03000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP FD000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP FA000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 0C000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP EB000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP EE000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 24000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP D3000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP D9000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP E2000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!send 71AB428A 8 Bytes JMP DF000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 0F000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP D6000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!recv 71AB615A 8 Bytes JMP 12000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP DC000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP D4000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP CE000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP CB000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP D1000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP D7000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 89000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 8F000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 98000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!send 71AB428A 8 Bytes JMP 95000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP C5000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 8C000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!recv 71AB615A 8 Bytes JMP C8000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 92000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP B6000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP AD000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP A7000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP AA000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP BC000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 9E000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP BF000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 9B000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP B9000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP B3000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP B0000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP C2000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP A1000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP A4000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP DA000025
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP AB000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP A5000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP A2000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP A8000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP AE000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP B1000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F1000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP F7000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 00000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!send 71AB428A 8 Bytes JMP FD000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 2D000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP F4000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!recv 71AB615A 8 Bytes JMP 30000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP FA000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 3C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 36000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 33000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 39000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 3F000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 1E000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 15000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 0F000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 12000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 24000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 06000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 27000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 03000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 21000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 1B000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 18000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 2A000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 09000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 0C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 42000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 6E007200
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 44000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 4D000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!send 71AB428A 8 Bytes JMP 4A000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 7A000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 41000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!recv 71AB615A 8 Bytes JMP C4FF3161
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 47000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 89000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 83000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 80000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 86000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 8C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 6B000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 62000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 5C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 5F000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 71000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 53000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 74000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 50000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 6E000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 68000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetReadFileExA 3D963381 8 Bytes [55, 90, FF, 25, 00, 00, 65, ...] {PUSH EBP; NOP ; JMP [0x3650000]}
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP FF50046A
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestExA 3D9BA70A 6 Bytes JMP 56000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestExA + 7 3D9BA711 1 Byte [03]
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 59000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 8F000025
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 81D31FC5
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8249DEC5
---- Threads - GMER 1.0.15 ----
Thread System [4:1632] 81D317CA
Thread System [4:1644] 81D3157C
Thread System [4:1648] 81D3257D
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\asli\Cookies\
[email protected] 0 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----