This topic is locked
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-28 19:09:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD4000AAKS-00TMA0 rev.12.01C01
Running: 53wr2h7z.exe; Driver: C:\DOCUME~1\ALLENL~1\LOCALS~1\Temp\pxtdypob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xB38A4FE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB38A5996]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xB83DB864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB38A5AF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xB38A936C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xB38A939E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xB38A9500]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB38A5A5A]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB21F96C0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xB38A531A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xB38A544C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB38A9476]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB38A93E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB38A9412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB38A9444]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xB38A4F8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB38A5B56]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwSetValueKey [0xB83DB82E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xB38A4F26]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB21F9770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB21F9810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB21F98B0]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A6D3A0, 0x5CA569, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\PnkBstrA.exe[188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\PnkBstrA.exe[188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\PnkBstrA.exe[188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\PnkBstrA.exe[188] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\System32\smss.exe[492] time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[792] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\winlogon.exe[828] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[828] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\winlogon.exe[828] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\winlogon.exe[828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\winlogon.exe[828] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\services.exe[872] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\services.exe[872] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\system32\nvsvc32.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\nvsvc32.exe[1064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\nvsvc32.exe[1064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\nvsvc32.exe[1064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\svchost.exe[1132] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\svchost.exe[1236] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
? C:\WINDOWS\System32\svchost.exe[1336] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
? C:\WINDOWS\system32\svchost.exe[1376] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\svchost.exe[1492] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\svchost.exe[1504] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\system32\spoolsv.exe[1624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\spoolsv.exe[1624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\spoolsv.exe[1624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\spoolsv.exe[1624] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\svchost.exe[1700] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\svchost.exe[1836] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\cisvc.exe[1848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\cisvc.exe[1848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\cisvc.exe[1848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\cisvc.exe[1848] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Kontiki\KService.exe[1904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Kontiki\KService.exe[1904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Kontiki\KService.exe[1904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Kontiki\KService.exe[1904] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\Explorer.EXE[2684] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[2684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\Explorer.EXE[2684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\Explorer.EXE[2684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\Explorer.EXE[2684] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\cidaemon.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\cidaemon.exe[2844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\cidaemon.exe[2844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\cidaemon.exe[2844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001EFA4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001F087
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001F2AF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001EF76
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001F15B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001F04D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001F0C7
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001F202
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001F10E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2001DBAD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2001D2BA
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2001D88E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2001DC68
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2001D25B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2001DC95
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2001D226
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2001DCC2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2001DA92
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2001D9EB
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2001D28D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2001DCE9
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2001D1E0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2001D19A
.text C:\WINDOWS\System32\alg.exe[3536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\System32\alg.exe[3536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\System32\alg.exe[3536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\System32\alg.exe[3536] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2001DBAD
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2001D2BA
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2001D88E
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2001DC68
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2001D25B
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2001DC95
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2001D226
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2001DCC2
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2001DA92
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2001D9EB
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2001D28D
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2001DCE9
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2001D1E0
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2001D19A
.text C:\WINDOWS\system32\wscntfy.exe[4340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\WINDOWS\system32\wscntfy.exe[4340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\WINDOWS\system32\wscntfy.exe[4340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\WINDOWS\system32\wscntfy.exe[4340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\53wr2h7z.exe[4784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\53wr2h7z.exe[4784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\53wr2h7z.exe[4784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\53wr2h7z.exe[4784] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\program files\steam\steam.exe[4948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\program files\steam\steam.exe[4948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\program files\steam\steam.exe[4948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001EFA4
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001F087
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001F2AF
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001EF76
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001F15B
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001F04D
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001F0C7
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001F202
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001F10E
.text C:\program files\steam\steam.exe[4948] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}@oanagchdmgfllfkijdccjpdedkkhkn 0x64 0x61 0x6E 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}@oajaoondikjdibakmindnljohhocie 0x6B 0x61 0x6E 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}@nadbefambdjbafbmipljnfblnaia 0x6B 0x61 0x6D 0x63 ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\gskvbcew.exe 159166 bytes
File C:\Documents and Settings\SPARE ADMIN\Start Menu\Programs\Startup\gskvbcew.exe 159166 bytes
File C:\Program Files\xmsjqyuj\gskvbcew.exe 159166 bytes
---- EOF - GMER 1.0.15 ----
Sign In
Create Account
