Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32 / Ramnit.b?


  • This topic is locked This topic is locked

#16
Allaw

Allaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Gmer results follow:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-28 19:09:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD4000AAKS-00TMA0 rev.12.01C01
Running: 53wr2h7z.exe; Driver: C:\DOCUME~1\ALLENL~1\LOCALS~1\Temp\pxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xB38A4FE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB38A5996]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xB83DB864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB38A5AF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xB38A936C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xB38A939E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xB38A9500]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB38A5A5A]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB21F96C0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xB38A531A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xB38A544C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB38A9476]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB38A93E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB38A9412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB38A9444]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xB38A4F8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB38A5B56]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwSetValueKey [0xB83DB82E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xB38A4F26]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB21F9770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB21F9810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB21F98B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A6D3A0, 0x5CA569, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\PnkBstrA.exe[188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\PnkBstrA.exe[188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\PnkBstrA.exe[188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\PnkBstrA.exe[188] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\PnkBstrA.exe[188] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\System32\smss.exe[492] time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[792] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\csrss.exe[792] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\winlogon.exe[828] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[828] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\winlogon.exe[828] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\winlogon.exe[828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\winlogon.exe[828] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\winlogon.exe[828] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\services.exe[872] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\services.exe[872] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\system32\nvsvc32.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\nvsvc32.exe[1064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\nvsvc32.exe[1064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\nvsvc32.exe[1064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\nvsvc32.exe[1064] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\svchost.exe[1132] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\svchost.exe[1236] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1276] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
? C:\WINDOWS\System32\svchost.exe[1336] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
? C:\WINDOWS\system32\svchost.exe[1376] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\svchost.exe[1492] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\svchost.exe[1504] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\WINDOWS\system32\spoolsv.exe[1624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\spoolsv.exe[1624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\spoolsv.exe[1624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\spoolsv.exe[1624] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\spoolsv.exe[1624] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
? C:\WINDOWS\system32\svchost.exe[1700] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[1756] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[1780] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[1804] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\system32\svchost.exe[1836] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\svchost.exe[1836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\cisvc.exe[1848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\cisvc.exe[1848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\cisvc.exe[1848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\cisvc.exe[1848] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[1880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Kontiki\KService.exe[1904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Kontiki\KService.exe[1904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Kontiki\KService.exe[1904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Kontiki\KService.exe[1904] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\Kontiki\KService.exe[1904] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\Kontiki\KService.exe[1904] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[1940] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2076] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2328] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
? C:\WINDOWS\Explorer.EXE[2684] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[2684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\Explorer.EXE[2684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\Explorer.EXE[2684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\Explorer.EXE[2684] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\Explorer.EXE[2684] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[2716] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\cidaemon.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\system32\cidaemon.exe[2844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\system32\cidaemon.exe[2844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\system32\cidaemon.exe[2844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2004DBAD
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2004D2BA
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2004D88E
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2004DC68
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2004D25B
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2004DC95
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2004D226
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2004DCC2
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2004DA92
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2004D9EB
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2004D28D
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2004DCE9
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2004D1E0
.text C:\WINDOWS\system32\cidaemon.exe[2844] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2004D19A
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\system32\cidaemon.exe[2844] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001EFA4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001F087
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001F2AF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001EF76
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001F15B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001F04D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001F0C7
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001F202
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001F10E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2001DBAD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2001D2BA
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2001D88E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2001DC68
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2001D25B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2001DC95
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2001D226
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2001DCC2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2001DA92
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2001D9EB
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2001D28D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2001DCE9
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2001D1E0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3024] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2001D19A
.text C:\WINDOWS\System32\alg.exe[3536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004F2CE
.text C:\WINDOWS\System32\alg.exe[3536] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004766F
.text C:\WINDOWS\System32\alg.exe[3536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004EC79
.text C:\WINDOWS\System32\alg.exe[3536] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2004C3E6
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004EFA4
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004F087
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004F2AF
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004EF76
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004F15B
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004F04D
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004F0C7
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004F202
.text C:\WINDOWS\System32\alg.exe[3536] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004F10E
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 2001DBAD
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2001D2BA
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetQueryDataAvailable 3D94BF83 5 Bytes JMP 2001D88E
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 2001DC68
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2001D25B
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 2001DC95
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2001D226
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 2001DCC2
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 2001DA92
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 2001D9EB
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetWriteFile 3D9A608E 5 Bytes JMP 2001D28D
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 2001DCE9
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestExA 3D9BA666 5 Bytes JMP 2001D1E0
.text C:\Program Files\SlimDrivers\SlimDrivers.exe[4188] WININET.dll!HttpSendRequestExW 3D9BA6BF 5 Bytes JMP 2001D19A
.text C:\WINDOWS\system32\wscntfy.exe[4340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\WINDOWS\system32\wscntfy.exe[4340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\WINDOWS\system32\wscntfy.exe[4340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\WINDOWS\system32\wscntfy.exe[4340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\WINDOWS\system32\RUNDLL32.EXE[4484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\53wr2h7z.exe[4784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\53wr2h7z.exe[4784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\53wr2h7z.exe[4784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\53wr2h7z.exe[4784] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\program files\steam\steam.exe[4948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\program files\steam\steam.exe[4948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\program files\steam\steam.exe[4948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001EFA4
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001F087
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001F2AF
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001EF76
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001F15B
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001F04D
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001F0C7
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001F202
.text C:\program files\steam\steam.exe[4948] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001F10E
.text C:\program files\steam\steam.exe[4948] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001F2CE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001766F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001EC79
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5244] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 2001C3E6
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[5704] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}@oanagchdmgfllfkijdccjpdedkkhkn 0x64 0x61 0x6E 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}@oajaoondikjdibakmindnljohhocie 0x6B 0x61 0x6E 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19BCD1BC-D0F6-203B-E063-49EA922807F0}@nadbefambdjbafbmipljnfblnaia 0x6B 0x61 0x6D 0x63 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\gskvbcew.exe 159166 bytes
File C:\Documents and Settings\SPARE ADMIN\Start Menu\Programs\Startup\gskvbcew.exe 159166 bytes
File C:\Program Files\xmsjqyuj\gskvbcew.exe 159166 bytes

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements


#17
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

I'm afraid I have very bad news.

Win32.Nimnul.a is the name used by Kaspersky for variants of Win32/Ramnit.B file infectors which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. The malware injects code in legitimate files (as you saw in your anti-virus log) and some files cannot be disinfected. When disinfection is attempted some files can become corrupted and the system may become unstable. The longer Ramnit remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Many experts in security agree. Please read Where to draw the line? When to recommend a format and reinstall?

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Ramnit with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smorgasbord of malware and a major source of system infection.

If a reformat is not an option for you I can try to help you but there is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired.

Please backup all of your personal data. Do not backup any .exe, or .HTML/HTM files, they are infected. If you are going to use a flash drive, please use Flash Disinfector.

On your clean computer download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

  • 0

#18
Allaw

Allaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks - I thought that was probably the answer...... :D

Reformat and reinstall it is , then..... ;)
  • 0

#19
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Yes, Ramnit is a nasty infection.

I will keep this topic open for a few days, post back if you have any more questions.
  • 0

#20
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP