GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-12 22:12:40 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980811AS rev.3.ALB Running: gmer.exe; Driver: C:\DOCUME~1\Joker_PC\USTAWI~1\Temp\kxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF3E3A5FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF3E3AEFE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF3E3BD32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF3E3C27C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF3E3B1DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF3E3946A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF3E3C162] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF3E3A1E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF3E3C036] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF3E3A390] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF3E3C39C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF3E3AB86] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF3E3C0CC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF3E3DA84] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF3E39A74] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF3E39E28] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF3E3B65C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF3E3EC90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF3E39F74] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF3E3A00C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF3E3B46A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF3E3DB76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF3E39446] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF3E39458] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF3E3E2DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF3E3A138] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF3E3C312] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF3E3AF80] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF3E3962A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF3E3C1F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF3E3A836] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF3E3E078] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF3E3C432] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF3E3A728] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF3E3A0A4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF3E39CDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF3E3E618] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF3E39906] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF3E3DF0A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF3E39B96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF3E38E80] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF3E3C796] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF3E3C65C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF3E3D81E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF3E391F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF3E3EB32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF3E38E18] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF3E3BA78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF3E3ADA2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF3E3D0BE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF3E3DD14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF3E3E768] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF3E39780] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF3E3E85A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF3E3E994] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF3E3D9A8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF3E3A9D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF3E3A932] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF3E3E4BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF3E3AABC] INT 0x62 ? 857A4CB8 INT 0x63 ? 857A4CB8 INT 0x63 ? 857A4CB8 INT 0x63 ? 8522DCB8 INT 0x63 ? 8522DCB8 INT 0x63 ? 857A4CB8 INT 0x82 ? 857A4CB8 INT 0x84 ? 8522DCB8 INT 0xA4 ? 8522DCB8 Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP F3E2CFEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP F3E2D3C8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 24B0 805011B4 12 Bytes [76, DB, E3, F3, 46, 94, E3, ...] {JBE 0xffffffffffffffdd; JECXZ 0xfffffffffffffff7; INC ESI; XCHG ESP, EAX; JECXZ 0xfffffffffffffffb; POP EAX; XCHG ESP, EAX; JECXZ 0xffffffffffffffff} .text ntkrnlpa.exe!ZwCallbackReturn + 262C 80501330 16 Bytes [96, 9B, E3, F3, 80, 8E, E3, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 8 Bytes [5A, E8, E3, F3, 94, E9, E3, ...] {POP EDX; CALL 0xffffffffe994f3e9; JECXZ 0xfffffffffffffffb} .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF74ADB2E] .text USBPORT.SYS!DllUnload F502462C 5 Bytes JMP 8522D1C8 .text afiera41.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 F4FCCCA0 48 Bytes [9A, 04, B8, 33, B1, 57, 39, ...] ? C:\WINDOWS\System32\Drivers\afiera41.SYS suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2033780A .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2032ACA7 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20337686 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 203315DC .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2033249C .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 203327C6 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!send 71A5428A 5 Bytes JMP 2033244E .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20332923 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20332757 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2033283B .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20332ADF .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 203329FE .text C:\PROGRA~1\MICROS~3\rapimgr.exe[284] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 203328AC ? C:\WINDOWS\System32\svchost.exe[316] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 202F780A .text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 202EACA7 .text C:\WINDOWS\System32\svchost.exe[316] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 202F7686 .text C:\WINDOWS\System32\svchost.exe[316] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202F15DC .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202F249C .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202F27C6 .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!send 71A5428A 5 Bytes JMP 202F244E .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202F2923 .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202F2757 .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202F283B .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202F2ADF .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202F29FE .text C:\WINDOWS\System32\svchost.exe[316] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202F28AC .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 202F4400 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 202F4345 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 202F3838 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 202F442D .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 202F4026 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 202F3FD0 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 202F445A .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 202F37D7 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 202F422A .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 202F4183 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 202F3899 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 202F4481 .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 202F372C .text C:\WINDOWS\System32\svchost.exe[316] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 202F3681 .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC .text C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[444] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC ? C:\WINDOWS\system32\svchost.exe[464] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[464] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2019780A .text C:\WINDOWS\system32\svchost.exe[464] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2018ACA7 .text C:\WINDOWS\system32\svchost.exe[464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20197686 .text C:\WINDOWS\system32\svchost.exe[464] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 201915DC .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2019249C .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 201927C6 .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!send 71A5428A 5 Bytes JMP 2019244E .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20192923 .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20192757 .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2019283B .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20192ADF .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 201929FE .text C:\WINDOWS\system32\svchost.exe[464] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 201928AC .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[492] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC .text C:\WINDOWS\system32\vmnat.exe[564] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\system32\vmnat.exe[564] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\system32\vmnat.exe[564] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\system32\vmnat.exe[564] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\WINDOWS\system32\vmnat.exe[564] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC ? C:\WINDOWS\Explorer.EXE[680] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: OLEAUT32.dllunknown module: BROWSEUI.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll .text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\Explorer.EXE[680] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 20024400 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 20024345 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 20023838 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2002442D .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 20024026 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 20023FD0 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2002445A .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 200237D7 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2002422A .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 20024183 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 20023899 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 20024481 .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2002372C .text C:\WINDOWS\Explorer.EXE[680] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 20023681 .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\WINDOWS\Explorer.EXE[680] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC ? C:\WINDOWS\system32\svchost.exe[932] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 202F780A .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 202EACA7 .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 202F7686 .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202F15DC .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202F249C .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202F27C6 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!send 71A5428A 5 Bytes JMP 202F244E .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202F2923 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202F2757 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202F283B .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202F2ADF .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202F29FE .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202F28AC .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 202F4400 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 202F4345 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 202F3838 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 202F442D .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 202F4026 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 202F3FD0 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 202F445A .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 202F37D7 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 202F422A .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 202F4183 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 202F3899 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 202F4481 .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 202F372C .text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 202F3681 .text C:\WINDOWS\system32\VTTimer.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\WINDOWS\system32\VTTimer.exe[976] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\WINDOWS\system32\VTTimer.exe[976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\WINDOWS\system32\VTTimer.exe[976] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2006249C .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200627C6 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!send 71A5428A 5 Bytes JMP 2006244E .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20062923 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20062757 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2006283B .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20062ADF .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200629FE .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1004] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200628AC .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1032] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1032] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1032] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\WINDOWS\system32\rundll32.exe[1128] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\WINDOWS\system32\rundll32.exe[1128] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\WINDOWS\system32\rundll32.exe[1128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\WINDOWS\system32\rundll32.exe[1128] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC ? C:\WINDOWS\system32\services.exe[1152] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: SCESRV.dllunknown module: umpnpmgr.dllunknown module: NCObjAPI.DLL .text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2019780A .text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2018ACA7 .text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20197686 .text C:\WINDOWS\system32\services.exe[1152] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 201915DC .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2019249C .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 201927C6 .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!send 71A5428A 5 Bytes JMP 2019244E .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20192923 .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20192757 .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2019283B .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20192ADF .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 201929FE .text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 201928AC .text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2019780A .text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2018ACA7 .text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20197686 .text C:\WINDOWS\system32\lsass.exe[1164] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 201915DC .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2019249C .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 201927C6 .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!send 71A5428A 5 Bytes JMP 2019244E .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20192923 .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20192757 .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2019283B .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20192ADF .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 201929FE .text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 201928AC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 20064400 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 20064345 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 20063838 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2006442D .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 20064026 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 20063FD0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2006445A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 200637D7 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2006422A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 20064183 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 20063899 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 20064481 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2006372C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 20063681 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!sendto 71A52C69 5 Bytes JMP 2006249C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200627C6 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!send 71A5428A 5 Bytes JMP 2006244E .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!WSARecv 71A54318 5 Bytes JMP 20062923 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!recv 71A5615A 5 Bytes JMP 20062757 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!WSASend 71A56233 5 Bytes JMP 2006283B .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!closesocket 71A59639 5 Bytes JMP 20062ADF .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200629FE .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1292] ws2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200628AC ? C:\WINDOWS\system32\svchost.exe[1336] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 202F780A .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 202EACA7 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 202F7686 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202F15DC .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202F249C .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202F27C6 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!send 71A5428A 5 Bytes JMP 202F244E .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202F2923 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202F2757 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202F283B .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202F2ADF .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202F29FE .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202F28AC ? C:\WINDOWS\system32\svchost.exe[1392] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 202F780A .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 202EACA7 .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 202F7686 .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202F15DC .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202F249C .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202F27C6 .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!send 71A5428A 5 Bytes JMP 202F244E .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202F2923 .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202F2757 .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202F283B .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202F2ADF .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202F29FE .text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202F28AC .text C:\WINDOWS\system32\spoolsv.exe[1448] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2019780A .text C:\WINDOWS\system32\spoolsv.exe[1448] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2018ACA7 .text C:\WINDOWS\system32\spoolsv.exe[1448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20197686 .text C:\WINDOWS\system32\spoolsv.exe[1448] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 201915DC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 20064400 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 20064345 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 20063838 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2006442D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 20064026 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 20063FD0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2006445A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 200637D7 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2006422A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 20064183 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 20063899 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 20064481 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2006372C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1488] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 20063681 .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC .text C:\Program Files\Bonjour\mDNSResponder.exe[1500] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2006249C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200627C6 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!send 71A5428A 5 Bytes JMP 2006244E .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20062923 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20062757 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2006283B .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20062ADF .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200629FE .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1540] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200628AC .text C:\WINDOWS\system32\wdfmgr.exe[1600] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\system32\wdfmgr.exe[1600] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\system32\wdfmgr.exe[1600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\system32\wdfmgr.exe[1600] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 20161610 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!ReleaseDC 77D3866D 5 Bytes JMP 201668E0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetDC 77D38697 5 Bytes JMP 20166860 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetWindowDC 77D38FF9 5 Bytes JMP 201668A0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetMessageW 77D391A3 5 Bytes JMP 20166050 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!PeekMessageW 77D39278 5 Bytes JMP 20166110 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetCapture 77D394FF 5 Bytes JMP 20165FF0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!RegisterClassW 77D3A5EC 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!RegisterClassW 77D3A5EC 5 Bytes JMP 20167DF0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!RegisterClassExW 77D3AE29 5 Bytes JMP 20167EB0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefWindowProcW 77D3B1E5 5 Bytes JMP 20167B20 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!BeginPaint 77D3B4B1 5 Bytes JMP 20166750 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!EndPaint 77D3B4C5 5 Bytes JMP 201667C0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetUpdateRect 77D3BCEC 5 Bytes JMP 20166920 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!CallWindowProcW 77D3C019 5 Bytes JMP 20167D20 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetCursorPos 77D3C566 5 Bytes JMP 20165DA0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetMessagePos 77D3C6E4 5 Bytes JMP 20165D70 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetCapture 77D3C988 5 Bytes JMP 20165E30 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!ReleaseCapture 77D3C9A4 5 Bytes JMP 20165F40 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetUpdateRgn 77D3CE3B 5 Bytes JMP 201669C0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!PeekMessageA 77D3CEFD 5 Bytes JMP 20166170 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefWindowProcA 77D3DF6B 5 Bytes JMP 20167B60 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!CallWindowProcA 77D3E34B 5 Bytes JMP 20167D60 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetDCEx 77D3F21D 5 Bytes JMP 20166800 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!RegisterClassA 77D42316 5 Bytes JMP 20167E50 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!RegisterClassExA 77D44315 5 Bytes JMP 20167F10 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefDlgProcW 77D44CFA 5 Bytes JMP 20167BA0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefDlgProcA 77D4759D 5 Bytes JMP 20167BE0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefFrameProcW 77D5430C 5 Bytes JMP 20167C20 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefMDIChildProcW 77D54520 5 Bytes JMP 20167CA0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!OpenInputDesktop 77D56607 5 Bytes JMP 20167A80 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SwitchDesktop 77D579A3 5 Bytes JMP 20167B00 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetMessageA 77D5EA45 5 Bytes JMP 201660B0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefFrameProcA 77D6F685 5 Bytes JMP 20167C60 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DefMDIChildProcA 77D6F6D4 5 Bytes JMP 20167CE0 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetCursorPos 77D75E8C 5 Bytes JMP 20165DF0 .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\WINDOWS\system32\vmnetdhcp.exe[1864] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC ? C:\WINDOWS\system32\svchost.exe[2064] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[2064] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\system32\svchost.exe[2064] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\system32\svchost.exe[2064] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\system32\svchost.exe[2064] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text D:\Tools\Mozilla Firefox\firefox.exe[2148] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text D:\Tools\Mozilla Firefox\firefox.exe[2148] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text D:\Tools\Mozilla Firefox\firefox.exe[2148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01855B60 D:\Tools\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Tools\Mozilla Firefox\firefox.exe[2148] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2006249C .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200627C6 .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!send 71A5428A 5 Bytes JMP 2006244E .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20062923 .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20062757 .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2006283B .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20062ADF .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200629FE .text D:\Tools\Mozilla Firefox\firefox.exe[2148] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200628AC ? C:\WINDOWS\system32\svchost.exe[2208] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[2876] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC ? C:\WINDOWS\System32\svchost.exe[2928] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[2928] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\System32\svchost.exe[2928] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\System32\svchost.exe[2928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\System32\svchost.exe[2928] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC ? C:\WINDOWS\System32\svchost.exe[3024] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\System32\svchost.exe[3024] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\System32\svchost.exe[3024] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text D:\GMER\gmer\gmer.exe[3360] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text D:\GMER\gmer\gmer.exe[3360] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text D:\GMER\gmer\gmer.exe[3360] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text D:\GMER\gmer\gmer.exe[3360] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\WINDOWS\system32\wscntfy.exe[3576] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2033780A .text C:\WINDOWS\system32\wscntfy.exe[3576] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2032ACA7 .text C:\WINDOWS\system32\wscntfy.exe[3576] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20337686 .text C:\WINDOWS\system32\wscntfy.exe[3576] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 203315DC .text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\System32\alg.exe[3604] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC .text C:\WINDOWS\system32\ctfmon.exe[3904] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2006780A .text C:\WINDOWS\system32\ctfmon.exe[3904] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2005ACA7 .text C:\WINDOWS\system32\ctfmon.exe[3904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20067686 .text C:\WINDOWS\system32\ctfmon.exe[3904] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200615DC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2002249C .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 200227C6 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!send 71A5428A 5 Bytes JMP 2002244E .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 20022923 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!recv 71A5615A 5 Bytes JMP 20022757 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2002283B .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 20022ADF .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 200229FE .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 200228AC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3940] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC ? C:\WINDOWS\system32\svchost.exe[3988] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[3988] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2002780A .text C:\WINDOWS\system32\svchost.exe[3988] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2001ACA7 .text C:\WINDOWS\system32\svchost.exe[3988] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20027686 .text C:\WINDOWS\system32\svchost.exe[3988] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 200215DC .text D:\Tools\TomTom HOME 2\TomTomHOMEService.exe[4060] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 2019780A .text D:\Tools\TomTom HOME 2\TomTomHOMEService.exe[4060] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 2018ACA7 .text D:\Tools\TomTom HOME 2\TomTomHOMEService.exe[4060] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 20197686 .text D:\Tools\TomTom HOME 2\TomTomHOMEService.exe[4060] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 201915DC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F73B9232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F73B8730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F73B8F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B8730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B8914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B8856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B90F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B8F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73CCEB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6EC0D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6EC0D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 857A31E8 Device \FileSystem\Fastfat \FatCdrom 851B9430 AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\usbuhci \Device\USBPDO-0 8522C1E8 Device \Driver\usbuhci \Device\USBPDO-1 8522C1E8 Device \Driver\usbuhci \Device\USBPDO-2 8522C1E8 Device \Driver\usbuhci \Device\USBPDO-3 8522C1E8 Device \Driver\usbehci \Device\USBPDO-4 8530A1E8 AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\NetBT \Device\NetBT_Tcpip_{91C03E08-211C-420E-873C-0E0B4D4EC1DD} 8521D430 Device \Driver\PCI_PNP5112 \Device\00000064 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP5112 \Device\00000064 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\Cdrom \Device\CdRom0 856B01E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1A9CF173-790A-4D93-807C-7E7E280B1DD2} 8521D430 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 857A41E8 Device \Driver\atapi \Device\Ide\IdePort0 857A41E8 Device \Driver\atapi \Device\Ide\IdePort1 857A41E8 Device \Driver\atapi \Device\Ide\IdePort2 857A41E8 Device \Driver\atapi \Device\Ide\IdePort3 857A41E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 857A41E8 Device \Driver\Cdrom \Device\CdRom1 856B01E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8521D430 Device \Driver\usbhub \Device\00000090 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\NetBT \Device\NetbiosSmb 8521D430 Device \Driver\NetBT \Device\NetBT_Tcpip_{7247C91E-D87C-4147-A12C-C62F89F8153E} 8521D430 AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\usbhub \Device\00000089 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\usbuhci \Device\USBFDO-0 8522C1E8 Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-1 8522C1E8 Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-2 8522C1E8 Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85362430 Device \Driver\usbuhci \Device\USBFDO-3 8522C1E8 Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\MRxSmb \Device\LanmanRedirector 85362430 Device \Driver\usbehci \Device\USBFDO-4 8530A1E8 Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\afiera41 \Device\Scsi\afiera411 856111E8 Device \Driver\afiera41 \Device\Scsi\afiera411Port4Path0Target0Lun0 856111E8 Device \Driver\usbhub \Device\0000008d hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\Fastfat \Fat 851B9430 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 851E5430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\2c3d4f041b0c Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x72 0xB8 0xAA 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x66 0x41 0x79 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8F 0xC1 0xC5 0x4F ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\2c3d4f041b0c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x72 0xB8 0xAA 0x85 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x66 0x41 0x79 0x5C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8F 0xC1 0xC5 0x4F ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Joker_PC\Moje dokumenty\Menu Start\Programy\Autostart\gefbwxse.exe 94456 bytes executable File C:\Documents and Settings\Joker_PC\Ustawienia lokalne\Dane aplikacji\xxnomxmn 0 bytes File C:\Documents and Settings\Joker_PC\Ustawienia lokalne\Dane aplikacji\xxnomxmn\gefbwxse.exe 94456 bytes executable File C:\Qoobox\Quarantine\C\Documents and Settings\Joker_PC\Ustawienia lokalne\Dane aplikacji\xxnomxmn 0 bytes File C:\Qoobox\Quarantine\C\Documents and Settings\Joker_PC\Ustawienia lokalne\Dane aplikacji\xxnomxmn\gefbwxse.exe.vir 94456 bytes executable File C:\Qoobox\Quarantine\C\Documents and Settings\Joker_PC\Ustawienia lokalne\Dane aplikacji\xxnomxmn\_gefbwxse_.exe.zip 159844 bytes ---- EOF - GMER 1.0.15 ----