Yes I did uninstall the
Avira AntiVir 12, I thought it don't work any more, and I was planning to install a new anti-virus program until I came across this tech site.
Scanning with the GMER took almost 4 hours, is that suppose to happen? Also the
saved file was asking to save as a *.log file. I had to change it to ark.
txt.
***************************************************
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-04-06 16:23:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
Running: wgi92tgj.exe; Driver: C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwCreateKey [0xA6CFF6AC]
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwOpenKey [0xA6CFF562]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys The system cannot find the file specified. !
? C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\svchost.exe[156] time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[720] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
? C:\WINDOWS\Explorer.EXE[848] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\Explorer.EXE[848] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\services.exe[972] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\svchost.exe[1156] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\svchost.exe[1204] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\System32\svchost.exe[1244] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
? C:\WINDOWS\system32\svchost.exe[1284] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
? C:\WINDOWS\system32\svchost.exe[1340] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\svchost.exe[1428] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\WINDOWS\System32\alg.exe[1672] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200220DB
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20022405
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2002271E
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002208D
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20022562
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20022396
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002247A
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002263D
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200224EB
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\acs.exe[1836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
? C:\WINDOWS\system32\svchost.exe[1880] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\System32\svchost.exe[2144] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\System32\svchost.exe[2144] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\WINDOWS\system32\svchost.exe[2432] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 20201610
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 202068E0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 20206860
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 202068A0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 20206050
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 20206110
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 20205FF0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 20207DF0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 20207EB0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 20207A80
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 20207B00
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 20207BA0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 202060B0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 20207F10
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 20207B20
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 20206750
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 202067C0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 20205DA0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 20205D70
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 20207D20
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 20206170
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 20206920
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 20207D60
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 20207B60
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 20205E30
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 20205F40
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 20206800
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 20207E50
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 202069C0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 20207C20
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 20207CA0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 20207BE0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 20207C60
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 20207CE0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 20205DF0
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20023A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200236E6
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2002373C
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20023B16
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20022F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20023B43
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20022F48
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20023B70
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20023940
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20023899
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20022FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20023B97
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20022F02
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20022EBC
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\hkcmd.exe[2640] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\igfxpers.exe[2684] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\RTHDCPL.EXE[2700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Atheros\ACU.exe[2764] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\Program Files\iPod\bin\iPodService.exe[2996] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\ctfmon.exe[3104] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
? C:\WINDOWS\System32\svchost.exe[3404] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\System32\svchost.exe[3404] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB
? C:\WINDOWS\system32\svchost.exe[3600] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[3600] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[3472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6060D8
AttachedDevice \FileSystem\Ntfs \Ntfs MyBusinessWorks.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Cdrom \Device\CdRom0 8974FDE0
Device \FileSystem\Rdbss \Device\FsWrap 89A977C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89769210
Device \Driver\atapi \Device\Ide\IdePort0 89769210
Device \Driver\atapi \Device\Ide\IdePort1 89769210
Device \FileSystem\Srv \Device\LanmanServer 894185C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A98990
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A98990
Device \FileSystem\Npfs \Device\NamedPipe 89331840
Device \FileSystem\Msfs \Device\Mailslot 8957A470
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 897FA248
Device \FileSystem\Cdfs \Cdfs 894FED70
---- Modules - GMER 1.0.15 ----
Module _________ B9E0B000-B9E23000 (98304 bytes)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe 98224 bytes executable
File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
---- EOF - GMER 1.0.15 ----