Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit problem.


  • This topic is locked This topic is locked
2 replies to this topic

#1 clunk

clunk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 11 September 2011 - 02:24 PM

Hello, I have a friends laptop which seems to be infected with a virus / rootkit.
Internet access seems to be locked to the google search page. I am unable to install any kind of anti virus software as all the ones I have tried fail with internet connection errors.

I am also unable to get into safe mode, if safe mode is selected i get a bsod and a system restart.



Here is the dds log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by adrian at 18:53:47 on 2011-09-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.427 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\adrian\local settings\application data\bkrsykqu\jmxglenf.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [JmxGlenf] c:\documents and settings\adrian\local settings\application data\bkrsykqu\jmxglenf.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [\\ADRIAN2\EPSON Stylus DX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibie.exe /fu "c:\docume~1\adrian\locals~1\temp\E_S3.tmp" /EF "HKLM"
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://192.168.11.4/cab/OCXChecker_8000.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://192.168.11.4/cab/DownloadFile_8000.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4864B874-95C5-469D-B3A8-47A2A903D72A} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-19 73216]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\adrian\locals~1\temp\qckpmghv.sys --> c:\docume~1\adrian\locals~1\temp\qckpmghv.sys [?]
S2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\bechelperservice.exe --> c:\program files\3 mobile broadband\3connect\BecHelperService.exe [?]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-7-18 37488]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-19 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-8-19 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-19 235392]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-11 41272]
.
=============== Created Last 30 ================
.
2011-09-11 16:31:59 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-11 16:30:51 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-11 16:30:20 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-09-11 16:30:20 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-09-11 16:30:20 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-11 16:30:20 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-09-11 16:30:20 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-09-11 16:30:20 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-09-11 16:30:20 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-09-11 16:30:20 117760 ------w- c:\windows\system32\prntvpt.dll
2011-09-11 16:30:19 -------- d-----w- C:\81b01a40fbf31824b343
2011-09-11 16:23:36 -------- d-----w- c:\documents and settings\adrian\application data\Malwarebytes
2011-09-11 16:23:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-11 16:23:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-11 16:23:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 16:23:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-10 22:57:24 -------- d-----w- c:\windows\system32\KB905474
2011-09-10 22:01:32 -------- d-----w- C:\sh4ldr
2011-09-10 22:01:32 -------- d-----w- c:\program files\Enigma Software Group
2011-09-10 22:01:14 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-09-10 22:01:11 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-09-10 21:52:33 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-09-10 21:52:33 -------- d-----w- c:\documents and settings\adrian\local settings\application data\NPE
2011-09-10 21:02:22 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-10 21:01:37 293376 ------w- c:\windows\system32\browserchoice.exe
2011-09-10 21:01:21 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-10 20:55:31 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-09-10 20:55:31 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-09-10 20:55:30 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-09-10 20:55:30 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-09-10 20:54:56 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-10 20:13:47 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-09-10 20:13:47 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-10 20:10:28 -------- d-sha-r- C:\cmdcons
2011-09-10 20:08:32 98816 ----a-w- c:\windows\sed.exe
2011-09-10 20:08:32 518144 ----a-w- c:\windows\SWREG.exe
2011-09-10 20:08:32 256000 ----a-w- c:\windows\PEV.exe
2011-09-10 20:08:32 208896 ----a-w- c:\windows\MBR.exe
2011-09-10 13:04:32 -------- d-----w- c:\windows\system32\NtmsData
2011-09-09 21:21:40 3894928 ----a-w- C:\avg_free_stb_all_2012_1796_cnet.exe
2011-09-09 21:07:30 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-09 21:07:12 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-09 20:37:59 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2011-09-09 20:36:57 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-09-09 20:35:59 32256 -c--a-w- c:\windows\system32\dllcache\gzip.dll
2011-09-09 20:34:59 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-09-09 20:33:43 50112 --sha-w- c:\windows\system32\c_22300.nl_
2011-09-09 20:32:45 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-09-09 20:32:45 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-09-09 20:32:35 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2011-09-09 20:32:35 7168 ----a-w- c:\windows\system32\bitsprx4.dll
2011-09-09 20:30:15 53248 -c--a-w- c:\windows\system32\dllcache\tsgqec.dll
2011-09-09 20:30:15 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-09-09 20:30:15 290304 -c--a-w- c:\windows\system32\dllcache\rhttpaa.dll
2011-09-09 20:30:15 290304 ----a-w- c:\windows\system32\rhttpaa.dll
2011-09-09 20:30:14 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2011-09-09 20:30:14 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-09-09 20:20:35 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-09-09 20:13:57 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-09-09 20:13:57 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-09-09 20:13:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-09-09 20:13:57 13312 ----a-w- c:\windows\system32\irclass.dll
2011-09-09 20:13:29 16535 ----a-r- c:\windows\SETE6.tmp
2011-09-09 20:13:20 1088840 ----a-r- c:\windows\SETDA.tmp
2011-09-09 20:13:15 1296669 ----a-r- c:\windows\SETD9.tmp
2011-09-09 20:06:17 -------- d-----w- c:\windows\system32\scripting
2011-09-09 20:06:17 -------- d-----w- c:\windows\system32\en
2011-09-09 20:06:17 -------- d-----w- c:\windows\Network Diagnostic
2011-09-09 20:06:17 -------- d-----w- c:\windows\L2Schemas
2011-08-19 17:38:59 -------- d-----w- c:\documents and settings\adrian\local settings\application data\bkrsykqu
2011-08-19 10:54:04 -------- d-----w- c:\documents and settings\adrian\application data\Birdstep Technology
.
==================== Find3M ====================
.
2011-09-10 13:39:21 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-19 10:53:26 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18:34 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 12:58:45 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 18:54:09.35 ===============



And here is the gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-11 20:20:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980811AS rev.3.ALB
Running: gmer.exe; Driver: C:\DOCUME~1\adrian\LOCALS~1\Temp\fwnoifoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\DOCUME~1\adrian\LOCALS~1\Temp\qckpmghv.sys ZwCreateKey [0xF7ACE6AC]
SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xF7C94700]
SSDT \??\C:\DOCUME~1\adrian\LOCALS~1\Temp\qckpmghv.sys ZwOpenKey [0xF7ACE562]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) ECC3F16D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) ECC3EFC2

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB8013400, 0x82482, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB80B3420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB80B3420]
.protect˙˙˙˙hardlockunknown last code section [0xB80B3200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB80B3200, 0x5105, 0xE0000020]
? C:\DOCUME~1\adrian\LOCALS~1\Temp\qckpmghv.sys The system cannot find the file specified. !
? C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys The system cannot find the file specified. !
? C:\DOCUME~1\adrian\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Messenger\msmsgs.exe[368] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program Files\Messenger\msmsgs.exe[368] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Messenger\msmsgs.exe[368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program Files\Messenger\msmsgs.exe[368] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A9
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214D3
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217EC
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002115B
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021630
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021464
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021548
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002170B
.text C:\Program Files\Messenger\msmsgs.exe[368] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B9
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!HttpOpenRequestA 771C2B01 5 Bytes JMP 20022921
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 20021EC1
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 2002297B
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 20021E2D
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 20022866
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 20021DA1
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!HttpOpenRequestW 771CF432 5 Bytes JMP 2002294E
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetOpenUrlW 771D5B9A 5 Bytes JMP 200229A2
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetQueryDataAvailable 771D8A4F 5 Bytes JMP 20022547
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetWriteFile 771F8D8F 5 Bytes JMP 20021E94
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetReadFileExA 771F92D6 5 Bytes JMP 200226A4
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!InternetReadFileExW 771F9D26 5 Bytes JMP 2002274B
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!HttpSendRequestW 772131AC 5 Bytes JMP 20021E62
.text C:\Program Files\Messenger\msmsgs.exe[368] WININET.dll!HttpSendRequestExA 772132B1 5 Bytes JMP 20021DE7
? C:\WINDOWS\system32\svchost.exe[424] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200458C5
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20039E20
.text C:\WINDOWS\system32\svchost.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20045741
.text C:\WINDOWS\system32\svchost.exe[424] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200405B7
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200411A9
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200414D3
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200417EC
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2004115B
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20041630
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20041464
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20041548
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004170B
.text C:\WINDOWS\system32\svchost.exe[424] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200415B9
? C:\WINDOWS\system32\svchost.exe[448] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\system32\svchost.exe[448] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[464] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[464] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
? C:\WINDOWS\system32\services.exe[648] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\system32\services.exe[648] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[708] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Internet Explorer\iexplore.exe[792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200658C5
.text C:\Program Files\Internet Explorer\iexplore.exe[792] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20059E20
.text C:\Program Files\Internet Explorer\iexplore.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20065741
.text C:\Program Files\Internet Explorer\iexplore.exe[792] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200605B7
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!HttpOpenRequestA 771C2B01 5 Bytes JMP 20062921
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 20061EC1
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 2006297B
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 20061E2D
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 20062866
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 20061DA1
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!HttpOpenRequestW 771CF432 5 Bytes JMP 2006294E
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetOpenUrlW 771D5B9A 5 Bytes JMP 200629A2
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetQueryDataAvailable 771D8A4F 5 Bytes JMP 20062547
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetWriteFile 771F8D8F 5 Bytes JMP 20061E94
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetReadFileExA 771F92D6 5 Bytes JMP 200626A4
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!InternetReadFileExW 771F9D26 5 Bytes JMP 2006274B
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!HttpSendRequestW 772131AC 5 Bytes JMP 20061E62
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WININET.dll!HttpSendRequestExA 772132B1 5 Bytes JMP 20061DE7
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200611A9
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200614D3
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200617EC
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2006115B
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061630
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20061464
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061548
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006170B
.text C:\Program Files\Internet Explorer\iexplore.exe[792] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200615B9
? C:\WINDOWS\system32\svchost.exe[836] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
? C:\WINDOWS\system32\svchost.exe[884] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
.text C:\WINDOWS\RTHDCPL.EXE[968] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\RTHDCPL.EXE[968] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\RTHDCPL.EXE[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\RTHDCPL.EXE[968] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
? C:\WINDOWS\System32\svchost.exe[976] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!HttpOpenRequestA 771C2B01 5 Bytes JMP 200A2921
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 200A1EC1
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 200A297B
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 200A1E2D
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 200A2866
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 200A1DA1
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!HttpOpenRequestW 771CF432 5 Bytes JMP 200A294E
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlW 771D5B9A 5 Bytes JMP 200A29A2
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetQueryDataAvailable 771D8A4F 5 Bytes JMP 200A2547
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetWriteFile 771F8D8F 5 Bytes JMP 200A1E94
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetReadFileExA 771F92D6 5 Bytes JMP 200A26A4
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetReadFileExW 771F9D26 5 Bytes JMP 200A274B
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!HttpSendRequestW 772131AC 5 Bytes JMP 200A1E62
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!HttpSendRequestExA 772132B1 5 Bytes JMP 200A1DE7
.text C:\Program[1000] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program[1000] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program[1000] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program[1000] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A9
.text C:\Program[1000] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214D3
.text C:\Program[1000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217EC
.text C:\Program[1000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002115B
.text C:\Program[1000] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021630
.text C:\Program[1000] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021464
.text C:\Program[1000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021548
.text C:\Program[1000] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002170B
.text C:\Program[1000] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B9
.text C:\Program[1000] WININET.dll!HttpOpenRequestA 771C2B01 5 Bytes JMP 20022921
.text C:\Program[1000] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 20021EC1
.text C:\Program[1000] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 2002297B
.text C:\Program[1000] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 20021E2D
.text C:\Program[1000] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 20022866
.text C:\Program[1000] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 20021DA1
.text C:\Program[1000] WININET.dll!HttpOpenRequestW 771CF432 5 Bytes JMP 2002294E
.text C:\Program[1000] WININET.dll!InternetOpenUrlW 771D5B9A 5 Bytes JMP 200229A2
.text C:\Program[1000] WININET.dll!InternetQueryDataAvailable 771D8A4F 5 Bytes JMP 20022547
.text C:\Program[1000] WININET.dll!InternetWriteFile 771F8D8F 5 Bytes JMP 20021E94
.text C:\Program[1000] WININET.dll!InternetReadFileExA 771F92D6 5 Bytes JMP 200226A4
.text C:\Program[1000] WININET.dll!InternetReadFileExW 771F9D26 5 Bytes JMP 2002274B
.text C:\Program[1000] WININET.dll!HttpSendRequestW 772131AC 5 Bytes JMP 20021E62
.text C:\Program[1000] WININET.dll!HttpSendRequestExA 772132B1 5 Bytes JMP 20021DE7
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A9
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214D3
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217EC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002115B
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021630
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021464
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021548
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002170B
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1020] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B9
? C:\WINDOWS\system32\svchost.exe[1060] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
? C:\WINDOWS\system32\svchost.exe[1136] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A11A9
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A14D3
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A17EC
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A115B
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1630
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1464
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1548
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A170B
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A15B9
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1216] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1216] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1216] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\WINDOWS\system32\wuauclt.exe[1224] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\system32\wuauclt.exe[1224] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\wuauclt.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\system32\wuauclt.exe[1224] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A9
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214D3
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217EC
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002115B
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021630
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021464
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021548
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002170B
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1264] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B9
.text C:\WINDOWS\system32\spoolsv.exe[1436] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\spoolsv.exe[1436] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\spoolsv.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\spoolsv.exe[1436] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
? C:\WINDOWS\Explorer.EXE[1636] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\Explorer.EXE[1636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\Explorer.EXE[1636] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!HttpOpenRequestA 771C2B01 5 Bytes JMP 200A2921
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 200A1EC1
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 200A297B
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 200A1E2D
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 200A2866
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 200A1DA1
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!HttpOpenRequestW 771CF432 5 Bytes JMP 200A294E
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetOpenUrlW 771D5B9A 5 Bytes JMP 200A29A2
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetQueryDataAvailable 771D8A4F 5 Bytes JMP 200A2547
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetWriteFile 771F8D8F 5 Bytes JMP 200A1E94
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetReadFileExA 771F92D6 5 Bytes JMP 200A26A4
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!InternetReadFileExW 771F9D26 5 Bytes JMP 200A274B
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!HttpSendRequestW 772131AC 5 Bytes JMP 200A1E62
.text C:\WINDOWS\Explorer.EXE[1636] WININET.dll!HttpSendRequestExA 772132B1 5 Bytes JMP 200A1DE7
.text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200658C5
.text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20059E20
.text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20065741
.text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200605B7
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200611A9
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200614D3
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200617EC
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006115B
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061630
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20061464
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061548
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006170B
.text C:\WINDOWS\system32\svchost.exe[1652] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200615B9
.text C:\WINDOWS\system32\ctfmon.exe[1704] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\ctfmon.exe[1704] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\ctfmon.exe[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\ctfmon.exe[1704] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text E:\gmer.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text E:\gmer.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text E:\gmer.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text E:\gmer.exe[1836] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\WINDOWS\system32\wpabaln.exe[2904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A58C5
.text C:\WINDOWS\system32\wpabaln.exe[2904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20099E20
.text C:\WINDOWS\system32\wpabaln.exe[2904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200A5741
.text C:\WINDOWS\system32\wpabaln.exe[2904] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A05B7
.text C:\WINDOWS\System32\alg.exe[2944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\System32\alg.exe[2944] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\System32\alg.exe[2944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\System32\alg.exe[2944] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A9
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214D3
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217EC
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002115B
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021630
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021464
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021548
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002170B
.text C:\WINDOWS\System32\alg.exe[2944] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B9
.text C:\WINDOWS\system32\wscntfy.exe[3228] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\system32\wscntfy.exe[3228] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\system32\wscntfy.exe[3228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\system32\wscntfy.exe[3228] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Outlook Express\msimn.exe[3500] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\Program Files\Outlook Express\msimn.exe[3500] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\Program Files\Outlook Express\msimn.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\Program Files\Outlook Express\msimn.exe[3500] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!HttpOpenRequestA 771C2B01 5 Bytes JMP 20022921
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 20021EC1
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 2002297B
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 20021E2D
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 20022866
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!HttpSendRequestExW 771CE9E9 5 Bytes JMP 20021DA1
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!HttpOpenRequestW 771CF432 5 Bytes JMP 2002294E
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetOpenUrlW 771D5B9A 5 Bytes JMP 200229A2
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetQueryDataAvailable 771D8A4F 5 Bytes JMP 20022547
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetWriteFile 771F8D8F 5 Bytes JMP 20021E94
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetReadFileExA 771F92D6 5 Bytes JMP 200226A4
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!InternetReadFileExW 771F9D26 5 Bytes JMP 2002274B
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!HttpSendRequestW 772131AC 5 Bytes JMP 20021E62
.text C:\Program Files\Outlook Express\msimn.exe[3500] WININET.dll!HttpSendRequestExA 772132B1 5 Bytes JMP 20021DE7
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200211A9
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200214D3
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200217EC
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002115B
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021630
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021464
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021548
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002170B
.text C:\Program Files\Outlook Express\msimn.exe[3500] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200215B9
? C:\WINDOWS\System32\svchost.exe[3676] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200258C5
.text C:\WINDOWS\System32\svchost.exe[3676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20019E20
.text C:\WINDOWS\System32\svchost.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 20025741
.text C:\WINDOWS\System32\svchost.exe[3676] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200205B7

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [1000] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [1000] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [1000] 0x00890000
Library C:\Program (*** hidden *** ) @ C:\Program [1000] 0x00A70000
Library C:\Program (*** hidden *** ) @ C:\Program [1000] 0x00B50000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\adrian\Local Settings\Application Data\bkrsykqu\jmxglenf.exe 113693 bytes executable
File C:\Documents and Settings\adrian\Start Menu\Programs\Startup\jmxglenf.exe 113693 bytes executable
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\jmxglenf.exe 113693 bytes executable

---- EOF - GMER 1.0.15 ----


Thanks in advance for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 18 September 2011 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418496 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 23 September 2011 - 02:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users