hi,
no crashes or BsoD.
here's the ComboFix log
ComboFix 11-02-24.01 - jodie and ciaran xxx 24/02/2011 18:27:24.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1917.1385 [GMT 0:00]
Running from: c:\documents and settings\jodie and ciaran xxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jodie and ciaran xxx\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Internet Explorer\IEXPLOREmgr.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.
2011-02-23 17:44 . 2011-02-23 17:44 -------- d-----w- c:\program files\DWG TrueView 2010
2011-02-13 05:25 . 2011-02-13 05:25 664 ----a-w- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\d3d9caps.tmp
2011-02-05 20:11 . 2011-02-05 20:11 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 13:58 . 2004-08-12 12:18 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-12-20 18:09 . 2010-12-16 15:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-16 15:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-02-24_00.16.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-24 17:05 . 2011-02-24 17:05 16384 c:\windows\Temp\Perflib_Perfdata_510.dat
+ 2010-02-16 15:01 . 2011-02-24 10:02 35088 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-16 15:01 . 2010-05-12 08:42 35088 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-16 15:01 . 2010-05-12 08:42 18704 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-16 15:01 . 2011-02-24 10:02 18704 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-16 15:01 . 2011-02-24 10:02 20240 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-02-16 15:01 . 2010-05-12 08:42 20240 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-16 15:01 . 2011-02-24 10:02 845584 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-16 15:01 . 2010-05-12 08:42 845584 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-16 15:01 . 2010-05-12 08:42 217864 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-16 15:01 . 2011-02-24 10:02 217864 c:\windows\Installer\{91120000-001A-0000-0000-0000000FF1CE}\misc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-18 4093288]
"Google Update"="c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29987322]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-19 231888]
c:\documents and settings\romy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^jodie and ciaran xxx^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
backupExtension=Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-06-23 20:22 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-23 20:23 884696 ------w- c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-28 03:26 8491008 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-28 03:26 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-28 03:26 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC Service Utility]
2007-10-09 11:55 821075 ----a-w- c:\program files\SSC Service Utility\ssc_serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-06-23 20:20 1274800 ------w- c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2010 14:09 64288]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/01/2009 19:04 238080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2010 16:43 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52 1352832]
S3 qcusbmdm6k;New York Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [03/05/2009 17:31 65024]
S3 qcusbser6k;New York Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [03/05/2009 17:32 65024]
.
Contents of the 'Scheduled Tasks' folder
2011-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:55]
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:43]
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:43]
2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1326574676-1177238915-1003Core.job
- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:35]
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1326574676-1177238915-1003UA.job
- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jodie and ciaran xxx\Application Data\Mozilla\Firefox\Profiles\4lw9vf3t.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.co.uk/ig?referrer=theme_ignFF - prefs.js: keyword.URL -
hxxp://uk.search.yahoo.com/search?fr=gr ... =937811&p=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-02-24 18:30
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
c:\documents and settings\jodie and ciaran xxx\Start Menu\Programs\Startup\ntjiyevg.exe 152500 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,b4,58,1d,ba,3c,99,40,95,b6,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,b4,58,1d,ba,3c,99,40,95,b6,ed,\
[HKEY_USERS\S-1-5-21-436374069-1326574676-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-24 18:32:35
ComboFix-quarantined-files.txt 2011-02-24 18:32
ComboFix2.txt 2011-02-24 18:00
ComboFix3.txt 2011-02-24 15:52
ComboFix4.txt 2011-02-24 00:23
Pre-Run: 298,115,354,624 bytes free
Post-Run: 298,101,075,968 bytes free
- - End Of File - - A86D6F962DE2AF7D0795E65642D4C667
and here's the Gmer log.
GMER 1.0.15.15530 -
http://www.gmer.netRootkit scan 2011-02-25 01:00:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e Hitachi_HDP725050GLA360 rev.GM4OA5CA
Running: ov6rzplj.exe; Driver: C:\DOCUME~1\JODIEA~1\LOCALS~1\Temp\pgldqpoc.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA90887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA908BFE]
Code \??\C:\DOCUME~1\JODIEA~1\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? kaimc.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9C4D360, 0x30AD87, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB65DB280]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\JODIEA~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[316] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[348] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\WINDOWS\system32\nvsvc32.exe[620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\WINDOWS\system32\nvsvc32.exe[620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\WINDOWS\system32\nvsvc32.exe[620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
? C:\WINDOWS\System32\smss.exe[880] time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[944] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
? C:\WINDOWS\system32\winlogon.exe[968] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\winlogon.exe[968] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
? C:\WINDOWS\system32\services.exe[1012] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[1012] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\services.exe[1012] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\services.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\services.exe[1012] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\WINDOWS\system32\lsass.exe[1024] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\lsass.exe[1024] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\lsass.exe[1024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\lsass.exe[1024] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001E19E
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001E281
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001E4A9
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001E170
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001E355
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001E247
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001E2C1
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001E3FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001E308
? C:\WINDOWS\system32\svchost.exe[1200] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
? C:\WINDOWS\system32\svchost.exe[1252] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001E19E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001E281
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001E4A9
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001E170
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001E355
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001E247
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001E2C1
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001E3FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1296] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001E308
? C:\WINDOWS\System32\svchost.exe[1396] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 2004CF28
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 2004CE6D
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 2004C578
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2004CF55
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 2004CB4E
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 2004C5D7
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2004CF82
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 2004C543
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2004CD52
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 2004CCAB
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 2004C5AA
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 2004CFA9
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2004C4FD
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 2004C4B7
? C:\WINDOWS\system32\svchost.exe[1416] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 2001CF28
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 2001CE6D
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 2001C578
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2001CF55
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 2001CB4E
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 2001C5D7
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2001CF82
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 2001C543
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2001CD52
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 2001CCAB
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 2001C5AA
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 2001CFA9
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2001C4FD
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1488] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 2001C4B7
? C:\WINDOWS\system32\svchost.exe[1520] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1604] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1604] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
? C:\WINDOWS\system32\svchost.exe[1624] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\spoolsv.exe[1832] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
? C:\WINDOWS\system32\svchost.exe[1956] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 2004CF28
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 2004CE6D
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 2004C578
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2004CF55
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 2004CB4E
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 2004C5D7
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2004CF82
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 2004C543
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2004CD52
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 2004CCAB
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 2004C5AA
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 2004CFA9
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2004C4FD
.text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 2004C4B7
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1988] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe[2016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe[2016] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe[2016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2036] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\WINDOWS\System32\alg.exe[2372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\WINDOWS\System32\alg.exe[2372] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\WINDOWS\System32\alg.exe[2372] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001E19E
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001E281
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001E4A9
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001E170
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001E355
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001E247
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001E2C1
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001E3FC
.text C:\WINDOWS\System32\alg.exe[2372] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001E308
? C:\WINDOWS\explorer.exe[2436] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\explorer.exe[2436] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004E4C8
.text C:\WINDOWS\explorer.exe[2436] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2004762E
.text C:\WINDOWS\explorer.exe[2436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2004DE8E
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!HttpOpenRequestA 630187BC 5 Bytes JMP 2004CF28
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 2004CE6D
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 2004C578
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!HttpOpenRequestW 6301F87B 5 Bytes JMP 2004CF55
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 2004CB4E
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 2004C5D7
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 2004CF82
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 2004C543
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetReadFileExW 6303377E 5 Bytes JMP 2004CD52
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 2004CCAB
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 2004C5AA
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 2004CFA9
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 2004C4FD
.text C:\WINDOWS\explorer.exe[2436] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 2004C4B7
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2004E19E
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2004E281
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2004E4A9
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2004E170
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2004E355
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2004E247
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2004E2C1
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2004E3FC
.text C:\WINDOWS\explorer.exe[2436] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2004E308
.text C:\Documents and Settings\jodie and ciaran xxx\Desktop\ov6rzplj.exe[2472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\Documents and Settings\jodie and ciaran xxx\Desktop\ov6rzplj.exe[2472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\Documents and Settings\jodie and ciaran xxx\Desktop\ov6rzplj.exe[2472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\WINDOWS\system32\wscntfy.exe[3240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\WINDOWS\system32\wscntfy.exe[3240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\WINDOWS\system32\wscntfy.exe[3240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2001E19E
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 2001E281
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2001E4A9
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2001E170
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2001E355
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2001E247
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2001E2C1
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2001E3FC
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3628] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 2001E308
? C:\WINDOWS\System32\svchost.exe[3848] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\WINDOWS\System32\svchost.exe[3848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\WINDOWS\System32\svchost.exe[3848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
.text C:\WINDOWS\system32\ctfmon.exe[3972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001E4C8
.text C:\WINDOWS\system32\ctfmon.exe[3972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001762E
.text C:\WINDOWS\system32\ctfmon.exe[3972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 2001DE8E
---- Devices - GMER 1.0.15 ----
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\jodie and ciaran xxx\Start Menu\Programs\Startup\ntjiyevg.exe 152500 bytes executable
File C:\ntjiyevg.exe 152500 bytes executable
File C:\Program Files\fnrvobms\ntjiyevg.exe 152500 bytes executable
File C:\System Volume Information\_restore{953D3D99-A34F-469B-9935-FAAE5DB7EAB3}\RP469\A0254245.dll 104448 bytes executable
---- EOF - GMER 1.0.15 ----