GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-23 14:36:00 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500320NS rev.SN04 Running: 4kw0xz34.exe; Driver: C:\DOCUME~1\Grzegorz\USTAWI~1\Temp\ffairuog.sys ---- System - GMER 1.0.15 ---- SSDT BA7F974C ZwClose SSDT BA7F9706 ZwCreateKey SSDT BA7F9756 ZwCreateSection SSDT BA7F96FC ZwCreateThread SSDT BA7F970B ZwDeleteKey SSDT BA7F9715 ZwDeleteValueKey SSDT BA7F9747 ZwDuplicateObject SSDT BA7F971A ZwLoadKey SSDT BA7F96E8 ZwOpenProcess SSDT BA7F96ED ZwOpenThread SSDT BA7F976F ZwQueryValueKey SSDT BA7F9724 ZwReplaceKey SSDT BA7F9760 ZwRequestWaitReplyPort SSDT BA7F971F ZwRestoreKey SSDT BA7F975B ZwSetContextThread SSDT BA7F9765 ZwSetSecurityObject SSDT BA7F9710 ZwSetValueKey SSDT BA7F976A ZwSystemDebugControl SSDT BA7F96F7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 8050467C 4 Bytes CALL A70AC617 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FA4380, 0x2FF527, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB396F300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA410300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01E052A1; RET .text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, E0, 01, C3] {JL 0x56; LOOPNZ 0x5; RET } .text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 01E056E5; RET .text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 01E056A4; RET .text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 01E05762; RET .text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 01E0574B; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01E10B69; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01E10AEB; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 01E025E6; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01E10B2A; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01E14A06; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01E14A56; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01E14967; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01E0A84E; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4138902C .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 01E0A4DC; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 01E0A52C; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 01E0A5D6; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01E14A2E; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 01E0A93A; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 01E0A54A; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 01E109E0; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 01E10A50; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 01E14839; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 01E14807; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 01E0A780; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01E14A81; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 01E10BA9; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 01E0A7C9; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 01E0A590; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 01E148BD; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 01E14917; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 01E10A90; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 01E0A89B; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 01E10C3C; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 01E0A662; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 01E0A6F4; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 01E0275C; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 01E0A61C; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 01E0A6AB; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 01E0A73A; RET .text C:\WINDOWS\Explorer.EXE[404] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01E14880; RET .text C:\WINDOWS\Explorer.EXE[404] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 01E007A7; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 01DFFEB3; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 01DFFFE6; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 01DFFE46; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 01DFFFBA; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 01DFFB8E; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 01DFFBCC; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 01DFFB50; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 01DFFC21; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 01DFFEE1; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 01DFFF60; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 01DFFD13; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 01DFFC76; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 01DFFDB0; RET .text C:\WINDOWS\Explorer.EXE[404] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 01DFFDFB; RET .text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01E02883; RET .text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 01E02C72; RET .text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!send 71A54C27 6 Bytes PUSH 01E02CAA; RET .text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 01E02813; RET .text C:\WINDOWS\Explorer.EXE[404] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 01E02CCB; RET .text C:\WINDOWS\system32\wuauclt.exe[796] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, EE] .text C:\WINDOWS\system32\wuauclt.exe[796] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, EE] {JL 0x56; OUT DX, AL } .text C:\WINDOWS\system32\wuauclt.exe[796] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00EE56E5; RET .text C:\WINDOWS\system32\wuauclt.exe[796] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00EE56A4; RET .text C:\WINDOWS\system32\wuauclt.exe[796] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00EE5762; RET .text C:\WINDOWS\system32\wuauclt.exe[796] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00EE574B; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00EF0B69; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, EF] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00EE25E6; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, EF] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00EF4A06; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00EF4A56; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00EF4967; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00EEA84E; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 41379E2C .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, EE] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, EE] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00EEA5D6; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00EF4A2E; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00EEA93A; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00EEA54A; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, EF] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, EF] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00EF4839; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00EF4807; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00EEA780; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00EF4A81; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00EF0BA9; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00EEA7C9; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00EEA590; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, EF] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00EF4917; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, EF] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00EEA89B; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00EF0C3C; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00EEA662; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00EEA6F4; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00EE275C; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00EEA61C; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00EEA6AB; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00EEA73A; RET .text C:\WINDOWS\system32\wuauclt.exe[796] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00EF4880; RET .text C:\WINDOWS\system32\wuauclt.exe[796] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00EE07A7; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00EE2883; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00EE2C72; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00EE2CAA; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00EE2813; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00EE2CCB; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00EDFEB3; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00EDFFE6; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00EDFE46; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00EDFFBA; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00EDFB8E; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00EDFBCC; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00EDFB50; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00EDFC21; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00EDFEE1; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00EDFF60; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00EDFD13; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00EDFC76; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00EDFDB0; RET .text C:\WINDOWS\system32\wuauclt.exe[796] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00EDFDFB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, C3] {JL 0x56; RET } .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C356E5; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C356A4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00C35762; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00C3574B; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00C40B69; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, C4] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00C325E6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, C4] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00C44A06; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00C44A56; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00C44967; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00C3A84E; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137732C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00C3A5D6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00C44A2E; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00C3A93A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00C3A54A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, C4] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, C4] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00C44839; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00C44807; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00C3A780; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00C44A81; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00C40BA9; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00C3A7C9; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00C3A590; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, C4] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00C44917; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, C4] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00C3A89B; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00C40C3C; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00C3A662; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00C3A6F4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00C3275C; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00C3A61C; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00C3A6AB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00C3A73A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00C44880; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00C2FEB3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00C2FFE6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00C2FE46; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00C2FFBA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00C2FB8E; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00C2FBCC; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00C2FB50; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00C2FC21; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00C2FEE1; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00C2FF60; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00C2FD13; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00C2FC76; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00C2FDB0; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00C2FDFB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00C32883; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00C32C72; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00C32CAA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00C32813; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00C32CCB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1328] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00C307A7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] ntdll.dll!LdrLoadDll 7C91632D 6 Bytes JMP 017F0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01A27B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01A27B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001556E5; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001556A4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 017F3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00160B69; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 16] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001525E6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 16] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00164A06; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00164A56; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00164967; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0015A84E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C52C .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0015A5D6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00164A2E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0015A93A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0015A54A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 16] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 16] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00164839; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00164807; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0015A780; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00164A81; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00160BA9; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0015A7C9; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0015A590; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 16] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00164917; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 16] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0015A89B; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00160C3C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0015A662; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0015A6F4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0015275C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0015A61C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0015A6AB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0015A73A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00164880; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01A27AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00155762; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0015574B; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00152883; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00152C72; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00152CAA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00152813; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00152CCB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001507A7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0014FEB3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0014FFE6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0014FE46; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0014FFBA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0014FB8E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0014FBCC; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0014FB50; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0014FC21; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0014FEE1; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0014FF60; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0014FD13; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0014FC76; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0014FDB0; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1536] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0014FDFB; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 011252A1; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, 12, 01, C3] {JL 0x56; ADC AL, [ECX]; RET } .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 011256E5; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 011256A4; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 01125762; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0112574B; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01130B69; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01130AEB; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 011225E6; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01130B2A; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01134A06; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01134A56; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01134967; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0112A84E; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137C22C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 0112A4DC; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 0112A52C; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0112A5D6; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01134A2E; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0112A93A; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0112A54A; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 011309E0; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 01130A50; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 01134839; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 01134807; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0112A780; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01134A81; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 01130BA9; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0112A7C9; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0112A590; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 011348BD; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 01134917; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 01130A90; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0112A89B; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 01130C3C; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0112A662; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0112A6F4; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0112275C; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0112A61C; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0112A6AB; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0112A73A; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01134880; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01122883; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 01122C72; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WS2_32.dll!send 71A54C27 6 Bytes PUSH 01122CAA; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 01122813; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 01122CCB; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 011207A7; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0111FEB3; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0111FFE6; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0111FE46; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0111FFBA; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0111FB8E; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0111FBCC; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0111FB50; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0111FC21; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0111FEE1; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0111FF60; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0111FD13; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0111FC76; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0111FDB0; RET .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1592] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0111FDFB; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, BA] .text C:\WINDOWS\system32\ctfmon.exe[1604] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, BA] .text C:\WINDOWS\system32\ctfmon.exe[1604] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00BA56E5; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00BA56A4; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00BA5762; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00BA574B; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00BB0B69; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, BB] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00BA25E6; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, BB] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00BB4A06; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00BB4A56; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00BB4967; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00BAA84E; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 41376A2C .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, BA] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, BA] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00BAA5D6; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00BB4A2E; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00BAA93A; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00BAA54A; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, BB] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, BB] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00BB4839; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00BB4807; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00BAA780; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00BB4A81; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00BB0BA9; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00BAA7C9; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00BAA590; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, BB] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00BB4917; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, BB] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00BAA89B; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00BB0C3C; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00BAA662; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00BAA6F4; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00BA275C; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00BAA61C; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00BAA6AB; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00BAA73A; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00BB4880; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00BA2883; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00BA2C72; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00BA2CAA; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00BA2813; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00BA2CCB; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00BA07A7; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00B9FEB3; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00B9FFE6; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00B9FE46; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00B9FFBA; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00B9FB8E; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00B9FBCC; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00B9FB50; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00B9FC21; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00B9FEE1; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00B9FF60; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00B9FD13; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00B9FC76; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00B9FDB0; RET .text C:\WINDOWS\system32\ctfmon.exe[1604] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00B9FDFB; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, FC] .text C:\Program Files\Messenger\msmsgs.exe[1676] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, FC] {JL 0x56; CLD } .text C:\Program Files\Messenger\msmsgs.exe[1676] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00FC56E5; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00FC56A4; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00FC5762; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00FC574B; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00FD0B69; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, FD] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00FC25E6; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, FD] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00FD4A06; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00FD4A56; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00FD4967; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00FCA84E; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137AC2C .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, FC] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, FC] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00FCA5D6; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00FD4A2E; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00FCA93A; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00FCA54A; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, FD] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, FD] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00FD4839; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00FD4807; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00FCA780; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00FD4A81; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00FD0BA9; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00FCA7C9; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00FCA590; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, FD] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00FD4917; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, FD] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00FCA89B; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00FD0C3C; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00FCA662; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00FCA6F4; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00FC275C; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00FCA61C; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00FCA6AB; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00FCA73A; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00FD4880; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00FC2883; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00FC2C72; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00FC2CAA; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00FC2813; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00FC2CCB; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00FBFEB3; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00FBFFE6; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00FBFE46; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00FBFFBA; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00FBFB8E; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00FBFBCC; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00FBFB50; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00FBFC21; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00FBFEE1; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00FBFF60; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00FBFD13; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00FBFC76; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00FBFDB0; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00FBFDFB; RET .text C:\Program Files\Messenger\msmsgs.exe[1676] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00FC07A7; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 026D52A1; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, 6D, 02, C3] {JL 0x56; INSD ; ADD AL, BL} .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 026D56E5; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 026D56A4; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 026E0B69; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 026E0AEB; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 026D25E6; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 026E0B2A; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 026E4A06; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 026E4A56; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 026E4967; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 026DA84E; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 41391D2C .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 026DA4DC; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 026DA52C; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 026DA5D6; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 026E4A2E; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 026DA93A; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 026DA54A; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 026E09E0; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 026E0A50; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 026E4839; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 026E4807; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 026DA780; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 026E4A81; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 026E0BA9; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 026DA7C9; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 026DA590; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 026E48BD; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 026E4917; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 026E0A90; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 026DA89B; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 026E0C3C; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 026DA662; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 026DA6F4; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 026D275C; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 026DA61C; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 026DA6AB; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 026DA73A; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 026E4880; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 026D5762; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 026D574B; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 026D2883; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 026D2C72; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WS2_32.dll!send 71A54C27 6 Bytes PUSH 026D2CAA; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 026D2813; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 026D2CCB; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 026CFEB3; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 026CFFE6; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 026CFE46; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 026CFFBA; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 026CFB8E; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 026CFBCC; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 026CFB50; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 026CFC21; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 026CFEE1; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 026CFF60; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 026CFD13; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 026CFC76; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 026CFDB0; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 026CFDFB; RET .text C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe[2060] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 026D07A7; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 15] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, 15] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001556E5; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001556A4; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00160B69; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 16] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001525E6; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 16] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00164A06; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00164A56; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00164967; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0015A84E; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C52C .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 15] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 15] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0015A5D6; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00164A2E; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0015A93A; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0015A54A; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 16] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 16] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00164839; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00164807; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0015A780; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00164A81; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00160BA9; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0015A7C9; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0015A590; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 16] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00164917; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 16] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0015A89B; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00160C3C; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0015A662; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0015A6F4; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0015275C; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0015A61C; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0015A6AB; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0015A73A; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00164880; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00155762; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0015574B; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00152883; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00152C72; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00152CAA; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00152813; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00152CCB; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001507A7; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0014FEB3; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0014FFE6; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0014FE46; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0014FFBA; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0014FB8E; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0014FBCC; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0014FB50; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0014FC21; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0014FEE1; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0014FF60; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0014FD13; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0014FC76; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0014FDB0; RET .text C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie\4kw0xz34.exe[2184] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0014FDFB; RET ---- Devices - GMER 1.0.15 ---- Device \Driver\prodrv06 \Device\ProDrv06 E2331C30 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E1B3F940 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\mv61xx \Device\Scsi\mv61xx1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC8 0xB7 0x3B 0x44 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xA8 0x4C 0x0C ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x13 0x12 0xE0 0x90 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC8 0xB7 0x3B 0x44 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xA8 0x4C 0x0C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0xDC 0x4B 0xC0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC8 0xB7 0x3B 0x44 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xA8 0x4C 0x0C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBA 0x49 0x18 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0x3B 0x66 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x94 0x44 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0x3F 0x60 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x9F 0xB3 0x8F 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x30 0xB9 0x4C 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x6D 0x46 0xD6 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0x3B 0x66 0x73 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0x94 0x44 0x59 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0x3F 0x60 0xBB ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x9F 0xB3 0x8F 0x6D ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x30 0xB9 0x4C 0xDA ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x6D 0x46 0xD6 ... ---- EOF - GMER 1.0.15 ----