GMER 2.1.19081 - http://www.gmer.net Rootkit scan 2013-02-23 23:37:44 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C 232,89GB Running: hjkvv3jw.exe; Driver: C:\Users\Okacz\AppData\Local\Temp\pwloapog.sys ---- System - GMER 2.1 ---- SSDT 874FDEB0 ZwAlertResumeThread SSDT 874FC2D0 ZwAlertThread SSDT 86E81F00 ZwAllocateVirtualMemory SSDT 86D15308 ZwAlpcConnectPort SSDT 86E52268 ZwAssignProcessToJobObject SSDT 86E93118 ZwCreateMutant SSDT 874AF140 ZwCreateSymbolicLinkObject SSDT 87501068 ZwCreateThread SSDT 86E4F210 ZwDebugActiveProcess SSDT 86E887A0 ZwDuplicateObject SSDT 86E85F00 ZwFreeVirtualMemory SSDT 87508068 ZwImpersonateAnonymousToken SSDT 874FCAD8 ZwImpersonateThread SSDT 86D15290 ZwLoadDriver SSDT 86E53520 ZwMapViewOfSection SSDT 87509120 ZwOpenEvent SSDT 86E83AF0 ZwOpenProcess SSDT 86C6A9D8 ZwOpenProcessToken SSDT 86E4E110 ZwOpenSection SSDT 86E88110 ZwOpenThread SSDT 874AFA08 ZwProtectVirtualMemory SSDT 86E256F0 ZwResumeThread SSDT 874B4708 ZwSetContextThread SSDT 86E85120 ZwSetInformationProcess SSDT 86E511E8 ZwSetSystemInformation SSDT 8750E120 ZwSuspendProcess SSDT 874C57F8 ZwSuspendThread SSDT 86E55160 ZwTerminateProcess SSDT 86F59168 ZwTerminateThread SSDT 86E25D00 ZwUnmapViewOfSection SSDT 86E8A1A8 ZwWriteVirtualMemory SSDT 874AF950 ZwCreateThreadEx INT 0x51 ? 85FF0CC8 INT 0x62 ? 85FF0CC8 INT 0x82 ? 85FF0CC8 INT 0x92 ? 85FF0CC8 INT 0xA2 ? 84361CC8 INT 0xA2 ? 84361CC8 INT 0xA2 ? 84361CC8 INT 0xA2 ? 84361CC8 INT 0xA2 ? 85FF0CC8 INT 0xA2 ? 85FF0CC8 INT 0xA2 ? 85FF0CC8 INT 0xA2 ? 84361CC8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetTimerEx + 350 81EF8974 8 Bytes [B0, DE, 4F, 87, D0, C2, 4F, ...] {MOV AL, 0xde; DEC EDI; XCHG EAX, EDX; RET 0x874f} .text ntkrnlpa.exe!KeSetTimerEx + 364 81EF8988 4 Bytes [00, 1F, E8, 86] .text ntkrnlpa.exe!KeSetTimerEx + 370 81EF8994 4 Bytes [08, 53, D1, 86] .text ntkrnlpa.exe!KeSetTimerEx + 3C4 81EF89E8 4 Bytes [68, 22, E5, 86] .text ntkrnlpa.exe!KeSetTimerEx + 428 81EF8A4C 4 Bytes [18, 31, E9, 86] .text ... .text sptd.sys 80694000 32 Bytes [9E, 9F, E1, 81, 60, 0F, E1, ...] .text sptd.sys 80694024 4 Bytes [D2, 33, 7C, 80] {SAL [EBX], CL; JL 0xffffff84} .text sptd.sys 80694057 293 Bytes [82, 79, 91, E5, 81, D4, 74, ...] .text sptd.sys 8069417D 5 Bytes [34, E9, 81, FC, 61] .text sptd.sys 80694183 77 Bytes [82, 70, 59, E6, 81, BC, 43, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8078BD38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload 8F19446F 5 Bytes JMP 85FF01D8 .text ai3rl8a3.SYS 8A39F000 46 Bytes [26, 42, E1, 81, 10, 41, E1, ...] .text ai3rl8a3.SYS 8A39F02F 159 Bytes [00, 7A, 2F, E4, 81, A8, B5, ...] .text ai3rl8a3.SYS 8A39F0D0 17 Bytes [00, 00, 00, 00, A0, 8C, 41, ...] {ADD [EAX], AL; ADD [EAX], AL; MOV AL, [0x4c418c]; ADD [EAX], AL; ADD [EDX], AL; ADD [EAX], AL; ADD [ESI], AH} .text ai3rl8a3.SYS 8A39F0E3 4 Bytes [00, 38, 19, 00] {ADD [EAX], BH; SBB [EAX], EAX} .text ai3rl8a3.SYS 8A39F0E8 6 Bytes [38, 0F, 00, 00, 00, 00] {CMP [EDI], CL; ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F6D1300, 0x3AE88, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F714300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0004B80C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateFile + 6 77B87C7E 4 Bytes [28, 00, 09, 00] {SUB [EAX], AL; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateFile + B 77B87C83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateKey + 6 77B87CBE 4 Bytes [68, 01, 09, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateKey + B 77B87CC3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateMutant + 6 77B87CEE 4 Bytes [28, 02, 09, 00] {SUB [EDX], AL; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateMutant + B 77B87CF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateSection + 6 77B87D6E 4 Bytes [68, 02, 09, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateSection + B 77B87D73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtMapViewOfSection + 6 77B883CE 4 Bytes [A8, 04, 09, 00] {TEST AL, 0x4; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtMapViewOfSection + B 77B883D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenFile + 6 77B8845E 4 Bytes [68, 00, 09, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenFile + B 77B88463 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenKey + 6 77B8848E 4 Bytes [A8, 01, 09, 00] {TEST AL, 0x1; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenKey + B 77B88493 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenMutant + 6 77B884AE 4 Bytes CALL 76B88DB4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenMutant + B 77B884B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcess + 6 77B884DE 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcess + 6 77B884DE 4 Bytes [28, 03, 09, 00] {SUB [EBX], AL; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcess + B 77B884E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcessToken + 6 77B884EE 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcessToken + 6 77B884EE 4 Bytes [68, 03, 09, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcessToken + B 77B884F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcessTokenEx + 6 77B884FE 4 Bytes [28, 04, 09, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenProcessTokenEx + B 77B88503 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenSection + 6 77B8850E 4 Bytes [A8, 02, 09, 00] {TEST AL, 0x2; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenSection + B 77B88513 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThread + 6 77B8854E 4 Bytes CALL 76B88E55 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThread + B 77B88553 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThreadToken + 6 77B8855E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThreadToken + 6 77B8855E 4 Bytes CALL 76B88E66 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThreadToken + B 77B88563 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThreadTokenEx + 6 77B8856E 4 Bytes [68, 04, 09, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtOpenThreadTokenEx + B 77B88573 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtQueryAttributesFile + 6 77B885FE 4 Bytes [A8, 00, 09, 00] {TEST AL, 0x0; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtQueryAttributesFile + B 77B88603 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtQueryFullAttributesFile + 6 77B886AE 4 Bytes CALL 76B88FB3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtQueryFullAttributesFile + B 77B886B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtSetInformationFile + 6 77B88B8E 4 Bytes [28, 01, 09, 00] {SUB [ECX], AL; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtSetInformationFile + B 77B88B93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtSetInformationThread + 6 77B88BDE 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtSetInformationThread + 6 77B88BDE 4 Bytes [A8, 03, 09, 00] {TEST AL, 0x3; OR [EAX], EAX} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtSetInformationThread + B 77B88BE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtUnmapViewOfSection + 6 77B88E7E 4 Bytes CALL 76B89787 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtUnmapViewOfSection + B 77B88E83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0004B6DD .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] kernel32.dll!CreateProcessW 770F1C01 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] kernel32.dll!CreateProcessA 770F1C36 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0004B8E6 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] kernel32.dll!OpenEventW 7710C8AD 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] kernel32.dll!CreateEventW 7713447A 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0004DFD2 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0004DF2A .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0004E18C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetDeviceCaps 76455AF0 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!DeleteObject 76455BED 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SelectObject 76456100 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetTextColor 76456549 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetBkMode 764565F4 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!DeleteDC 76456A44 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetStretchBltMode 76456D78 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetCurrentObject 76456F4B 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!StretchDIBits 76457442 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SaveDC 7645772D 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!RestoreDC 764577C6 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!ExtSelectClipRgn 764579DA 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SelectClipRgn 76457AE5 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!Rectangle 76457D49 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextAlign 76458178 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!ExtTextOutW 764582B1 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetClipBox 76458629 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetTextAlign 764586EA 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!MoveToEx 7645878E 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextMetricsW 76459434 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!IntersectClipRect 76459698 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetICMMode 76459DAB 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextExtentPoint32W 7645A926 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!CreateDCA 7645AC01 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!CreateDCW 7645ADA5 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!CreateICW 7645ADFD 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextFaceW 7645C1CF 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetFontData 7645C835 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetWorldTransform 7645CAB8 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextMetricsA 7645D65F 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!LineTo 7645EF82 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!ExtTextOutA 7645FE29 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextExtentPoint32A 76460B59 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!ExtEscape 7646208D 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!Escape 76462A7B 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!ResetDCW 7646321A 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetPolyFillMode 764649EE 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SetMiterLimit 76466298 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!EndPage 7646F173 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetTextFaceA 7646F321 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!GetGlyphOutlineW 7647A04F 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!CreateScalableFontResourceW 7647C4BB 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!AddFontResourceW 7647C8C3 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!RemoveFontResourceW 7647CD59 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!AbortDoc 76482A4E 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!EndDoc 76482E62 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!StartPage 76482F4D 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!StartDocW 76483A31 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!BeginPath 764841ED 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!SelectClipPath 76484244 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!CloseFigure 7648429F 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!EndPath 764842F6 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!StrokePath 76484528 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!FillPath 764845B4 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!PolylineTo 76484A1D 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!PolyBezierTo 76484AAD 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] GDI32.dll!PolyDraw 76484B5E 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00044E16 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0003C9F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00044AB2 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00042EF7 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00042F51 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0003C84C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00044A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00042FA1 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!SetCursor 77A9E563 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 000449B8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0003C965 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!RegisterClipboardFormatW 77A9E869 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00044DC4 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00044D2A .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00044A6C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00044D77 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!MonitorFromWindow 77AA13F6 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 000430BB .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00043068 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!ActivateKeyboardLayout 77AA5A50 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClientRect 77AA89F9 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetParent 77AA918E 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0003C8A7 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!RegisterClipboardFormatA 77AA974D 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClipboardFormatNameA 77AA9AB5 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!PostMessageW 77AAA064 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0003C79C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0003C80C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!MapWindowPoints 77AAA14F 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00043040 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00043090 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 000371D2 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00044A26 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00044C5C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0003C925 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0003C8E6 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!ScreenToClient 77AB0C02 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00042E41 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!IsWindowVisible 77AB0CDC 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00042E73 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetOpenClipboardWindow 77AB26DC 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00044AF8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00044B87 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00044C16 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00044CA5 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!SetClipboardViewer 77ABBE37 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!IsClipboardFormatAvailable 77ABC8D4 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!CloseClipboard 77ABC8E8 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!OpenClipboard 77ABC90E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetTopWindow 77ABD329 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00044B3E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00044BD0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClipboardSequenceNumber 77ABE355 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!ChangeClipboardChain 77ABE52F 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClipboardOwner 77AC0A5E 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!CountClipboardFormats 77AC0E19 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!SetClipboardData 77AD62F8 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!EnumClipboardFormats 77AD6C7E 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00042EBA .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0003733F .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClipboardFormatNameW 77ADA93C 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!EmptyClipboard 77AF390B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetClipboardViewer 77AF396D 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] USER32.dll!GetPriorityClipboardFormat 77AF3A6F 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00044123 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!FreeContextBuffer 76232825 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!DeleteSecurityContext 76232ABF 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!FreeCredentialsHandle 762331F5 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!EncryptMessage 76234BDE 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!DecryptMessage 76234CAB 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!InitializeSecurityContextA 76238233 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!AcquireCredentialsHandleA 7623833B 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!QueryContextAttributesA 76238747 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!ApplyControlToken 7623DDB2 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] Secur32.dll!QueryCredentialsAttributesA 7623DFB5 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ole32.dll!OleGetClipboard 77672AC1 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ole32.dll!OleSetClipboard 7769EC7D 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] ole32.dll!OleIsCurrentClipboard 776A8B31 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 000377F9 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00037852 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] WS2_32.dll!send 771D659B 5 Bytes JMP 00037831 .text C:\Windows\Explorer.EXE[1228] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0343B80C .text C:\Windows\Explorer.EXE[1228] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0343B6DD .text C:\Windows\Explorer.EXE[1228] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0343B8E6 .text C:\Windows\Explorer.EXE[1228] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 03434E16 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0342C9F8 .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 03434AB2 .text C:\Windows\Explorer.EXE[1228] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 03432EF7 .text C:\Windows\Explorer.EXE[1228] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 03432F51 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0342C84C .text C:\Windows\Explorer.EXE[1228] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 03434A08 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 03432FA1 .text C:\Windows\Explorer.EXE[1228] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 034349B8 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0342C965 .text C:\Windows\Explorer.EXE[1228] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 03434DC4 .text C:\Windows\Explorer.EXE[1228] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 03434D2A .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 03434A6C .text C:\Windows\Explorer.EXE[1228] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 03434D77 .text C:\Windows\Explorer.EXE[1228] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 034330BB .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 03433068 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0342C8A7 .text C:\Windows\Explorer.EXE[1228] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0342C79C .text C:\Windows\Explorer.EXE[1228] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0342C80C .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 03433040 .text C:\Windows\Explorer.EXE[1228] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 03433090 .text C:\Windows\Explorer.EXE[1228] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 034271D2 .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 03434A26 .text C:\Windows\Explorer.EXE[1228] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 03434C5C .text C:\Windows\Explorer.EXE[1228] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0342C925 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0342C8E6 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 03432E41 .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 03432E73 .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 03434AF8 .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 03434B87 .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 03434C16 .text C:\Windows\Explorer.EXE[1228] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 03434CA5 .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 03434B3E .text C:\Windows\Explorer.EXE[1228] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 03434BD0 .text C:\Windows\Explorer.EXE[1228] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 03432EBA .text C:\Windows\Explorer.EXE[1228] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0342733F .text C:\Windows\Explorer.EXE[1228] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 03434123 .text C:\Windows\Explorer.EXE[1228] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 034277F9 .text C:\Windows\Explorer.EXE[1228] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 03427852 .text C:\Windows\Explorer.EXE[1228] WS2_32.dll!send 771D659B 5 Bytes JMP 03427831 .text C:\Windows\Explorer.EXE[1228] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0343DF7E .text C:\Windows\Explorer.EXE[1228] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0343E202 .text C:\Windows\Explorer.EXE[1228] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0343E10A .text C:\Windows\Explorer.EXE[1228] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0343E14D .text C:\Windows\Explorer.EXE[1228] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0343E1D6 .text C:\Windows\Explorer.EXE[1228] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0343DFD2 .text C:\Windows\Explorer.EXE[1228] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0343DF2A .text C:\Windows\Explorer.EXE[1228] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0343E18C .text C:\Windows\Explorer.EXE[1228] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0343E06E .text C:\Windows\RtHDVCpl.exe[1508] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0019B80C .text C:\Windows\RtHDVCpl.exe[1508] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0019B6DD .text C:\Windows\RtHDVCpl.exe[1508] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0019B8E6 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00194E16 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0018C9F8 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00194AB2 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00192EF7 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00192F51 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0018C84C .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00194A08 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00192FA1 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 001949B8 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0018C965 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00194DC4 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00194D2A .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00194A6C .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00194D77 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 001930BB .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00193068 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0018C8A7 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0018C79C .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0018C80C .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00193040 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00193090 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 001871D2 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00194A26 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00194C5C .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0018C925 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0018C8E6 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00192E41 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00192E73 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00194AF8 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00194B87 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00194C16 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00194CA5 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00194B3E .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00194BD0 .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00192EBA .text C:\Windows\RtHDVCpl.exe[1508] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0018733F .text C:\Windows\RtHDVCpl.exe[1508] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 001877F9 .text C:\Windows\RtHDVCpl.exe[1508] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00187852 .text C:\Windows\RtHDVCpl.exe[1508] WS2_32.dll!send 771D659B 5 Bytes JMP 00187831 .text C:\Windows\RtHDVCpl.exe[1508] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00194123 .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0019DF7E .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0019E202 .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0019E10A .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0019E14D .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0019E1D6 .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0019DFD2 .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0019DF2A .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0019E18C .text C:\Windows\RtHDVCpl.exe[1508] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0019E06E .text C:\Windows\system32\Dwm.exe[1592] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0225B80C .text C:\Windows\system32\Dwm.exe[1592] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0225B6DD .text C:\Windows\system32\Dwm.exe[1592] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0225B8E6 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 02254E16 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0224C9F8 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 02254AB2 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 02252EF7 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 02252F51 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0224C84C .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 02254A08 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 02252FA1 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 022549B8 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0224C965 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 02254DC4 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 02254D2A .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 02254A6C .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 02254D77 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 022530BB .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 02253068 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0224C8A7 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0224C79C .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0224C80C .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 02253040 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 02253090 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 022471D2 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 02254A26 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 02254C5C .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0224C925 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0224C8E6 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 02252E41 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 02252E73 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 02254AF8 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 02254B87 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 02254C16 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 02254CA5 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 02254B3E .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 02254BD0 .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 02252EBA .text C:\Windows\system32\Dwm.exe[1592] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0224733F .text C:\Windows\system32\Dwm.exe[1592] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 022477F9 .text C:\Windows\system32\Dwm.exe[1592] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 02247852 .text C:\Windows\system32\Dwm.exe[1592] WS2_32.dll!send 771D659B 5 Bytes JMP 02247831 .text C:\Windows\system32\Dwm.exe[1592] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 02254123 .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0225DF7E .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0225E202 .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0225E10A .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0225E14D .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0225E1D6 .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0225DFD2 .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0225DF2A .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0225E18C .text C:\Windows\system32\Dwm.exe[1592] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0225E06E .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0187B80C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0187B6DD .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0187B8E6 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 01874E16 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0186C9F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 01874AB2 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 01872EF7 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 01872F51 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0186C84C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 01874A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 01872FA1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 018749B8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0186C965 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 01874DC4 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 01874D2A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 01874A6C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 01874D77 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 018730BB .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 01873068 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0186C8A7 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0186C79C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0186C80C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 01873040 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 01873090 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 018671D2 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 01874A26 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 01874C5C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0186C925 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0186C8E6 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 01872E41 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 01872E73 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 01874AF8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 01874B87 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 01874C16 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 01874CA5 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 01874B3E .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 01874BD0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 01872EBA .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0186733F .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0187DF7E .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0187E202 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0187E10A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0187E14D .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0187E1D6 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0187DFD2 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0187DF2A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0187E18C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0187E06E .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 01874123 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 018677F9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 01867852 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1712] WS2_32.dll!send 771D659B 5 Bytes JMP 01867831 ? C:\Windows\system32\svchost.exe[1860] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll .text C:\Windows\system32\svchost.exe[1860] USER32.dll!DialogBoxIndirectParamAorW 77A9BCE6 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18} .text C:\Program Files\Winamp\winampa.exe[2252] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 008BB80C .text C:\Program Files\Winamp\winampa.exe[2252] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 008BB6DD .text C:\Program Files\Winamp\winampa.exe[2252] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 008BB8E6 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 008B4E16 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 008AC9F8 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 008B4AB2 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 008B2EF7 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 008B2F51 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 008AC84C .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 008B4A08 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 008B2FA1 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 008B49B8 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 008AC965 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 008B4DC4 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 008B4D2A .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 008B4A6C .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 008B4D77 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 008B30BB .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 008B3068 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetDC 77AA9562 5 Bytes JMP 008AC8A7 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 008AC79C .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 008AC80C .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 008B3040 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 008B3090 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 008A71D2 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 008B4A26 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 008B4C5C .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 008AC925 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 008AC8E6 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 008B2E41 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 008B2E73 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 008B4AF8 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 008B4B87 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 008B4C16 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 008B4CA5 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 008B4B3E .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 008B4BD0 .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 008B2EBA .text C:\Program Files\Winamp\winampa.exe[2252] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 008A733F .text C:\Program Files\Winamp\winampa.exe[2252] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 008A77F9 .text C:\Program Files\Winamp\winampa.exe[2252] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 008A7852 .text C:\Program Files\Winamp\winampa.exe[2252] WS2_32.dll!send 771D659B 5 Bytes JMP 008A7831 .text C:\Program Files\Winamp\winampa.exe[2252] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 008B4123 .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 008BDF7E .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 008BE202 .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 008BE10A .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 008BE14D .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 008BE1D6 .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 008BDFD2 .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 008BDF2A .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 008BE18C .text C:\Program Files\Winamp\winampa.exe[2252] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 008BE06E .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 003AB80C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 003AB6DD .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 003AB8E6 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 003A4E16 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0039C9F8 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 003A4AB2 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 003A2EF7 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 003A2F51 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0039C84C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 003A4A08 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 003A2FA1 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 003A49B8 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0039C965 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 003A4DC4 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 003A4D2A .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 003A4A6C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 003A4D77 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 003A30BB .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 003A3068 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0039C8A7 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0039C79C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0039C80C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 003A3040 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 003A3090 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 003971D2 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 003A4A26 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 003A4C5C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0039C925 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0039C8E6 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 003A2E41 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 003A2E73 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 003A4AF8 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 003A4B87 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 003A4C16 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 003A4CA5 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 003A4B3E .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 003A4BD0 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 003A2EBA .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0039733F .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 003977F9 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00397852 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WS2_32.dll!send 771D659B 5 Bytes JMP 00397831 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 003A4123 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 003ADF7E .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 003AE202 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 003AE10A .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 003AE14D .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 003AE1D6 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 003ADFD2 .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 003ADF2A .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 003AE18C .text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2492] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 003AE06E .text C:\Windows\system32\taskeng.exe[2500] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0293B80C .text C:\Windows\system32\taskeng.exe[2500] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0293B6DD .text C:\Windows\system32\taskeng.exe[2500] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0293B8E6 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 02934E16 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0292C9F8 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 02934AB2 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 02932EF7 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 02932F51 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0292C84C .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 02934A08 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 02932FA1 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 029349B8 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0292C965 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 02934DC4 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 02934D2A .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 02934A6C .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 02934D77 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 029330BB .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 02933068 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0292C8A7 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0292C79C .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0292C80C .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 02933040 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 02933090 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 029271D2 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 02934A26 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 02934C5C .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0292C925 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0292C8E6 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 02932E41 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 02932E73 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 02934AF8 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 02934B87 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 02934C16 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 02934CA5 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 02934B3E .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 02934BD0 .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 02932EBA .text C:\Windows\system32\taskeng.exe[2500] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0292733F .text C:\Windows\system32\taskeng.exe[2500] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 02934123 .text C:\Windows\system32\taskeng.exe[2500] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 029277F9 .text C:\Windows\system32\taskeng.exe[2500] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 02927852 .text C:\Windows\system32\taskeng.exe[2500] WS2_32.dll!send 771D659B 5 Bytes JMP 02927831 .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0293DF7E .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0293E202 .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0293E10A .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0293E14D .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0293E1D6 .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0293DFD2 .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0293DF2A .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0293E18C .text C:\Windows\system32\taskeng.exe[2500] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0293E06E .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 008FB80C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 008FB6DD .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 008FB8E6 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 008F4E16 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 008EC9F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 008F4AB2 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 008F2EF7 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 008F2F51 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 008EC84C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 008F4A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 008F2FA1 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 008F49B8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 008EC965 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 008F4DC4 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 008F4D2A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 008F4A6C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 008F4D77 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 008F30BB .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 008F3068 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetDC 77AA9562 5 Bytes JMP 008EC8A7 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 008EC79C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 008EC80C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 008F3040 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 008F3090 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 008E71D2 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 008F4A26 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 008F4C5C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 008EC925 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 008EC8E6 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 008F2E41 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 008F2E73 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 008F4AF8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 008F4B87 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 008F4C16 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 008F4CA5 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 008F4B3E .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 008F4BD0 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 008F2EBA .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 008E733F .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 008E77F9 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 008E7852 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WS2_32.dll!send 771D659B 5 Bytes JMP 008E7831 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 008F4123 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 008FDF7E .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 008FE202 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 008FE10A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 008FE14D .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 008FE1D6 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 008FDFD2 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 008FDF2A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 008FE18C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2844] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 008FE06E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0082B80C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0082B6DD .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0082B8E6 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00824E16 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0081C9F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00824AB2 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00822EF7 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00822F51 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0081C84C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00824A08 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00822FA1 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 008249B8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0081C965 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00824DC4 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00824D2A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00824A6C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00824D77 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 008230BB .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00823068 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0081C8A7 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0081C79C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0081C80C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00823040 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00823090 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 008171D2 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00824A26 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00824C5C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0081C925 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0081C8E6 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00822E41 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00822E73 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00824AF8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00824B87 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00824C16 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00824CA5 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00824B3E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00824BD0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00822EBA .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0081733F .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 008177F9 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00817852 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WS2_32.dll!send 771D659B 5 Bytes JMP 00817831 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0082DF7E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0082E202 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0082E10A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0082E14D .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0082E1D6 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0082DFD2 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0082DF2A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0082E18C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0082E06E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2980] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00824123 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 019AB80C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 019AB6DD .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 019AB8E6 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] kernel32.dll!SetUnhandledExceptionFilter 7711700D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 019A4E16 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0199C9F8 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 019A4AB2 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 019A2EF7 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 019A2F51 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0199C84C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 019A4A08 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 019A2FA1 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 019A49B8 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0199C965 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 019A4DC4 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 019A4D2A .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 019A4A6C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 019A4D77 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 019A30BB .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 019A3068 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0199C8A7 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0199C79C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0199C80C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 019A3040 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 019A3090 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 019971D2 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 019A4A26 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 019A4C5C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0199C925 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0199C8E6 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 019A2E41 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 019A2E73 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 019A4AF8 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 019A4B87 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 019A4C16 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 019A4CA5 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 019A4B3E .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 019A4BD0 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 019A2EBA .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0199733F .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 019977F9 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 01997852 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WS2_32.dll!send 771D659B 5 Bytes JMP 01997831 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 019A4123 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 019ADF7E .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 019AE202 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 019AE10A .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 019AE14D .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 019AE1D6 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 019ADFD2 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 019ADF2A .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 019AE18C .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3064] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 019AE06E .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 01D3B80C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 01D3B6DD .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 01D3B8E6 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 01D34E16 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 01D2C9F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 01D34AB2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 01D32EF7 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 01D32F51 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 01D2C84C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 01D34A08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 01D32FA1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 01D349B8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 01D2C965 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 01D34DC4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 01D34D2A .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 01D34A6C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 01D34D77 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 01D330BB .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 01D33068 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetDC 77AA9562 5 Bytes JMP 01D2C8A7 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 01D2C79C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 01D2C80C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 01D33040 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 01D33090 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 01D271D2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 01D34A26 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 01D34C5C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 01D2C925 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 01D2C8E6 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 01D32E41 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 01D32E73 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 01D34AF8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 01D34B87 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 01D34C16 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 01D34CA5 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 01D34B3E .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 01D34BD0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 01D32EBA .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 01D2733F .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 01D277F9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 01D27852 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WS2_32.dll!send 771D659B 5 Bytes JMP 01D27831 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 01D34123 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpSendRequestA 77480F35 3 Bytes JMP 01D3DF7E .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpSendRequestA + 4 77480F39 1 Byte [8A] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpQueryInfoA 774893B9 3 Bytes JMP 01D3E202 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpQueryInfoA + 4 774893BD 1 Byte [8A] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!InternetCloseHandle 7748AE0B 3 Bytes JMP 01D3E10A .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!InternetCloseHandle + 4 7748AE0F 1 Byte [8A] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 01D3E14D .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 01D3E1D6 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 01D3DFD2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 01D3DF2A .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 01D3E18C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3240] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 01D3E06E .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 019FB80C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 019FB6DD .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 019FB8E6 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 019F4E16 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 019EC9F8 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 019F4AB2 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 019F2EF7 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 019F2F51 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 019EC84C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 019F4A08 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 019F2FA1 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 019F49B8 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 019EC965 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 019F4DC4 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 019F4D2A .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 019F4A6C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 019F4D77 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 019F30BB .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 019F3068 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetDC 77AA9562 5 Bytes JMP 019EC8A7 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 019EC79C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 019EC80C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 019F3040 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 019F3090 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 019E71D2 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 019F4A26 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 019F4C5C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 019EC925 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 019EC8E6 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 019F2E41 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 019F2E73 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 019F4AF8 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 019F4B87 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 019F4C16 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 019F4CA5 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 019F4B3E .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 019F4BD0 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 019F2EBA .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 019E733F .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 019E77F9 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 019E7852 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WS2_32.dll!send 771D659B 5 Bytes JMP 019E7831 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 019F4123 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 019FDF7E .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 019FE202 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 019FE10A .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 019FE14D .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 019FE1D6 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 019FDFD2 .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 019FDF2A .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 019FE18C .text C:\Program Files\OEM\OSD_1.16\osd.exe[3264] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 019FE06E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 007EB80C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 007EB6DD .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 007EB8E6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 007E4E16 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 007DC9F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 007E4AB2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 007E2EF7 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 007E2F51 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 007DC84C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 007E4A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 007E2FA1 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 007E49B8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 007DC965 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 007E4DC4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 007E4D2A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 007E4A6C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 007E4D77 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 007E30BB .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 007E3068 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetDC 77AA9562 5 Bytes JMP 007DC8A7 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 007DC79C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 007DC80C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 007E3040 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 007E3090 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 007D71D2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 007E4A26 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 007E4C5C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 007DC925 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 007DC8E6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 007E2E41 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 007E2E73 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 007E4AF8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 007E4B87 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 007E4C16 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 007E4CA5 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 007E4B3E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 007E4BD0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 007E2EBA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 007D733F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 007EDF7E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 007EE202 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 007EE10A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 007EE14D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 007EE1D6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 007EDFD2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 007EDF2A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 007EE18C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 007EE06E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 007D77F9 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 007D7852 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] WS2_32.dll!send 771D659B 5 Bytes JMP 007D7831 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 007E4123 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 015CB80C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 015CB6DD .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 015CB8E6 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 015C4E16 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 015BC9F8 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 015C4AB2 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 015C2EF7 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 015C2F51 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 015BC84C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 015C4A08 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 015C2FA1 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 015C49B8 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 015BC965 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 015C4DC4 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 015C4D2A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 015C4A6C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 015C4D77 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 015C30BB .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 015C3068 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetDC 77AA9562 5 Bytes JMP 015BC8A7 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 015BC79C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 015BC80C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 015C3040 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 015C3090 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 015B71D2 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 015C4A26 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 015C4C5C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 015BC925 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 015BC8E6 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 015C2E41 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 015C2E73 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 015C4AF8 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 015C4B87 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 015C4C16 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 015C4CA5 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 015C4B3E .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 015C4BD0 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 015C2EBA .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 015B733F .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 015CDF7E .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 015CE202 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 015CE10A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 015CE14D .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 015CE1D6 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 015CDFD2 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 015CDF2A .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 015CE18C .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 015CE06E .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 015B77F9 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 015B7852 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] WS2_32.dll!send 771D659B 5 Bytes JMP 015B7831 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] CRYPT32.dll!PFXImportCertStore 75D0914C 3 Bytes JMP 015C4123 .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3664] CRYPT32.dll!PFXImportCertStore + 4 75D09150 1 Byte [8B] .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 01BEB80C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 01BEB6DD .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 01BEB8E6 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 01BE4E16 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 01BDC9F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 01BE4AB2 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 01BE2EF7 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 01BE2F51 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 01BDC84C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 01BE4A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 01BE2FA1 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 01BE49B8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 01BDC965 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 01BE4DC4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 01BE4D2A .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 01BE4A6C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 01BE4D77 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 01BE30BB .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 01BE3068 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetDC 77AA9562 5 Bytes JMP 01BDC8A7 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 01BDC79C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 01BDC80C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 01BE3040 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 01BE3090 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 01BD71D2 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 01BE4A26 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 01BE4C5C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 01BDC925 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 01BDC8E6 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 01BE2E41 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 01BE2E73 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 01BE4AF8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 01BE4B87 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 01BE4C16 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 01BE4CA5 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 01BE4B3E .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 01BE4BD0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 01BE2EBA .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 01BD733F .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 01BE4123 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 01BD77F9 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 01BD7852 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WS2_32.dll!send 771D659B 5 Bytes JMP 01BD7831 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 01BEDF7E .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 01BEE202 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 01BEE10A .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 01BEE14D .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 01BEE1D6 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 01BEDFD2 .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 01BEDF2A .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 01BEE18C .text C:\Program Files\Windows Sidebar\sidebar.exe[3676] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 01BEE06E .text C:\Windows\system32\wuauclt.exe[3688] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 00C3B80C .text C:\Windows\system32\wuauclt.exe[3688] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 00C3B6DD .text C:\Windows\system32\wuauclt.exe[3688] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 00C3B8E6 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00C34E16 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 00C2C9F8 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00C34AB2 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00C32EF7 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00C32F51 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 00C2C84C .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00C34A08 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00C32FA1 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 00C349B8 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 00C2C965 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00C34DC4 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00C34D2A .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00C34A6C .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00C34D77 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 00C330BB .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00C33068 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetDC 77AA9562 5 Bytes JMP 00C2C8A7 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 00C2C79C .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 00C2C80C .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00C33040 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00C33090 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 00C271D2 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00C34A26 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00C34C5C .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 00C2C925 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 00C2C8E6 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00C32E41 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00C32E73 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00C34AF8 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00C34B87 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00C34C16 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00C34CA5 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00C34B3E .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00C34BD0 .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00C32EBA .text C:\Windows\system32\wuauclt.exe[3688] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 00C2733F .text C:\Windows\system32\wuauclt.exe[3688] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00C34123 .text C:\Windows\system32\wuauclt.exe[3688] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 00C277F9 .text C:\Windows\system32\wuauclt.exe[3688] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00C27852 .text C:\Windows\system32\wuauclt.exe[3688] WS2_32.dll!send 771D659B 5 Bytes JMP 00C27831 .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 00C3DF7E .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 00C3E202 .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 00C3E10A .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 00C3E14D .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 00C3E1D6 .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 00C3DFD2 .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 00C3DF2A .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 00C3E18C .text C:\Windows\system32\wuauclt.exe[3688] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 00C3E06E .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 003BB80C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 003BB6DD .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 003BB8E6 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 003B4E16 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 003AC9F8 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 003B4AB2 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 003B2EF7 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 003B2F51 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 003AC84C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 003B4A08 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 003B2FA1 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 003B49B8 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 003AC965 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 003B4DC4 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 003B4D2A .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 003B4A6C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 003B4D77 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 003B30BB .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 003B3068 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetDC 77AA9562 5 Bytes JMP 003AC8A7 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 003AC79C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 003AC80C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 003B3040 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 003B3090 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 003A71D2 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 003B4A26 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 003B4C5C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 003AC925 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 003AC8E6 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 003B2E41 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 003B2E73 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 003B4AF8 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 003B4B87 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 003B4C16 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 003B4CA5 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 003B4B3E .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 003B4BD0 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 003B2EBA .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 003A733F .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 003A77F9 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 003A7852 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WS2_32.dll!send 771D659B 5 Bytes JMP 003A7831 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 003B4123 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 003BDF7E .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 003BE202 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 003BE10A .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 003BE14D .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 003BE1D6 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 003BDFD2 .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 003BDF2A .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 003BE18C .text C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe[3740] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 003BE06E .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 01C9B80C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 01C9B6DD .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 01C9B8E6 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 01C94E16 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 01C8C9F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 01C94AB2 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 01C92EF7 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 01C92F51 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 01C8C84C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 01C94A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 01C92FA1 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 01C949B8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 01C8C965 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 01C94DC4 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 01C94D2A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 01C94A6C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 01C94D77 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 01C930BB .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 01C93068 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetDC 77AA9562 5 Bytes JMP 01C8C8A7 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 01C8C79C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 01C8C80C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 01C93040 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 01C93090 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 01C871D2 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 01C94A26 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 01C94C5C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 01C8C925 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 01C8C8E6 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 01C92E41 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 01C92E73 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 01C94AF8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 01C94B87 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 01C94C16 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 01C94CA5 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 01C94B3E .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 01C94BD0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 01C92EBA .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 01C8733F .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 01C94123 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 01C9DF7E .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 01C9E202 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 01C9E10A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 01C9E14D .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 01C9E1D6 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 01C9DFD2 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 01C9DF2A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 01C9E18C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 01C9E06E .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] ws2_32.dll!closesocket 771D330C 5 Bytes JMP 01C877F9 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] ws2_32.dll!WSASend 771D4496 5 Bytes JMP 01C87852 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4084] ws2_32.dll!send 771D659B 5 Bytes JMP 01C87831 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 000EB80C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 000EB6DD .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 000EB8E6 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 000E4E16 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 000DC9F8 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 000E4AB2 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 000E2EF7 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 000E2F51 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 000DC84C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 000E4A08 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 000E2FA1 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 000E49B8 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 000DC965 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 000E4DC4 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 000E4D2A .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 000E4A6C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 000E4D77 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 000E30BB .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 000E3068 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetDC 77AA9562 5 Bytes JMP 000DC8A7 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 000DC79C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 000DC80C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 000E3040 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 000E3090 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 000D71D2 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 000E4A26 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 000E4C5C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 000DC925 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 000DC8E6 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 000E2E41 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 000E2E73 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 000E4AF8 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 000E4B87 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 000E4C16 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 000E4CA5 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 000E4B3E .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 000E4BD0 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 000E2EBA .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 000D733F .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 000D77F9 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 000D7852 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WS2_32.dll!send 771D659B 5 Bytes JMP 000D7831 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 000E4123 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 000EDF7E .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 000EE202 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 000EE10A .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 000EE14D .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 000EE1D6 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 000EDFD2 .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 000EDF2A .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 000EE18C .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[4108] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 000EE06E .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0230B80C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0230B6DD .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0230B8E6 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 02304E16 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 022FC9F8 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 02304AB2 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 02302EF7 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 02302F51 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 022FC84C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 02304A08 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 02302FA1 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 023049B8 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 022FC965 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 02304DC4 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 02304D2A .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 02304A6C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 02304D77 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 023030BB .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 02303068 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetDC 77AA9562 5 Bytes JMP 022FC8A7 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 022FC79C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 022FC80C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 02303040 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 02303090 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 022F71D2 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 02304A26 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 02304C5C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 022FC925 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 022FC8E6 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 02302E41 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 02302E73 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 02304AF8 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 02304B87 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 02304C16 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 02304CA5 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 02304B3E .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 02304BD0 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 02302EBA .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 022F733F .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0230DF7E .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0230E202 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0230E10A .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0230E14D .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0230E1D6 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0230DFD2 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0230DF2A .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0230E18C .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] wininet.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0230E06E .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 022F77F9 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 022F7852 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] WS2_32.dll!send 771D659B 5 Bytes JMP 022F7831 .text C:\Users\Okacz\AppData\Local\Temp\DATE73A.tmp.exe[4312] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 02304123 .text C:\Program Files\Skype\Phone\Skype.exe[4336] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0016B80C .text C:\Program Files\Skype\Phone\Skype.exe[4336] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0016B6DD .text C:\Program Files\Skype\Phone\Skype.exe[4336] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0016B8E6 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00164E16 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0015C9F8 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00164AB2 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00162EF7 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00162F51 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0015C84C .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00164A08 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00162FA1 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 001649B8 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0015C965 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00164DC4 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00164D2A .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00164A6C .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00164D77 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 001630BB .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00163068 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0015C8A7 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0015C79C .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0015C80C .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00163040 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00163090 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 001571D2 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00164A26 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00164C5C .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0015C925 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0015C8E6 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00162E41 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00162E73 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00164AF8 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00164B87 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00164C16 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00164CA5 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00164B3E .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00164BD0 .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00162EBA .text C:\Program Files\Skype\Phone\Skype.exe[4336] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0015733F .text C:\Program Files\Skype\Phone\Skype.exe[4336] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 001577F9 .text C:\Program Files\Skype\Phone\Skype.exe[4336] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00157852 .text C:\Program Files\Skype\Phone\Skype.exe[4336] WS2_32.dll!send 771D659B 5 Bytes JMP 00157831 .text C:\Program Files\Skype\Phone\Skype.exe[4336] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00164123 .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0016DF7E .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0016E202 .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0016E10A .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0016E14D .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0016E1D6 .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0016DFD2 .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0016DF2A .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0016E18C .text C:\Program Files\Skype\Phone\Skype.exe[4336] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0016E06E .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 01B1B80C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 01B1B6DD .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 01B1B8E6 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 01B14E16 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 01B0C9F8 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 01B14AB2 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 01B12EF7 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 01B12F51 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 01B0C84C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 01B14A08 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 01B12FA1 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 01B149B8 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 01B0C965 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 01B14DC4 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 01B14D2A .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 01B14A6C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 01B14D77 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 01B130BB .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 01B13068 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetDC 77AA9562 5 Bytes JMP 01B0C8A7 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 01B0C79C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 01B0C80C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 01B13040 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 01B13090 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 01B071D2 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 01B14A26 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 01B14C5C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 01B0C925 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 01B0C8E6 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 01B12E41 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 01B12E73 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 01B14AF8 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 01B14B87 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 01B14C16 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 01B14CA5 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 01B14B3E .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 01B14BD0 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 01B12EBA .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 01B0733F .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 01B077F9 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 01B07852 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WS2_32.dll!send 771D659B 5 Bytes JMP 01B07831 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 01B14123 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 01B1DF7E .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 01B1E202 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 01B1E10A .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 01B1E14D .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 01B1E1D6 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 01B1DFD2 .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 01B1DF2A .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 01B1E18C .text C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[4344] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 01B1E06E .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 664E8BF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0004B6DD .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0004B8E6 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] kernel32.dll!HeapSetInformation + 26 77117008 7 Bytes JMP 664FF1AD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] kernel32.dll!LockResource + C 7713813B 7 Bytes JMP 66837FCD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] kernel32.dll!VirtualAllocEx + 54 7713BA7A 7 Bytes JMP 66837FF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00044E16 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0003C9F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00044AB2 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00042EF7 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00042F51 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0003C84C .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00044A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00042FA1 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 000449B8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0003C965 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00044DC4 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00044D2A .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00044A6C .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00044D77 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 000430BB .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00043068 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0003C8A7 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0003C79C .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0003C80C .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00043040 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00043090 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 000371D2 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00044A26 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00044C5C .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0003C925 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0003C8E6 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00042E41 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00042E73 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00044AF8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00044B87 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00044C16 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00044CA5 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00044B3E .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00044BD0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00042EBA .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0003733F .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] GDI32.dll!StretchDIBits + 179 764575BB 7 Bytes JMP 66837F4E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 000377F9 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00037852 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WS2_32.dll!send 771D659B 5 Bytes JMP 00037831 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00044123 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0004DF7E .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0004E202 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0004E10A .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0004E14D .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0004E1D6 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0004DFD2 .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0004DF2A .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0004E18C .text C:\Program Files\Mozilla Firefox\firefox.exe[5848] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0004E06E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0004B80C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0004B6DD .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0004B8E6 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0004DF7E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0004E202 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0004E10A .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0004E14D .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0004E1D6 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0004DFD2 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0004DF2A .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0004E18C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0004E06E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00044E16 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0003C9F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00044AB2 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00042EF7 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00042F51 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0003C84C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00044A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00042FA1 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 000449B8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0003C965 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00044DC4 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00044D2A .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00044A6C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00044D77 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 000430BB .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00043068 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0003C8A7 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0003C79C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0003C80C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00043040 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00043090 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 000371D2 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00044A26 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00044C5C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0003C925 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0003C8E6 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00042E41 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00042E73 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00044AF8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00044B87 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00044C16 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00044CA5 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00044B3E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00044BD0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00042EBA .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0003733F .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00044123 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 000377F9 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00037852 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[7304] WS2_32.dll!send 771D659B 5 Bytes JMP 00037831 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] ntdll.dll!LdrLoadDll 77B579B3 5 Bytes JMP 0004B80C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] ntdll.dll!NtCreateUserProcess 77B890A8 5 Bytes JMP 0004B6DD .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] kernel32.dll!GetFileAttributesExW 7710A707 5 Bytes JMP 0004B8E6 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WS2_32.dll!closesocket 771D330C 5 Bytes JMP 000377F9 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WS2_32.dll!WSASend 771D4496 5 Bytes JMP 00037852 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WS2_32.dll!send 771D659B 5 Bytes JMP 00037831 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!RegisterClassExA 77A9618B 5 Bytes JMP 00044E16 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetUpdateRgn 77A9801D 5 Bytes JMP 0003C9F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefDlgProcW 77A9BA59 5 Bytes JMP 00044AB2 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!SetCapture 77A9C057 5 Bytes JMP 00042EF7 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!ReleaseCapture 77A9C06B 5 Bytes JMP 00042F51 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetDCEx 77A9CFF1 5 Bytes JMP 0003C84C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!SwitchDesktop 77A9D595 5 Bytes JMP 00044A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetCapture 77A9E001 5 Bytes JMP 00042FA1 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!OpenInputDesktop 77A9E5C6 5 Bytes JMP 000449B8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetUpdateRect 77A9E6D9 5 Bytes JMP 0003C965 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!RegisterClassExW 77A9EC69 5 Bytes JMP 00044DC4 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!RegisterClassW 77A9EE3E 5 Bytes JMP 00044D2A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefWindowProcA 77A9F9E1 5 Bytes JMP 00044A6C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!RegisterClassA 77A9FD9A 5 Bytes JMP 00044D77 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetWindowInfo 77AA0560 5 Bytes JMP 666AFBF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!IsZoomed + 80 77AA0731 7 Bytes JMP 66A81678 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!AdjustWindowRectEx + 76 77AA1F30 7 Bytes JMP 66A81607 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!PeekMessageA 77AA53FA 5 Bytes JMP 000430BB .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetMessageA 77AA59A5 5 Bytes JMP 00043068 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetDC 77AA9562 5 Bytes JMP 0003C8A7 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!BeginPaint 77AAA0C9 5 Bytes JMP 0003C79C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!EndPaint 77AAA0DD 5 Bytes JMP 0003C80C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetMessageW 77AAF83F 5 Bytes JMP 00043040 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!PeekMessageW 77AAFD9F 5 Bytes JMP 00043090 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!TranslateMessage 77AB0069 5 Bytes JMP 000371D2 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefWindowProcW 77AB04BD 5 Bytes JMP 00044A26 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!CallWindowProcW 77AB0681 5 Bytes JMP 00044C5C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!ReleaseDC 77AB079D 5 Bytes JMP 0003C925 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetWindowDC 77AB0B04 5 Bytes JMP 0003C8E6 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetMessagePos 77AB0C61 5 Bytes JMP 00042E41 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetCursorPos 77AB0F5E 5 Bytes JMP 00042E73 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!CheckMenuRadioItem + 12E 77AB1412 7 Bytes JMP 666B0118 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefDlgProcA 77AB2735 5 Bytes JMP 00044AF8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefFrameProcA 77ABB367 5 Bytes JMP 00044B87 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefMDIChildProcA 77ABB38B 5 Bytes JMP 00044C16 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!CallWindowProcA 77ABB9E6 5 Bytes JMP 00044CA5 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefFrameProcW 77ABDAC6 5 Bytes JMP 00044B3E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!DefMDIChildProcW 77ABDEF3 5 Bytes JMP 00044BD0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!SetCursorPos 77AD6F1A 5 Bytes JMP 00042EBA .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] USER32.dll!GetClipboardData 77AD70B2 5 Bytes JMP 0003733F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] CRYPT32.dll!PFXImportCertStore 75D0914C 5 Bytes JMP 00044123 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!HttpSendRequestA 77480F35 5 Bytes JMP 0004DF7E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!HttpQueryInfoA 774893B9 5 Bytes JMP 0004E202 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!InternetCloseHandle 7748AE0B 5 Bytes JMP 0004E10A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!InternetReadFile 7748EE5F 5 Bytes JMP 0004E14D .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!InternetQueryDataAvailable 77494773 5 Bytes JMP 0004E1D6 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!HttpSendRequestExW 774962C4 5 Bytes JMP 0004DFD2 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!HttpSendRequestW 7749BBCC 5 Bytes JMP 0004DF2A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!InternetReadFileExA 774A0E8C 5 Bytes JMP 0004E18C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7684] WININET.dll!HttpSendRequestExA 774EB1E6 5 Bytes JMP 0004E06E ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80695FE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [80695574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [806950C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806961BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806952A4] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80695362] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806AA312] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] 00000080 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortMoveMemory] F9BF4F74 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] E9000006 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortInitializeEx] 000001A5 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortRegistryRead] 4174F93B IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortGetBusData] 7401FF83 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] 02FF833C IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] FF833774 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortStallExecution] 83327403 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] 2D7404FF IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] 7405FF83 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortNotification] 06FF8328 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] FF832374 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] 831E7407 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] 197408FF IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] 740CFF83 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortRequestCallback] 0DFF8314 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] FF830F74 IAT \SystemRoot\System32\Drivers\ai3rl8a3.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] BF0A740E ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 000C07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 000C07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 000C0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000C07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[664] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] 00010110 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8475F1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{54901A1E-B0B8-4408-B949-116EF0430213} 86DDE1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys (Example Keyboard Filter Driver/Windows (R) Codename Longhorn DDK provider) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys (Example Keyboard Filter Driver/Windows (R) Codename Longhorn DDK provider) Device \Driver\usbuhci \Device\USBPDO-0 861041F8 Device \Driver\netbt \Device\NetBT_Tcpip_{53AB9023-AA00-4F5E-8C59-35B0B9BA44DA} 86DDE1F8 Device \Driver\usbuhci \Device\USBPDO-1 861041F8 Device \Driver\usbuhci \Device\USBPDO-2 861041F8 Device \Driver\usbehci \Device\USBPDO-3 860F81F8 Device \Driver\usbuhci \Device\USBPDO-4 861041F8 AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\usbuhci \Device\USBPDO-5 861041F8 Device \Driver\usbuhci \Device\USBPDO-6 861041F8 Device \Driver\usbehci \Device\USBPDO-7 860F81F8 Device \Driver\cdrom \Device\CdRom0 861691F8 Device \Driver\cdrom \Device\CdRom1 861691F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8475C1F8 Device \Driver\atapi \Device\Ide\IdePort0 8475C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8475C1F8 Device \Driver\atapi \Device\Ide\IdePort2 8475C1F8 Device \Driver\atapi \Device\Ide\IdePort3 8475C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8475C1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 8475D1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 8475D1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 8475D1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 8475D1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 86DDE1F8 Device \Driver\Smb \Device\NetbiosSmb 86C5E1F8 Device \Driver\PCI_PNP6719 \Device\0000005a sptd.sys Device \Driver\PCI_PNP6719 \Device\0000005a sptd.sys Device \Driver\iScsiPrt \Device\RaidPort0 863191F8 AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\usbuhci \Device\USBFDO-0 861041F8 Device \Driver\usbuhci \Device\USBFDO-1 861041F8 Device \Driver\usbuhci \Device\USBFDO-2 861041F8 Device \Driver\usbehci \Device\USBFDO-3 860F81F8 Device \Driver\usbuhci \Device\USBFDO-4 861041F8 Device \Driver\usbuhci \Device\USBFDO-5 861041F8 Device \Driver\usbuhci \Device\USBFDO-6 861041F8 Device \Driver\usbehci \Device\USBFDO-7 860F81F8 Device \Driver\ai3rl8a3 \Device\Scsi\ai3rl8a31 8633C430 Device \Driver\ai3rl8a3 \Device\Scsi\ai3rl8a31Port5Path0Target0Lun0 8633C430 Device \FileSystem\cdfs \Cdfs 84ADF1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8475c1f8]<< 8475c1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a04988] 85a04988 Trace 3 CLASSPNP.SYS[8a5a8745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851441c8] 851441c8 Trace \Driver\atapi[0x85138980] -> IRP_MJ_CREATE -> 0x8475c1f8 8475c1f8 ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 84340A58 Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [1228] 0x45670000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB1 0x10 0xD0 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x01 0xE5 0xA7 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4E 0xC3 0xAC 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x32 0x80 0x3A 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB1 0x10 0xD0 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x01 0xE5 0xA7 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4E 0xC3 0xAC 0x8D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0xDF 0x88 0xCB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0x14 0xBB 0x0B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x66 0x6E 0x8B 0x88 ... ---- EOF - GMER 2.1 ----