GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-26 21:27:50 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541612J9SA00 rev.SBDOC7BP Running: lxq6527d.exe; Driver: C:\DOCUME~1\Monia\USTAWI~1\Temp\uwtdypod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xABF41300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB3585300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00140442 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140622 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 001406C4 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 001478FB .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0014787D .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00143AAF .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 001478BC .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 001418AE .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 001418FE .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014180F .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00142412 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 001424AC .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0014210E .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00147772 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 001477E2 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 001416E1 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 001416AF .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00142344 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00141929 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00142154 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00141765 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 001417BF .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0014793B .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00147822 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0014238D .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0014245F .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 001424FE .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0014219A .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 001420A0 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 001420F0 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 001418D6 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 001479CE .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00142226 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 001422B8 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00143C1C .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 001421E0 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0014226F .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 001422FE .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00141728 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0014C296 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0014C10A .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0014C38E .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0014C2D9 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0014C15E .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0014C362 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0014C318 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0014C0B6 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0014C1FA .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00142773 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WS2_32.dll!send 71A5428A 2 Bytes JMP 001497F0 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WS2_32.dll!send + 3 71A5428D 2 Bytes [6F, 8E] .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00149811 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[964] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 001497B8 .text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0083000A .text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0084000A .text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0082000C .text C:\WINDOWS\System32\svchost.exe[992] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 01D6000A .text C:\WINDOWS\System32\svchost.exe[992] USER32.dll!WindowFromPoint 7E36BD8E 5 Bytes JMP 025C000A .text C:\WINDOWS\System32\svchost.exe[992] USER32.dll!GetForegroundWindow 7E36BE4B 5 Bytes JMP 025D000A .text C:\WINDOWS\System32\svchost.exe[992] ole32.dll!CoCreateInstance 774EFAC3 5 Bytes JMP 00BB000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02AB0442 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 02AB0622 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 02AB06C4 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WS2_32.dll!send 71A5428A 2 Bytes JMP 02AB97F0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WS2_32.dll!send + 3 71A5428D 2 Bytes [06, 91] {PUSH ES; XCHG ECX, EAX} .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 02AB9811 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 02AB97B8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 02AB78FB .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 02AB787D .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 02AB3AAF .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 02AB78BC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 02AB18AE .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 02AB18FE .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 02AB180F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 02AB2412 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 02AB24AC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 02AB210E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 02AB7772 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 02AB77E2 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 02AB16E1 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 02AB16AF .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 02AB2344 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 02AB1929 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 02AB2154 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 02AB1765 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 02AB17BF .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 02AB793B .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 02AB7822 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 02AB238D .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 02AB245F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 02AB24FE .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 02AB219A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 02AB20A0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 02AB20F0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 02AB18D6 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 02AB79CE .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 02AB2226 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 02AB22B8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 02AB3C1C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 02AB21E0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 02AB226F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 02AB22FE .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 02AB1728 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] USER32.dll!TrackPopupMenu 7E3B50EE 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 02ABC296 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 02ABC10A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 02ABC38E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 02ABC2D9 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 02ABC15E .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 02ABC362 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 02ABC318 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpSendRequestW 772023AC 3 Bytes JMP 02ABC0B6 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpSendRequestW + 4 772023B0 1 Byte [8B] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpSendRequestExA 772024B1 3 Bytes JMP 02ABC1FA .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] WININET.dll!HttpSendRequestExA + 4 772024B5 1 Byte [8B] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1636] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 02AB2773 .text C:\Program Files\Mozilla Firefox\firefox.exe[2052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 010F000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2052] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0110000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2052] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 010E000C .text C:\WINDOWS\system32\wscntfy.exe[2536] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00A10442 .text C:\WINDOWS\system32\wscntfy.exe[2536] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A10622 .text C:\WINDOWS\system32\wscntfy.exe[2536] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00A106C4 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00A178FB .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00A1787D .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00A13AAF .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00A178BC .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00A118AE .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00A118FE .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00A1180F .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00A12412 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00A124AC .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00A1210E .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00A17772 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00A177E2 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00A116E1 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00A116AF .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00A12344 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00A11929 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00A12154 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00A11765 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00A117BF .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00A1793B .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00A17822 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00A1238D .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00A1245F .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00A124FE .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00A1219A .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00A120A0 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00A120F0 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00A118D6 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00A179CE .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00A12226 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00A122B8 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00A13C1C .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00A121E0 .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00A1226F .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00A122FE .text C:\WINDOWS\system32\wscntfy.exe[2536] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00A11728 .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00A1C296 .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00A1C10A .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00A1C38E .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00A1C2D9 .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00A1C15E .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00A1C362 .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00A1C318 .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00A1C0B6 .text C:\WINDOWS\system32\wscntfy.exe[2536] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00A1C1FA .text C:\WINDOWS\system32\wscntfy.exe[2536] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00A12773 .text C:\WINDOWS\system32\wscntfy.exe[2536] WS2_32.dll!send 71A5428A 2 Bytes JMP 00A197F0 .text C:\WINDOWS\system32\wscntfy.exe[2536] WS2_32.dll!send + 3 71A5428D 2 Bytes [FC, 8E] .text C:\WINDOWS\system32\wscntfy.exe[2536] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00A19811 .text C:\WINDOWS\system32\wscntfy.exe[2536] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00A197B8 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F90442 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00F90622 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00F906C4 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00F978FB .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetDC 7E3686C7 5 Bytes JMP 00F9787D .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00F93AAF .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetWindowDC 7E369021 5 Bytes JMP 00F978BC .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00F918AE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00F918FE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetCapture 7E3694DA 5 Bytes JMP 00F9180F .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00F92412 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00F924AC .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00F9210E .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!BeginPaint 7E36B609 5 Bytes JMP 00F97772 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!EndPaint 7E36B61D 5 Bytes JMP 00F977E2 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00F916E1 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00F916AF .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00F92344 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00F91929 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00F92154 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00F91765 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00F917BF .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00F9793B .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetDCEx 7E36E875 5 Bytes JMP 00F97822 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00F9238D .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00F9245F .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00F924FE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00F9219A .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00F920A0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00F920F0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetMessageA 7E37E002 5 Bytes JMP 00F918D6 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00F979CE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00F92226 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00F922B8 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00F93C1C .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00F921E0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00F9226F .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00F922FE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] user32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00F91728 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00F9C15E .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00F9C318 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00F9C1FA .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00F92773 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WS2_32.dll!send 71A5428A 2 Bytes JMP 00F997F0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WS2_32.dll!send + 3 71A5428D 2 Bytes [54, 8F] .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00F99811 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00F997B8 .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE000A .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AF000A .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A6000C .text C:\WINDOWS\Otugab.exe[2756] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F40442 .text C:\WINDOWS\Otugab.exe[2756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00F40622 .text C:\WINDOWS\Otugab.exe[2756] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00F406C4 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00F478FB .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetDC 7E3686C7 5 Bytes JMP 00F4787D .text C:\WINDOWS\Otugab.exe[2756] user32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00F43AAF .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetWindowDC 7E369021 5 Bytes JMP 00F478BC .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00F418AE .text C:\WINDOWS\Otugab.exe[2756] user32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00F418FE .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetCapture 7E3694DA 5 Bytes JMP 00F4180F .text C:\WINDOWS\Otugab.exe[2756] user32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00F42412 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00F424AC .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00F4210E .text C:\WINDOWS\Otugab.exe[2756] user32.dll!BeginPaint 7E36B609 5 Bytes JMP 00F47772 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!EndPaint 7E36B61D 5 Bytes JMP 00F477E2 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00F416E1 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00F416AF .text C:\WINDOWS\Otugab.exe[2756] user32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00F42344 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00F41929 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00F42154 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00F41765 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00F417BF .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00F4793B .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetDCEx 7E36E875 5 Bytes JMP 00F47822 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00F4238D .text C:\WINDOWS\Otugab.exe[2756] user32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00F4245F .text C:\WINDOWS\Otugab.exe[2756] user32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00F424FE .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00F4219A .text C:\WINDOWS\Otugab.exe[2756] user32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00F420A0 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00F420F0 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetMessageA 7E37E002 5 Bytes JMP 00F418D6 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00F479CE .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00F42226 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00F422B8 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00F43C1C .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00F421E0 .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00F4226F .text C:\WINDOWS\Otugab.exe[2756] user32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00F422FE .text C:\WINDOWS\Otugab.exe[2756] user32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00F41728 .text C:\WINDOWS\Otugab.exe[2756] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00F4C15E .text C:\WINDOWS\Otugab.exe[2756] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00F4C1FA .text C:\WINDOWS\Otugab.exe[2756] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00F42773 .text C:\WINDOWS\Otugab.exe[2756] WS2_32.dll!send 71A5428A 2 Bytes JMP 00F497F0 .text C:\WINDOWS\Otugab.exe[2756] WS2_32.dll!send + 3 71A5428D 2 Bytes [4F, 8F] .text C:\WINDOWS\Otugab.exe[2756] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00F49811 .text C:\WINDOWS\Otugab.exe[2756] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00F497B8 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02CC0442 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 02CC0622 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 02CC06C4 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!ReleaseDC 7E36869D 5 Bytes JMP 02CC78FB .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetDC 7E3686C7 5 Bytes JMP 02CC787D .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!TranslateMessage 7E368BF6 5 Bytes JMP 02CC3AAF .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetWindowDC 7E369021 5 Bytes JMP 02CC78BC .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetMessageW 7E3691C6 5 Bytes JMP 02CC18AE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!PeekMessageW 7E36929B 5 Bytes JMP 02CC18FE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetCapture 7E3694DA 5 Bytes JMP 02CC180F .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!RegisterClassW 7E36A39A 5 Bytes JMP 02CC2412 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!RegisterClassExW 7E36AF7F 5 Bytes JMP 02CC24AC .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefWindowProcW 7E36B33C 5 Bytes JMP 02CC210E .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!BeginPaint 7E36B609 5 Bytes JMP 02CC7772 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!EndPaint 7E36B61D 5 Bytes JMP 02CC77E2 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetCursorPos 7E36BD76 5 Bytes JMP 02CC16E1 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetMessagePos 7E36BF94 5 Bytes JMP 02CC16AF .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!CallWindowProcW 7E36C64A 5 Bytes JMP 02CC2344 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!PeekMessageA 7E36C96C 5 Bytes JMP 02CC1929 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefWindowProcA 7E36D4EE 5 Bytes JMP 02CC2154 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!SetCapture 7E36D6CE 5 Bytes JMP 02CC1765 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!ReleaseCapture 7E36D6EA 5 Bytes JMP 02CC17BF .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetUpdateRect 7E36D6F7 5 Bytes JMP 02CC793B .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetDCEx 7E36E875 5 Bytes JMP 02CC7822 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!CallWindowProcA 7E36F642 5 Bytes JMP 02CC238D .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!RegisterClassA 7E370A36 5 Bytes JMP 02CC245F .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!RegisterClassExA 7E372DA0 5 Bytes JMP 02CC24FE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefDlgProcW 7E37379A 5 Bytes JMP 02CC219A .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!OpenInputDesktop 7E377C7A 5 Bytes JMP 02CC20A0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!SwitchDesktop 7E379496 5 Bytes JMP 02CC20F0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetMessageA 7E37E002 5 Bytes JMP 02CC18D6 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetUpdateRgn 7E37F5AC 5 Bytes JMP 02CC79CE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefFrameProcW 7E3807F3 5 Bytes JMP 02CC2226 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefMDIChildProcW 7E380A07 5 Bytes JMP 02CC22B8 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!GetClipboardData 7E380D7A 5 Bytes JMP 02CC3C1C .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefDlgProcA 7E38E53F 5 Bytes JMP 02CC21E0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefFrameProcA 7E39F705 5 Bytes JMP 02CC226F .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!DefMDIChildProcA 7E39F754 5 Bytes JMP 02CC22FE .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] USER32.DLL!SetCursorPos 7E3A5F53 5 Bytes JMP 02CC1728 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 02CCC15E .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 02CCC1FA .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 02CC2773 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] ws2_32.dll!send 71A5428A 2 Bytes JMP 02CC97F0 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] ws2_32.dll!send + 3 71A5428D 2 Bytes [27, 91] {DAA ; XCHG ECX, EAX} .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] ws2_32.dll!WSASend 71A56233 5 Bytes JMP 02CC9811 .text C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] ws2_32.dll!closesocket 71A59639 5 Bytes JMP 02CC97B8 .text C:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA000A .text C:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BB000A .text C:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B9000C .text C:\WINDOWS\system32\ctfmon.exe[2868] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B50442 .text C:\WINDOWS\system32\ctfmon.exe[2868] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B50622 .text C:\WINDOWS\system32\ctfmon.exe[2868] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00B506C4 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00B578FB .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00B5787D .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00B53AAF .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00B578BC .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00B518AE .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00B518FE .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00B5180F .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00B52412 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00B524AC .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00B5210E .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00B57772 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00B577E2 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00B516E1 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00B516AF .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00B52344 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00B51929 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00B52154 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00B51765 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00B517BF .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00B5793B .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00B57822 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00B5238D .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00B5245F .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00B524FE .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00B5219A .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00B520A0 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00B520F0 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00B518D6 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00B579CE .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00B52226 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00B522B8 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00B53C1C .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00B521E0 .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00B5226F .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00B522FE .text C:\WINDOWS\system32\ctfmon.exe[2868] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00B51728 .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00B5C296 .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00B5C10A .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00B5C38E .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00B5C2D9 .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00B5C15E .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00B5C362 .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00B5C318 .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00B5C0B6 .text C:\WINDOWS\system32\ctfmon.exe[2868] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00B5C1FA .text C:\WINDOWS\system32\ctfmon.exe[2868] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00B52773 .text C:\WINDOWS\system32\ctfmon.exe[2868] WS2_32.dll!send 71A5428A 2 Bytes JMP 00B597F0 .text C:\WINDOWS\system32\ctfmon.exe[2868] WS2_32.dll!send + 3 71A5428D 2 Bytes [10, 8F] .text C:\WINDOWS\system32\ctfmon.exe[2868] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00B59811 .text C:\WINDOWS\system32\ctfmon.exe[2868] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00B597B8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01020442 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01020622 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 010206C4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 010278FB .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0102787D .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01023AAF .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 010278BC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 010218AE .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 010218FE .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0102180F .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01022412 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 010224AC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0102210E .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 01027772 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 010277E2 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 010216E1 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 010216AF .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 01022344 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 01021929 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 01022154 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 01021765 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 010217BF .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0102793B .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 01027822 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0102238D .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0102245F .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 010224FE .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0102219A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 010220A0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 010220F0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 010218D6 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 010279CE .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 01022226 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 010222B8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 01023C1C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 010221E0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0102226F .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 010222FE .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 01021728 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0102C296 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0102C10A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0102C38E .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0102C2D9 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0102C15E .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0102C362 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0102C318 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0102C0B6 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0102C1FA .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 01022773 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WS2_32.dll!send 71A5428A 2 Bytes JMP 010297F0 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WS2_32.dll!send + 3 71A5428D 2 Bytes [5D, 8F] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01029811 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3008] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 010297B8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 014B0442 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 014B0622 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 014B06C4 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 014B78FB .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 014B787D .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 014B3AAF .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 014B78BC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 014B18AE .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 014B18FE .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 014B180F .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 014B2412 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 014B24AC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 014B210E .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 014B7772 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 014B77E2 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 014B16E1 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 014B16AF .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 014B2344 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 014B1929 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 014B2154 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 014B1765 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 014B17BF .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 014B793B .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 014B7822 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 014B238D .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 014B245F .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 014B24FE .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 014B219A .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 014B20A0 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 014B20F0 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 014B18D6 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 014B79CE .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 014B2226 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 014B22B8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 014B3C1C .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 014B21E0 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 014B226F .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 014B22FE .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 014B1728 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 014BC296 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 014BC10A .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 014BC38E .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 014BC2D9 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 014BC15E .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 014BC362 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 014BC318 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 014BC0B6 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 014BC1FA .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 014B2773 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WS2_32.dll!send 71A5428A 2 Bytes JMP 014B97F0 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WS2_32.dll!send + 3 71A5428D 2 Bytes [A6, 8F] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 014B9811 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 014B97B8 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00AC0442 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00AC0622 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00AC06C4 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00AC78FB .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00AC787D .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00AC3AAF .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00AC78BC .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00AC18AE .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00AC18FE .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00AC180F .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00AC2412 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00AC24AC .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00AC210E .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00AC7772 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00AC77E2 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00AC16E1 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00AC16AF .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00AC2344 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00AC1929 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00AC2154 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00AC1765 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00AC17BF .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00AC793B .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00AC7822 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00AC238D .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00AC245F .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00AC24FE .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00AC219A .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00AC20A0 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00AC20F0 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00AC18D6 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00AC79CE .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00AC2226 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00AC22B8 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00AC3C1C .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00AC21E0 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00AC226F .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00AC22FE .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00AC1728 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00ACC296 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00ACC10A .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00ACC38E .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00ACC2D9 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00ACC15E .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00ACC362 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00ACC318 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00ACC0B6 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00ACC1FA .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00AC2773 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WS2_32.dll!send 71A5428A 2 Bytes JMP 00AC97F0 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WS2_32.dll!send + 3 71A5428D 2 Bytes [07, 8F] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00AC9811 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3080] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00AC97B8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01640442 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01640622 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 016406C4 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 016478FB .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0164787D .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01643AAF .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 016478BC .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 016418AE .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 016418FE .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0164180F .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01642412 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 016424AC .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0164210E .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 01647772 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 016477E2 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 016416E1 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 016416AF .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 01642344 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 01641929 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 01642154 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 01641765 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 016417BF .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0164793B .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 01647822 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0164238D .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0164245F .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 016424FE .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0164219A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 016420A0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 016420F0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 016418D6 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 016479CE .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 01642226 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 016422B8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 01643C1C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 016421E0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0164226F .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 016422FE .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 01641728 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WS2_32.dll!send 71A5428A 2 Bytes JMP 016497F0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WS2_32.dll!send + 3 71A5428D 2 Bytes [BF, 8F] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01649811 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 016497B8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0164C296 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0164C10A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0164C38E .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0164C2D9 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0164C15E .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0164C362 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0164C318 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0164C0B6 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0164C1FA .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3116] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 01642773 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00DA0442 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DA0622 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00DA06C4 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00DA78FB .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00DA787D .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00DA3AAF .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00DA78BC .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00DA18AE .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00DA18FE .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00DA180F .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00DA2412 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00DA24AC .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00DA210E .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00DA7772 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00DA77E2 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00DA16E1 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00DA16AF .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00DA2344 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00DA1929 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00DA2154 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00DA1765 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00DA17BF .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00DA793B .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00DA7822 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00DA238D .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00DA245F .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00DA24FE .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00DA219A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00DA20A0 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00DA20F0 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00DA18D6 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00DA79CE .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00DA2226 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00DA22B8 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00DA3C1C .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00DA21E0 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00DA226F .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00DA22FE .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00DA1728 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00DAC296 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00DAC10A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00DAC38E .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00DAC2D9 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00DAC15E .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00DAC362 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00DAC318 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00DAC0B6 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00DAC1FA .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00DA2773 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WS2_32.dll!send 71A5428A 2 Bytes JMP 00DA97F0 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WS2_32.dll!send + 3 71A5428D 2 Bytes [35, 8F] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00DA9811 .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3176] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00DA97B8 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00CD0442 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CD0622 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00CD06C4 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00CD78FB .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00CD787D .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00CD3AAF .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00CD78BC .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00CD18AE .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00CD18FE .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00CD180F .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00CD2412 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00CD24AC .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00CD210E .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00CD7772 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00CD77E2 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00CD16E1 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00CD16AF .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00CD2344 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00CD1929 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00CD2154 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00CD1765 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00CD17BF .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00CD793B .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00CD7822 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00CD238D .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00CD245F .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00CD24FE .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00CD219A .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00CD20A0 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00CD20F0 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00CD18D6 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00CD79CE .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00CD2226 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00CD22B8 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00CD3C1C .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00CD21E0 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00CD226F .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00CD22FE .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00CD1728 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00CDC296 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00CDC10A .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00CDC38E .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00CDC2D9 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00CDC15E .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00CDC362 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00CDC318 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00CDC0B6 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00CDC1FA .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00CD2773 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WS2_32.dll!send 71A5428A 2 Bytes JMP 00CD97F0 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WS2_32.dll!send + 3 71A5428D 2 Bytes [28, 8F] .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00CD9811 .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[3308] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00CD97B8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B10442 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B10622 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00B106C4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00B178FB .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00B1787D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00B13AAF .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00B178BC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00B118AE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00B118FE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00B1180F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00B12412 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00B124AC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00B1210E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00B17772 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00B177E2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00B116E1 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00B116AF .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00B12344 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00B11929 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00B12154 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00B11765 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00B117BF .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00B1793B .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00B17822 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00B1238D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00B1245F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00B124FE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00B1219A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00B120A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00B120F0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00B118D6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00B179CE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00B12226 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00B122B8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00B13C1C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00B121E0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00B1226F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00B122FE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00B11728 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00B1C296 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00B1C10A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00B1C38E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00B1C2D9 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00B1C15E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00B1C362 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00B1C318 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00B1C0B6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00B1C1FA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00B12773 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WS2_32.dll!send 71A5428A 2 Bytes JMP 00B197F0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WS2_32.dll!send + 3 71A5428D 2 Bytes [0C, 8F] {OR AL, 0x8f} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00B19811 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3344] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00B197B8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01410442 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01410622 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 014106C4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 014178FB .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0141787D .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01413AAF .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 014178BC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 014118AE .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 014118FE .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0141180F .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01412412 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 014124AC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0141210E .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 01417772 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 014177E2 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 014116E1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 014116AF .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 01412344 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 01411929 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 01412154 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 01411765 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 014117BF .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0141793B .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 01417822 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0141238D .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0141245F .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 014124FE .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0141219A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 014120A0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 014120F0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 014118D6 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 014179CE .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 01412226 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 014122B8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 01413C1C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 014121E0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0141226F .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 014122FE .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 01411728 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0141C296 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0141C10A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0141C38E .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0141C2D9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0141C15E .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0141C362 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0141C318 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0141C0B6 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0141C1FA .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 01412773 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WS2_32.dll!send 71A5428A 2 Bytes JMP 014197F0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WS2_32.dll!send + 3 71A5428D 2 Bytes [9C, 8F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01419811 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3428] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 014197B8 .text C:\Program Files\QuickTime\QTTask.exe[3440] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C30442 .text C:\Program Files\QuickTime\QTTask.exe[3440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C30622 .text C:\Program Files\QuickTime\QTTask.exe[3440] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00C306C4 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00C378FB .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00C3787D .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00C33AAF .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00C378BC .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00C318AE .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00C318FE .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00C3180F .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00C32412 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00C324AC .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00C3210E .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00C37772 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00C377E2 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00C316E1 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00C316AF .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00C32344 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00C31929 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00C32154 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00C31765 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00C317BF .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00C3793B .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00C37822 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00C3238D .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00C3245F .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!RegisterClassExA 7E372DA0 3 Bytes JMP 00C324FE .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!RegisterClassExA + 4 7E372DA4 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefDlgProcW 7E37379A 3 Bytes JMP 00C3219A .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefDlgProcW + 4 7E37379E 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00C320A0 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00C320F0 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetMessageA 7E37E002 3 Bytes JMP 00C318D6 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetMessageA + 4 7E37E006 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetUpdateRgn 7E37F5AC 3 Bytes JMP 00C379CE .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetUpdateRgn + 4 7E37F5B0 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefFrameProcW 7E3807F3 3 Bytes JMP 00C32226 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefFrameProcW + 4 7E3807F7 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefMDIChildProcW 7E380A07 3 Bytes JMP 00C322B8 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefMDIChildProcW + 4 7E380A0B 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetClipboardData 7E380D7A 3 Bytes JMP 00C33C1C .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!GetClipboardData + 4 7E380D7E 1 Byte [82] .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00C321E0 .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00C3226F .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00C322FE .text C:\Program Files\QuickTime\QTTask.exe[3440] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00C31728 .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00C3C296 .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00C3C10A .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00C3C38E .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00C3C2D9 .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00C3C15E .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00C3C362 .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00C3C318 .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00C3C0B6 .text C:\Program Files\QuickTime\QTTask.exe[3440] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00C3C1FA .text C:\Program Files\QuickTime\QTTask.exe[3440] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00C32773 .text C:\Program Files\QuickTime\QTTask.exe[3440] WS2_32.dll!send 71A5428A 2 Bytes JMP 00C397F0 .text C:\Program Files\QuickTime\QTTask.exe[3440] WS2_32.dll!send + 3 71A5428D 2 Bytes [1E, 8F] .text C:\Program Files\QuickTime\QTTask.exe[3440] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00C39811 .text C:\Program Files\QuickTime\QTTask.exe[3440] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00C397B8 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01780442 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01780622 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 017806C4 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WS2_32.dll!send 71A5428A 2 Bytes JMP 017897F0 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WS2_32.dll!send + 3 71A5428D 2 Bytes [D3, 8F] .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01789811 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 017897B8 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 017878FB .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0178787D .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01783AAF .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 017878BC .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 017818AE .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 017818FE .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0178180F .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01782412 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 017824AC .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0178210E .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 01787772 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 017877E2 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 017816E1 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 017816AF .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 01782344 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 01781929 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 01782154 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 01781765 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 017817BF .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0178793B .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 01787822 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0178238D .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0178245F .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 017824FE .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0178219A .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 017820A0 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 017820F0 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 017818D6 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 017879CE .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 01782226 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 017822B8 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 01783C1C .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 017821E0 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0178226F .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 017822FE .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 01781728 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0178C296 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0178C10A .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0178C38E .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0178C2D9 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0178C15E .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0178C362 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0178C318 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0178C0B6 .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0178C1FA .text C:\Documents and Settings\Monia\Dane aplikacji\update-googleAdv.exe[3516] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 01782773 .text C:\Program Files\hidfind.exe[3536] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E10442 .text C:\Program Files\hidfind.exe[3536] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00E10622 .text C:\Program Files\hidfind.exe[3536] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00E106C4 .text C:\Program Files\hidfind.exe[3536] WS2_32.dll!send 71A5428A 2 Bytes JMP 00E197F0 .text C:\Program Files\hidfind.exe[3536] WS2_32.dll!send + 3 71A5428D 2 Bytes [3C, 8F] {CMP AL, 0x8f} .text C:\Program Files\hidfind.exe[3536] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00E19811 .text C:\Program Files\hidfind.exe[3536] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00E197B8 .text C:\Program Files\hidfind.exe[3536] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00E178FB .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00E1787D .text C:\Program Files\hidfind.exe[3536] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00E13AAF .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00E178BC .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00E118AE .text C:\Program Files\hidfind.exe[3536] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00E118FE .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00E1180F .text C:\Program Files\hidfind.exe[3536] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00E12412 .text C:\Program Files\hidfind.exe[3536] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00E124AC .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00E1210E .text C:\Program Files\hidfind.exe[3536] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00E17772 .text C:\Program Files\hidfind.exe[3536] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00E177E2 .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00E116E1 .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00E116AF .text C:\Program Files\hidfind.exe[3536] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00E12344 .text C:\Program Files\hidfind.exe[3536] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00E11929 .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00E12154 .text C:\Program Files\hidfind.exe[3536] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00E11765 .text C:\Program Files\hidfind.exe[3536] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00E117BF .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00E1793B .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00E17822 .text C:\Program Files\hidfind.exe[3536] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00E1238D .text C:\Program Files\hidfind.exe[3536] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00E1245F .text C:\Program Files\hidfind.exe[3536] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00E124FE .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00E1219A .text C:\Program Files\hidfind.exe[3536] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00E120A0 .text C:\Program Files\hidfind.exe[3536] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00E120F0 .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00E118D6 .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00E179CE .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00E12226 .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00E122B8 .text C:\Program Files\hidfind.exe[3536] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00E13C1C .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00E121E0 .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00E1226F .text C:\Program Files\hidfind.exe[3536] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00E122FE .text C:\Program Files\hidfind.exe[3536] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00E11728 .text C:\Program Files\hidfind.exe[3536] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00E1C296 .text C:\Program Files\hidfind.exe[3536] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00E1C10A .text C:\Program Files\hidfind.exe[3536] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00E1C38E .text C:\Program Files\hidfind.exe[3536] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00E1C2D9 .text C:\Program Files\hidfind.exe[3536] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00E1C15E .text C:\Program Files\hidfind.exe[3536] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00E1C362 .text C:\Program Files\hidfind.exe[3536] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00E1C318 .text C:\Program Files\hidfind.exe[3536] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00E1C0B6 .text C:\Program Files\hidfind.exe[3536] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00E1C1FA .text C:\Program Files\hidfind.exe[3536] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00E12773 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00EF0442 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00EF0622 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00EF06C4 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00EF78FB .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00EF787D .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00EF3AAF .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00EF78BC .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00EF18AE .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00EF18FE .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00EF180F .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00EF2412 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00EF24AC .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00EF210E .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00EF7772 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00EF77E2 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00EF16E1 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00EF16AF .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00EF2344 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00EF1929 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00EF2154 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00EF1765 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00EF17BF .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00EF793B .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00EF7822 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00EF238D .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00EF245F .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00EF24FE .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00EF219A .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00EF20A0 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00EF20F0 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00EF18D6 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00EF79CE .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00EF2226 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00EF22B8 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00EF3C1C .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00EF21E0 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00EF226F .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00EF22FE .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00EF1728 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00EFC296 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00EFC10A .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00EFC38E .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00EFC2D9 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00EFC15E .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00EFC362 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00EFC318 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00EFC0B6 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00EFC1FA .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00EF2773 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WS2_32.dll!send 71A5428A 2 Bytes JMP 00EF97F0 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WS2_32.dll!send + 3 71A5428D 2 Bytes [4A, 8F] .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00EF9811 .text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[3576] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00EF97B8 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 017E0442 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 017E0622 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 017E06C4 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 017E78FB .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 017E787D .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 017E3AAF .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 017E78BC .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 017E18AE .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 017E18FE .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 017E180F .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 017E2412 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 017E24AC .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 017E210E .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 017E7772 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 017E77E2 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 017E16E1 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 017E16AF .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 017E2344 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 017E1929 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 017E2154 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 017E1765 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 017E17BF .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 017E793B .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 017E7822 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 017E238D .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 017E245F .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 017E24FE .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 017E219A .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 017E20A0 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 017E20F0 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 017E18D6 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 017E79CE .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 017E2226 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 017E22B8 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 017E3C1C .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 017E21E0 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 017E226F .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 017E22FE .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 017E1728 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 017EC296 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 017EC10A .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 017EC38E .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 017EC2D9 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 017EC15E .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 017EC362 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 017EC318 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 017EC0B6 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 017EC1FA .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 017E2773 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WS2_32.dll!send 71A5428A 2 Bytes JMP 017E97F0 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WS2_32.dll!send + 3 71A5428D 2 Bytes [D9, 8F] .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 017E9811 .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[3600] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 017E97B8 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01EB0442 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01EB0622 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 01EB06C4 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WS2_32.dll!send 71A5428A 2 Bytes JMP 01EB97F0 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WS2_32.dll!send + 3 71A5428D 2 Bytes [46, 90] {INC ESI; NOP } .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01EB9811 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 01EB97B8 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 01EBC296 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 01EBC10A .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 01EBC38E .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 01EBC2D9 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 01EBC15E .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 01EBC362 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 01EBC318 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 01EBC0B6 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 01EBC1FA .text C:\Program Files\Gadu-Gadu\gg.exe[3648] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 01EB2773 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 01EB78FB .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 01EB787D .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01EB3AAF .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 01EB78BC .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 01EB18AE .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 01EB18FE .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 01EB180F .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01EB2412 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 01EB24AC .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 01EB210E .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 01EB7772 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 01EB77E2 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 01EB16E1 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 01EB16AF .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 01EB2344 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 01EB1929 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 01EB2154 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 01EB1765 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 01EB17BF .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 01EB793B .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 01EB7822 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 01EB238D .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 01EB245F .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 01EB24FE .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 01EB219A .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 01EB20A0 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 01EB20F0 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 01EB18D6 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 01EB79CE .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 01EB2226 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 01EB22B8 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 01EB3C1C .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 01EB21E0 .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 01EB226F .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 01EB22FE .text C:\Program Files\Gadu-Gadu\gg.exe[3648] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 01EB1728 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01050442 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 01050622 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 010506C4 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 010578FB .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0105787D .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01053AAF .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 010578BC .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 010518AE .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 010518FE .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0105180F .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01052412 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 010524AC .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0105210E .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 01057772 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 010577E2 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 010516E1 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 010516AF .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 01052344 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 01051929 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 01052154 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 01051765 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 010517BF .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0105793B .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 01057822 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0105238D .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0105245F .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 010524FE .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0105219A .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 010520A0 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 010520F0 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 010518D6 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 010579CE .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 01052226 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 010522B8 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 01053C1C .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 010521E0 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0105226F .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 010522FE .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 01051728 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0105C296 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0105C10A .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0105C38E .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0105C2D9 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0105C15E .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0105C362 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0105C318 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0105C0B6 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0105C1FA .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 01052773 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WS2_32.dll!send 71A5428A 2 Bytes JMP 010597F0 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WS2_32.dll!send + 3 71A5428D 2 Bytes [60, 8F] .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 01059811 .text C:\Documents and Settings\Monia\fv6ap3xh7c.exe[3720] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 010597B8 ? C:\WINDOWS\system32\svchost.exe[3848] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll .text C:\WINDOWS\system32\svchost.exe[3848] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00930442 .text C:\WINDOWS\system32\svchost.exe[3848] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00930622 .text C:\WINDOWS\system32\svchost.exe[3848] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 009306C4 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 009378FB .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0093787D .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00933AAF .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 009378BC .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 009318AE .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 009318FE .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0093180F .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00932412 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 009324AC .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0093210E .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00937772 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 009377E2 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 009316E1 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 009316AF .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00932344 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00931929 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00932154 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00931765 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 009317BF .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0093793B .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00937822 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0093238D .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0093245F .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 009324FE .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0093219A .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 009320A0 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 009320F0 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 009318D6 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 009379CE .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00932226 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 009322B8 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00933C1C .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 009321E0 .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0093226F .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 009322FE .text C:\WINDOWS\system32\svchost.exe[3848] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00931728 .text C:\WINDOWS\system32\svchost.exe[3848] WS2_32.dll!send 71A5428A 2 Bytes JMP 009397F0 .text C:\WINDOWS\system32\svchost.exe[3848] WS2_32.dll!send + 3 71A5428D 2 Bytes [EE, 8E] .text C:\WINDOWS\system32\svchost.exe[3848] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00939811 .text C:\WINDOWS\system32\svchost.exe[3848] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 009397B8 .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0093C296 .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0093C10A .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0093C38E .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0093C2D9 .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0093C15E .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0093C362 .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0093C318 .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0093C0B6 .text C:\WINDOWS\system32\svchost.exe[3848] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0093C1FA .text C:\WINDOWS\system32\svchost.exe[3848] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00932773 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 004C0442 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004C0622 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 004C06C4 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 004C78FB .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 004C787D .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 004C3AAF .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 004C78BC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 004C18AE .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 004C18FE .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 004C180F .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 004C2412 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 004C24AC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 004C210E .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 004C7772 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 004C77E2 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 004C16E1 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 004C16AF .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 004C2344 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 004C1929 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 004C2154 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 004C1765 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 004C17BF .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 004C793B .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 004C7822 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 004C238D .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 004C245F .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 004C24FE .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 004C219A .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 004C20A0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 004C20F0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 004C18D6 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 004C79CE .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 004C2226 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 004C22B8 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 004C3C1C .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 004C21E0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 004C226F .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 004C22FE .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 004C1728 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WS2_32.dll!send 71A5428A 2 Bytes JMP 004C97F0 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WS2_32.dll!send + 3 71A5428D 2 Bytes [A7, 8E] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 004C9811 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 004C97B8 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 004C2773 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 004CC296 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 004CC10A .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 004CC38E .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 004CC2D9 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 004CC15E .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 004CC362 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 004CC318 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 004CC0B6 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3900] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 004CC1FA .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00140442 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140622 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 001406C4 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00142773 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 001478FB .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0014787D .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00143AAF .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 001478BC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 001418AE .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 001418FE .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014180F .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00142412 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 001424AC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 0014210E .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00147772 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 001477E2 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 001416E1 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 001416AF .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00142344 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00141929 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00142154 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00141765 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 001417BF .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 0014793B .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00147822 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 0014238D .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 0014245F .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 001424FE .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 0014219A .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 001420A0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 001420F0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 001418D6 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 001479CE .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00142226 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 001422B8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00143C1C .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 001421E0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 0014226F .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 001422FE .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00141728 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 0014C296 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 0014C10A .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 0014C38E .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 0014C2D9 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 0014C15E .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 0014C362 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 0014C318 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 0014C0B6 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 0014C1FA .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WS2_32.dll!send 71A5428A 2 Bytes JMP 001497F0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WS2_32.dll!send + 3 71A5428D 2 Bytes [6F, 8E] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00149811 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4312] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 001497B8 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D70442 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D70622 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00D706C4 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00D778FB .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00D7787D .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00D73AAF .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00D778BC .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00D718AE .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00D718FE .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00D7180F .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00D72412 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00D724AC .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefWindowProcW 7E36B33C 5 Bytes JMP 00D7210E .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!BeginPaint 7E36B609 5 Bytes JMP 00D77772 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!EndPaint 7E36B61D 5 Bytes JMP 00D777E2 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetCursorPos 7E36BD76 5 Bytes JMP 00D716E1 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetMessagePos 7E36BF94 5 Bytes JMP 00D716AF .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!CallWindowProcW 7E36C64A 5 Bytes JMP 00D72344 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!PeekMessageA 7E36C96C 5 Bytes JMP 00D71929 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefWindowProcA 7E36D4EE 5 Bytes JMP 00D72154 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!SetCapture 7E36D6CE 5 Bytes JMP 00D71765 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!ReleaseCapture 7E36D6EA 5 Bytes JMP 00D717BF .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetUpdateRect 7E36D6F7 5 Bytes JMP 00D7793B .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetDCEx 7E36E875 5 Bytes JMP 00D77822 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!CallWindowProcA 7E36F642 5 Bytes JMP 00D7238D .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!RegisterClassA 7E370A36 5 Bytes JMP 00D7245F .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!RegisterClassExA 7E372DA0 5 Bytes JMP 00D724FE .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefDlgProcW 7E37379A 5 Bytes JMP 00D7219A .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!OpenInputDesktop 7E377C7A 5 Bytes JMP 00D720A0 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!SwitchDesktop 7E379496 5 Bytes JMP 00D720F0 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetMessageA 7E37E002 5 Bytes JMP 00D718D6 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetUpdateRgn 7E37F5AC 5 Bytes JMP 00D779CE .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefFrameProcW 7E3807F3 5 Bytes JMP 00D72226 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefMDIChildProcW 7E380A07 5 Bytes JMP 00D722B8 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!GetClipboardData 7E380D7A 5 Bytes JMP 00D73C1C .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefDlgProcA 7E38E53F 5 Bytes JMP 00D721E0 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefFrameProcA 7E39F705 5 Bytes JMP 00D7226F .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!DefMDIChildProcA 7E39F754 5 Bytes JMP 00D722FE .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] USER32.dll!SetCursorPos 7E3A5F53 5 Bytes JMP 00D71728 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 00D7C296 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 00D7C10A .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!HttpQueryInfoA 771B7992 5 Bytes JMP 00D7C38E .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 00D7C2D9 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 00D7C15E .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 00D7C362 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 00D7C318 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 00D7C0B6 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 00D7C1FA .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] CRYPT32.dll!PFXImportCertStore 77ADF748 5 Bytes JMP 00D72773 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WS2_32.dll!send 71A5428A 2 Bytes JMP 00D797F0 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WS2_32.dll!send + 3 71A5428D 2 Bytes [32, 8F] .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D79811 .text C:\Documents and Settings\Monia\Pulpit\lxq6527d.exe[5064] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D797B8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [004131D0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00413248] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [004132C0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [004131D0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00413248] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [0041336E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [004132C0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [0041336E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ShowWindow] [004132C0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExA] [004131D0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00413248] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [004132C0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [0041336E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [0041336E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe[2620] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!ShowWindow] [004132C0] C:\DOCUME~1\Monia\USTAWI~1\Temp\Ode.exe (IVCodec Setup yp/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00418C58] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00418CD0] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [00418E62] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00418D48] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [00418E62] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [00418E62] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00418C58] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00418CD0] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [00418E5C] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [00418E5C] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00418DF6] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00418D48] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00418DF6] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ShowWindow] [00418D48] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExA] [00418C58] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!MessageBoxW] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!MessageBoxA] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00418CD0] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [00418E62] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [00418D48] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [00418DF6] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxW] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxA] [00418E6E] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\WINDOWS\Otugab.exe[2756] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [00418E5C] C:\WINDOWS\Otugab.exe (dtCodec Setup n/Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [0041BDB4] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [0041BE2E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [0041BEA8] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [0041BDB4] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [0041BE2E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [0041BF5A] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041BEA8] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [0041BF5A] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ShowWindow] [0041BEA8] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExA] [0041BDB4] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [0041BE2E] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [0041BEA8] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [0041BF5A] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [0041BF5A] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe[2780] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!ShowWindow] [0041BEA8] C:\DOCUME~1\Monia\USTAWI~1\Temp\Odd.exe (Codec Setup /Simon Tatham) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DCEE4C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DEC110] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC796B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DC6C07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DC7A9B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DC7832] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DCE927] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C5B] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F25002] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B13] C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF71] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A4A0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A54] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D272] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C8127B7] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C809925] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812E86] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C92A7FA] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C90FE30] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809776] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809BD5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80BDC6] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812F2D] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [7C8111EA] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C802442] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C810647] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809740] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80E94F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C809F01] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809B57] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80EA2B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C81CDEA] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80C068] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] [7C81CE13] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C82FC1C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C830D94] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809A19] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809E11] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80BAB1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C8092B8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810D97] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C821992] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80ABD1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [7C812BC6] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [7C809E89] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C901000] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C9174E9] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C809A82] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C81043C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C802367] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C814B02] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [7C801A24] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80ABEE] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [7C80ADB0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C801D77] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [7C80B6B1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809A61] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809AF4] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8017E5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C801D4F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C810B2C] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C835107] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C834D89] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80BE11] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3848] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C814EFA] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 84ADA53B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 84ADA53B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 84ADA53B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 84ADA53B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 84ADA53B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 84ADA53B AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAB 0x34 0x37 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0x6E 0x4A 0xF2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAB 0x34 0x37 0xA1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0x6E 0x4A 0xF2 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----