1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio ads playing in background

Discussion in 'Virus & Other Malware Removal' started by gazaau, Dec 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 3033 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1292 Mb
    Hard Drives: C: Total - 223434 MB, Free - 122150 MB; D: Total - 953866 MB, Free - 716425 MB; E: Total - 14999 MB, Free - 7394 MB;
    Motherboard: Dell Inc., 0G848F, , .D9WTBH1.CN701669690022.
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled.

    Malwarebytes has just been used to remove Fake "Hard Drive Diagnostics" program. PC now appears clean but audio adverts randomly play in background without showing any programs running but with iexplore.exe process active.
    Any instructions and help you can give me would be greatly appreciated, thanks.
     
  2. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:01:05 PM, on 8/12/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\dvd43\DVD43_Tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\scotty\Downloads\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101101214318.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [{55796AFE-02E0-7747-75C5-48D5980E48B7}] C:\Users\scotty\AppData\Roaming\Ozoz\hiiq.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O15 - Trusted Zone: http://*.mcafee.com
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
    --
    End of file - 12158 bytes
     
  3. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    DDS (Ver_10-12-05.01) - NTFSx86
    Run by scotty at 14:35:15.89 on Wed 08/12/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3034.1881 [GMT 10:00]
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\dvd43\DVD43_Tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer3\TeamViewer_Service.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\scotty\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uSearch Page = hxxp://www.telstra.com/
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    mStart Page = about:blank
    uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101101214318.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [{55796AFE-02E0-7747-75C5-48D5980E48B7}] c:\users\scotty\appdata\roaming\ozoz\hiiq.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry
    mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\scotty\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\users\scotty\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    ============= SERVICES / DRIVERS ===============
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 386840]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-14 64304]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-14 164840]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-10 81920]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-10 155648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-20 93320]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-14 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-14 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-14 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-14 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-14 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-14 141792]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-7 1153368]
    R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Service.exe [2008-8-29 181544]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-14 55840]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-9 144128]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-20 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-20 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-14 313288]
    R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
    R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
    S2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-4-13 189680]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-6-9 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-6-9 79360]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-14 84264]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-20 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-20 40552]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
    S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2010-9-14 348160]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-6-9 79360]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
    =============== Created Last 30 ================
    2010-12-07 13:17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-07 13:17:41 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-12-06 13:00:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 13:00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 13:00:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-05 13:59:50 229376 ----a-w- c:\windows\system32\drivers\sst8E6B.sys
    2010-12-05 13:59:50 0 ----a-w- c:\windows\system32\drivers\sst8E6B.tmp
    2010-11-26 07:27:52 -------- d-----w- c:\users\scotty\appdata\local\Microsoft_Corporation
    2010-11-26 07:03:59 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-11-25 10:36:38 -------- d-----w- c:\users\scotty\appdata\roaming\McAfee
    2010-11-10 11:56:39 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    ==================== Find3M ====================
    2010-10-13 12:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    ============= FINISH: 14:42:51.30 ===============
     

    Attached Files:

  4. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-08 15:58:14
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
    Running: 9bvqkksp.exe; Driver: C:\Users\scotty\AppData\Local\Temp\fxryqpow.sys

    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A1480B8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A1480E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A1480CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A1480A4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwYieldExecution 8222D9D2 5 Bytes JMP 8A1480A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 823F2DA3 5 Bytes JMP 8A1480E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 824124FA 7 Bytes JMP 8A1480BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 824127BD 5 Bytes JMP 8A1480D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ? C:\Users\scotty\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Windows\system32\services.exe[764] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00130000
    .text C:\Windows\system32\services.exe[764] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 0013002C
    .text C:\Windows\system32\services.exe[764] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00130011
    .text C:\Windows\system32\services.exe[764] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00140F3F
    .text C:\Windows\system32\services.exe[764] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00140F50
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 001400BB
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00140F24
    .text C:\Windows\system32\services.exe[764] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00140056
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00140FC3
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00140F9E
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00140F61
    .text C:\Windows\system32\services.exe[764] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00140039
    .text C:\Windows\system32\services.exe[764] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00140014
    .text C:\Windows\system32\services.exe[764] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00140F7C
    .text C:\Windows\system32\services.exe[764] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00140F8D
    .text C:\Windows\system32\services.exe[764] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00140067
    .text C:\Windows\system32\services.exe[764] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00140F09
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00140FDE
    .text C:\Windows\system32\services.exe[764] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00140FEF
    .text C:\Windows\system32\services.exe[764] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 001400A0
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00150040
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00150FB9
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00150000
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00150FA8
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00150F83
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00150025
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00150FEF
    .text C:\Windows\system32\services.exe[764] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00150FD4
    .text C:\Windows\system32\services.exe[764] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00890F92
    .text C:\Windows\system32\services.exe[764] msvcrt.dll!system 774D804B 5 Bytes JMP 00890027
    .text C:\Windows\system32\services.exe[764] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00890FD2
    .text C:\Windows\system32\services.exe[764] msvcrt.dll!_open 774DD106 5 Bytes JMP 00890000
    .text C:\Windows\system32\services.exe[764] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00890FB7
    .text C:\Windows\system32\services.exe[764] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00890FE3
    .text C:\Windows\system32\services.exe[764] WS2_32.dll!socket 776E36D1 5 Bytes JMP 00DB0FEF
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 000E000A
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 000E0025
    .text C:\Windows\system32\lsass.exe[776] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 000E0FE5
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00850F3E
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 0085007A
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00850F01
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00850F12
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00850047
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00850FD4
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00850FB9
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00850069
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00850036
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00850025
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00850F79
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00850F9E
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00850058
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 008500BD
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00850FE5
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 0085000A
    .text C:\Windows\system32\lsass.exe[776] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00850F23
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00860051
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00860025
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00860FEF
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00860036
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00860062
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00860FCD
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00860FDE
    .text C:\Windows\system32\lsass.exe[776] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00860014
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00870040
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!system 774D804B 5 Bytes JMP 00870025
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 0087000A
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_open 774DD106 5 Bytes JMP 00870FE3
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00870FB5
    .text C:\Windows\system32\lsass.exe[776] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00870FC6
    .text C:\Windows\system32\lsass.exe[776] WS2_32.dll!socket 776E36D1 5 Bytes JMP 0088000A
    .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 001F0000
    .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 001F0FEF
    .text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 001F001B
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00200F04
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00200054
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 0020006F
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00200ED8
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00200F5F
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 0020001B
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00200FC0
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00200F29
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00200F70
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00200F9E
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00200F8D
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00200FAF
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00200F44
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00200EBD
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 0020000A
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00200FE5
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00200EE9
    .text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 0022002E
    .text C:\Windows\system32\svchost.exe[976] msvcrt.dll!system 774D804B 5 Bytes JMP 0022001D
    .text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00220FC1
    .text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_open 774DD106 5 Bytes JMP 00220FEF
    .text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 0022000C
    .text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00220FD2
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00210F8D
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00210FA8
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00210FE5
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 0021002F
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00210F72
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00210FD4
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 0021000A
    .text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00210FB9
    .text C:\Windows\system32\svchost.exe[976] WS2_32.dll!socket 776E36D1 5 Bytes JMP 00230FE5
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 008E0FEF
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 008E0FCD
    .text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 008E0FDE
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 008F00A9
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 008F0F59
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 008F0F37
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 008F0F48
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 008F0069
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 008F001B
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 008F0036
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 008F0084
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 008F0F9B
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 008F0058
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 008F0FB6
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 008F0047
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 008F0F74
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 008F0F1C
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 008F0FE5
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 008F0000
    .text C:\Windows\system32\svchost.exe[1036] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 008F00BA
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00CE0F9A
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!system 774D804B 5 Bytes JMP 00CE0FAB
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00CE0FC6
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_open 774DD106 5 Bytes JMP 00CE0FE3
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00CE001B
    .text C:\Windows\system32\svchost.exe[1036] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00CE0000
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00940040
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00940FAF
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00940000
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00940F9E
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00940051
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00940FDB
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00940011
    .text C:\Windows\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00940FC0
    .text C:\Windows\system32\svchost.exe[1036] WS2_32.dll!socket 776E36D1 5 Bytes JMP 00CF0000
    .text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 0013000A
    .text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00130036
    .text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00130025
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00140F72
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00140F83
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 001400EE
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 001400DD
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00140F9E
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00140FD4
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 0014002F
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 001400B8
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00140FAF
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 0014005B
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 0014006C
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 0014004A
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00140093
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00140113
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00140FE5
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00140000
    .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00140F57
    .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00310F7C
    .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!system 774D804B 5 Bytes JMP 00310FA1
    .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00310011
    .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_open 774DD106 5 Bytes JMP 00310000
    .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00310FBC
    .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00310FE3
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00160040
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00160FB9
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00160000
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00160F9E
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00160F83
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 0016001B
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00160FE5
    .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00160FCA
    .text C:\Windows\System32\svchost.exe[1184] WS2_32.dll!socket 776E36D1 5 Bytes JMP 00950FEF
    .text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 01740FE5
    .text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 0174001B
    .text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 01740000
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 017500A7
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 0175008C
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 01750F1A
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 01750F35
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 01750071
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 0175001B
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 01750FCA
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 01750F61
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 01750F8D
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 01750FB9
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 01750F9E
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 01750036
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 01750F7C
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 017500CC
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 0175000A
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 01750FEF
    .text C:\Windows\System32\svchost.exe[1216] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 01750F46
    .text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 017B0F9C
    .text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!system 774D804B 5 Bytes JMP 017B0FAD
    .text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 017B0016
    .text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_open 774DD106 5 Bytes JMP 017B0FEF
    .text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 017B0027
    .text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 017B0FD2
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 017A005B
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 017A0036
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 017A0000
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 017A0FAF
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 017A0F9E
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 017A0FDB
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 017A0011
    .text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 017A0FCA
    .text C:\Windows\System32\svchost.exe[1216] WS2_32.dll!socket 776E36D1 5 Bytes JMP 01800FEF
    .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00960FE5
    .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00960000
    .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00960FD4
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00AF0F48
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00AF0F63
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00AF0F12
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00AF0F23
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00AF0069
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00AF0011
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00AF0FC0
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00AF0F74
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00AF0058
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00AF0036
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00AF0047
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00AF0FAF
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00AF007A
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00AF0F01
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00AF0FE5
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00AF0000
    .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00AF009F
    .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 012C0FAD
    .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!system 774D804B 5 Bytes JMP 012C0FBE
    .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 012C001D
    .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_open 774DD106 5 Bytes JMP 012C0FEF
    .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 012C0038
    .text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 012C000C
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 01270FA1
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 01270FC3
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 01270FEF
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 01270FB2
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 0127005E
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 01270FD4
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 0127000A
    .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 0127002F
    .text C:\Windows\system32\svchost.exe[1268] WS2_32.dll!socket 776E36D1 5 Bytes JMP 012D0000
    .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00140FEF
    .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00140FC3
    .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00140FDE
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00150F57
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00150F68
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 001500B8
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00150F21
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00150F8D
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00150FCA
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 0015001B
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00150093
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 0015005B
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00150FB9
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00150F9E
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00150036
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00150082
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00150EFC
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00150FE5
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00150000
    .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00150F3C
    .text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00190F8B
    .text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!system 774D804B 5 Bytes JMP 00190016
    .text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00190FC1
    .text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_open 774DD106 5 Bytes JMP 00190FEF
    .text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00190FB0
    .text C:\Windows\system32\svchost.exe[1416] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00190FDE
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00180FB9
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00180FD4
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 0018000A
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 0018005B
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00180076
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 0018001B
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00180FE5
    .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00180040
    .text C:\Windows\system32\svchost.exe[1416] WS2_32.dll!socket 776E36D1 5 Bytes JMP 001A0000
    .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00DB0000
    .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00DB0FDE
    .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00DB0FEF
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 01000091
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 01000F4B
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 010000BD
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 01000F26
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 01000054
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 01000FC3
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 01000FB2
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 01000080
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 01000043
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 01000FA1
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 01000F86
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 01000028
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 0100006F
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 01000F0B
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 01000FDE
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 01000FEF
    .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 010000A2
    .text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 010A0064
    .text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!system 774D804B 5 Bytes JMP 010A0049
    .text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 010A001D
    .text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_open 774DD106 5 Bytes JMP 010A0000
    .text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 010A002E
    .text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 010A0FE3
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00DA006C
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00DA0040
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00DA0000
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00DA005B
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00DA0FB9
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00DA001B
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00DA0FE5
    .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00DA0FCA
    .text C:\Windows\system32\svchost.exe[1484] WS2_32.dll!socket 776E36D1 5 Bytes JMP 01570FEF
    .text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenA 7614D690 5 Bytes JMP 01010FEF
    .text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenW 7614DB09 5 Bytes JMP 0101000A
    .text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlA 7614F3A4 5 Bytes JMP 01010FD4
    .text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlW 76196D5F 5 Bytes JMP 01010025
    .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00CD0000
    .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00CD0FEF
    .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00CD0025
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00DF00CD
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00DF00B2
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00DF0F6C
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00DF00F9
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00DF007C
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00DF000A
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00DF001B
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00DF0F87
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00DF006B
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00DF003D
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00DF004E
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00DF002C
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00DF0097
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00DF0F51
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00DF0FD4
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00DF0FEF
    .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00DF00E8
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 0108002C
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!system 774D804B 5 Bytes JMP 01080FA1
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 01080FCD
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_open 774DD106 5 Bytes JMP 01080FEF
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 01080FBC
    .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 01080FDE
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 008E0028
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 008E0F97
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 008E0FEF
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 008E0F7C
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 008E0F6B
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 008E0FC3
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 008E0FD4
    .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 008E0FA8
    .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!socket 776E36D1 5 Bytes JMP 01090FE5
    .text C:\Windows\system32\svchost.exe[1980] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00330000
    .text C:\Windows\system32\svchost.exe[1980] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00330022
    .text C:\Windows\system32\svchost.exe[1980] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00330011
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 009C0106
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 009C00F5
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 009C0F94
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 009C012B
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 009C0FC0
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 009C0040
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 009C0051
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 009C00D0
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 009C0FD1
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 009C0073
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 009C008E
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 009C0062
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 009C00B5
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 009C0F83
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 009C0025
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 009C0000
    .text C:\Windows\system32\svchost.exe[1980] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 009C0FAF
    .text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 009D004E
    .text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!system 774D804B 5 Bytes JMP 009D0FCD
    .text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 009D0029
    .text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_open 774DD106 5 Bytes JMP 009D0000
    .text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 009D0FDE
    .text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 009D0FEF
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00180047
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00180036
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00180000
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00180FAF
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00180F94
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00180FD4
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00180FE5
    .text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00180025
    .text C:\Windows\system32\svchost.exe[1980] WS2_32.dll!socket 776E36D1 5 Bytes JMP 009E0FE5
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0090418D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0090405E
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0090422F
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00905C3B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00904AB4
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00903D02
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00903E62
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0090582D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 009057DD
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00904A21
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00905BE9
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00905891
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00905B9C
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00905B4F
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 009049A2
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 009058D7
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00904908
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00903F7C
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00903F29
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetDC 76239C31 5 Bytes JMP 00904963
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 009049E1
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 009048C8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0090485A
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00903F01
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 008F995B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0090584B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00903F51
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00905A81
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00903D34
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0090591D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00905A3B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 009059AC
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00905ACA
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00905963
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 009059F5
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00903E12
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00903DB8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00903D7B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 008F9AC8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00908AA0
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00908B55
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00908A5D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00908B29
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0090887D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 009088D1
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00908ADF
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 009089C1
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00908925
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00909A66
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0090979E
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 009097F7
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe[2068] WS2_32.dll!send 776E659B 5 Bytes JMP 009097D6
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0028418D
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0028405E
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0028422F
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00285C3B
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00284AB4
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00283D02
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00283E62
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0028582D
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 002857DD
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00284A21
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00285BE9
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00285891
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00285B9C
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00285B4F
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 002849A2
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 002858D7
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00284908
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00283F7C
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00283F29
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetDC 76239C31 5 Bytes JMP 00284963
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 002849E1
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 002848C8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0028485A
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00283F01
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0027995B
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0028584B
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00283F51
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00285A81
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00283D34
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0028591D
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00285A3B
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 002859AC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00285ACA
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00285963
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 002859F5
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00283E12
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00283DB8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00283D7B
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00279AC8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0028979E
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 002897F7
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WS2_32.dll!send 776E659B 5 Bytes JMP 002897D6
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00289A66
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00288AA0
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00288B55
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00288A5D
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00288B29
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0028887D
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 002888D1
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00288ADF
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 002889C1
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2084] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00288925
    .text C:\Windows\system32\Dwm.exe[2172] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0162418D
    .text C:\Windows\system32\Dwm.exe[2172] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0162405E
    .text C:\Windows\system32\Dwm.exe[2172] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0162422F
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 01625C3B
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 01624AB4
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 01623D02
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetCapture 7622A986 5 Bytes JMP 01623E62
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0162582D
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 016257DD
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 01624A21
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 01625BE9
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 01625891
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 01625B9C
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 01625B4F
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 016249A2
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 016258D7
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 01624908
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 01623F7C
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 01623F29
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetDC 76239C31 5 Bytes JMP 01624963
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 016249E1
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 016248C8
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0162485A
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 01623F01
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0161995B
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0162584B
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 01623F51
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 01625A81
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 01623D34
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0162591D
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 01625A3B
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 016259AC
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 01625ACA
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 01625963
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 016259F5
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 01623E12
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!SetCapture 762530AF 5 Bytes JMP 01623DB8
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 01623D7B
    .text C:\Windows\system32\Dwm.exe[2172] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 01619AC8
    .text C:\Windows\system32\Dwm.exe[2172] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0162979E
    .text C:\Windows\system32\Dwm.exe[2172] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 016297F7
    .text C:\Windows\system32\Dwm.exe[2172] WS2_32.dll!send 776E659B 5 Bytes JMP 016297D6
    .text C:\Windows\system32\Dwm.exe[2172] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 01629A66
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 01628AA0
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 01628B55
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 01628A5D
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 01628B29
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0162887D
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 016288D1
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 01628ADF
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 016289C1
    .text C:\Windows\system32\Dwm.exe[2172] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 01628925
    .text C:\Windows\system32\taskeng.exe[2240] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0209418D
    .text C:\Windows\system32\taskeng.exe[2240] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0209405E
    .text C:\Windows\system32\taskeng.exe[2240] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0209422F
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 02095C3B
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 02094AB4
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 02093D02
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetCapture 7622A986 5 Bytes JMP 02093E62
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0209582D
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 020957DD
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 02094A21
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 02095BE9
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 02095891
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 02095B9C
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 02095B4F
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 020949A2
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 020958D7
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 02094908
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 02093F7C
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 02093F29
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetDC 76239C31 5 Bytes JMP 02094963
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 020949E1
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 020948C8
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0209485A
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 02093F01
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0208995B
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0209584B
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 02093F51
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 02095A81
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 02093D34
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0209591D
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 02095A3B
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 020959AC
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 02095ACA
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 02095963
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 020959F5
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 02093E12
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!SetCapture 762530AF 5 Bytes JMP 02093DB8
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 02093D7B
    .text C:\Windows\system32\taskeng.exe[2240] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 02089AC8
    .text C:\Windows\system32\taskeng.exe[2240] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 02099A66
    .text C:\Windows\system32\taskeng.exe[2240] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0209979E
    .text C:\Windows\system32\taskeng.exe[2240] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 020997F7
    .text C:\Windows\system32\taskeng.exe[2240] WS2_32.dll!send 776E659B 5 Bytes JMP 020997D6
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 02098AA0
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 02098B55
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 02098A5D
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 02098B29
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0209887D
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 020988D1
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 02098ADF
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 020989C1
    .text C:\Windows\system32\taskeng.exe[2240] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 02098925
    .text C:\Windows\Explorer.EXE[2248] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0272418D
    .text C:\Windows\Explorer.EXE[2248] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 057F0000
    .text C:\Windows\Explorer.EXE[2248] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 057F002C
    .text C:\Windows\Explorer.EXE[2248] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 057F001B
    .text C:\Windows\Explorer.EXE[2248] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0272405E
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 058600A2
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 05860F5C
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 05860F30
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 058600BD
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 0586005B
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 05860025
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 05860FD4
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0272422F
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 05860087
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 0586004A
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 05860FA8
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 05860F8D
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 05860FC3
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 05860076
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 05860F15
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 05860FEF
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 0586000A
    .text C:\Windows\Explorer.EXE[2248] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 05860F4B
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 038D005B
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 038D0040
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 038D0FEF
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 038D0FC3
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 038D006C
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 038D0014
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 038D0FDE
    .text C:\Windows\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 038D002F
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 02725C3B
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 02724AB4
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 02723D02
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetCapture 7622A986 5 Bytes JMP 02723E62
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0272582D
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 027257DD
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 02724A21
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 02725BE9
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 02725891
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 02725B9C
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 02725B4F
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 027249A2
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 027258D7
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 02724908
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 02723F7C
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 02723F29
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetDC 76239C31 5 Bytes JMP 02724963
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 027249E1
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 027248C8
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0272485A
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 02723F01
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0271995B
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0272584B
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 02723F51
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 02725A81
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 02723D34
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0272591D
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 02725A3B
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 027259AC
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 02725ACA
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 02725963
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 027259F5
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 02723E12
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!SetCapture 762530AF 5 Bytes JMP 02723DB8
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 02723D7B
    .text C:\Windows\Explorer.EXE[2248] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 02719AC8
    .text C:\Windows\Explorer.EXE[2248] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 03D60053
    .text C:\Windows\Explorer.EXE[2248] msvcrt.dll!system 774D804B 5 Bytes JMP 03D60042
    .text C:\Windows\Explorer.EXE[2248] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 03D6000C
    .text C:\Windows\Explorer.EXE[2248] msvcrt.dll!_open 774DD106 5 Bytes JMP 03D60FEF
    .text C:\Windows\Explorer.EXE[2248] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 03D60031
    .text C:\Windows\Explorer.EXE[2248] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 03D60FD2
    .text C:\Windows\Explorer.EXE[2248] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0272979E
    .text C:\Windows\Explorer.EXE[2248] WS2_32.dll!socket 776E36D1 5 Bytes JMP 05850000
    .text C:\Windows\Explorer.EXE[2248] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 027297F7
    .text C:\Windows\Explorer.EXE[2248] WS2_32.dll!send 776E659B 5 Bytes JMP 027297D6
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 02728AA0
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 02728B55
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 02728A5D
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 02728B29
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0272887D
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetOpenA 7614D690 5 Bytes JMP 03940FEF
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetOpenW 7614DB09 5 Bytes JMP 03940FDE
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 027288D1
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetOpenUrlA 7614F3A4 5 Bytes JMP 03940014
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 02728ADF
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!InternetOpenUrlW 76196D5F 5 Bytes JMP 0394002F
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 027289C1
    .text C:\Windows\Explorer.EXE[2248] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 02728925
    .text C:\Windows\Explorer.EXE[2248] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 02729A66
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 03F6418D
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 03F6405E
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] KERNEL32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 03F6422F
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 03F65C3B
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 03F64AB4
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 03F63D02
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetCapture 7622A986 5 Bytes JMP 03F63E62
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 03F6582D
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 03F657DD
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 03F64A21
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 03F65BE9
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 03F65891
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 03F65B9C
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 03F65B4F
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 03F649A2
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 03F658D7
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 03F64908
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 03F63F7C
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 03F63F29
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetDC 76239C31 5 Bytes JMP 03F64963
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 03F649E1
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 03F648C8
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 03F6485A
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 03F63F01
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 03F5995B
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 03F6584B
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 03F63F51
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 03F65A81
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 03F63D34
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 03F6591D
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 03F65A3B
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 03F659AC
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 03F65ACA
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 03F65963
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 03F659F5
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 03F63E12
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!SetCapture 762530AF 5 Bytes JMP 03F63DB8
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 03F63D7B
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 03F59AC8
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 03F69A66
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 03F6979E
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 03F697F7
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WS2_32.dll!send 776E659B 5 Bytes JMP 03F697D6
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 03F68AA0
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 03F68B55
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 03F68A5D
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 03F68B29
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 03F6887D
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 03F688D1
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 03F68ADF
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 03F689C1
    .text C:\Program Files\Dell\DellDock\DellDock.exe[2256] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 03F68925
    .text C:\Windows\System32\igfxpers.exe[2504] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0185418D
    .text C:\Windows\System32\igfxpers.exe[2504] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0185405E
    .text C:\Windows\System32\igfxpers.exe[2504] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0185422F
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 01855C3B
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 01854AB4
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 01853D02
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetCapture 7622A986 5 Bytes JMP 01853E62
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0185582D
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 018557DD
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 01854A21
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 01855BE9
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 01855891
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 01855B9C
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 01855B4F
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 018549A2
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 018558D7
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 01854908
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 01853F7C
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 01853F29
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetDC 76239C31 5 Bytes JMP 01854963
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 018549E1
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 018548C8
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0185485A
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 01853F01
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0184995B
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0185584B
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 01853F51
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 01855A81
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 01853D34
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0185591D
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 01855A3B
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 018559AC
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 01855ACA
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 01855963
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 018559F5
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 01853E12
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!SetCapture 762530AF 5 Bytes JMP 01853DB8
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 01853D7B
    .text C:\Windows\System32\igfxpers.exe[2504] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 01849AC8
    .text C:\Windows\System32\igfxpers.exe[2504] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0185979E
    .text C:\Windows\System32\igfxpers.exe[2504] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 018597F7
    .text C:\Windows\System32\igfxpers.exe[2504] WS2_32.dll!send 776E659B 5 Bytes JMP 018597D6
    .text C:\Windows\System32\igfxpers.exe[2504] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 01859A66
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 01858AA0
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 01858B55
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 01858A5D
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 01858B29
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0185887D
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 018588D1
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 01858ADF
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 018589C1
    .text C:\Windows\System32\igfxpers.exe[2504] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 01858925
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0194418D
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0194405E
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0194422F
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 01945C3B
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 01944AB4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 01943D02
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetCapture 7622A986 5 Bytes JMP 01943E62
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0194582D
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 019457DD
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 01944A21
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 01945BE9
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 01945891
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 01945B9C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 01945B4F
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 019449A2
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 019458D7
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 01944908
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 01943F7C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 01943F29
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetDC 76239C31 5 Bytes JMP 01944963
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 019449E1
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 019448C8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0194485A
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 01943F01
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0193995B
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0194584B
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 01943F51
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 01945A81
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 01943D34
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0194591D
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 01945A3B
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 019459AC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 01945ACA
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 01945963
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 019459F5
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 01943E12
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!SetCapture 762530AF 5 Bytes JMP 01943DB8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 01943D7B
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 01939AC8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0194979E
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 019497F7
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WS2_32.dll!send 776E659B 5 Bytes JMP 019497D6
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 01949A66
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 01948AA0
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 01948B55
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 01948A5D
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 01948B29
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0194887D
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 019488D1
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 01948ADF
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 019489C1
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2540] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 01948925
    .text C:\Windows\System32\hkcmd.exe[2564] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 00C9418D
    .text C:\Windows\System32\hkcmd.exe[2564] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 00C9405E
    .text C:\Windows\System32\hkcmd.exe[2564] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 00C9422F
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00C95C3B
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00C94AB4
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00C93D02
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00C93E62
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 00C9582D
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 00C957DD
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00C94A21
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00C95BE9
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00C95891
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00C95B9C
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00C95B4F
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 00C949A2
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 00C958D7
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00C94908
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00C93F7C
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00C93F29
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetDC 76239C31 5 Bytes JMP 00C94963
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 00C949E1
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 00C948C8
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 00C9485A
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00C93F01
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 00C8995B
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 00C9584B
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00C93F51
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00C95A81
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00C93D34
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 00C9591D
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00C95A3B
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 00C959AC
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00C95ACA
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00C95963
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 00C959F5
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00C93E12
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00C93DB8
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00C93D7B
    .text C:\Windows\System32\hkcmd.exe[2564] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00C89AC8
    .text C:\Windows\System32\hkcmd.exe[2564] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 00C9979E
    .text C:\Windows\System32\hkcmd.exe[2564] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 00C997F7
    .text C:\Windows\System32\hkcmd.exe[2564] WS2_32.dll!send 776E659B 5 Bytes JMP 00C997D6
    .text C:\Windows\System32\hkcmd.exe[2564] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00C99A66
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00C98AA0
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00C98B55
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00C98A5D
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00C98B29
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 00C9887D
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 00C988D1
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00C98ADF
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 00C989C1
    .text C:\Windows\System32\hkcmd.exe[2564] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00C98925
    .text C:\Windows\System32\WLTRAY.EXE[2588] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 02A7418D
    .text C:\Windows\System32\WLTRAY.EXE[2588] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 02A7405E
    .text C:\Windows\System32\WLTRAY.EXE[2588] KERNEL32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 02A7422F
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 02A75C3B
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 02A74AB4
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 02A73D02
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetCapture 7622A986 5 Bytes JMP 02A73E62
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 02A7582D
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 02A757DD
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 02A74A21
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 02A75BE9
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 02A75891
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 02A75B9C
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 02A75B4F
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 02A749A2
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 02A758D7
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 02A74908
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 02A73F7C
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 02A73F29
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetDC 76239C31 5 Bytes JMP 02A74963
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 02A749E1
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 02A748C8
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 02A7485A
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 02A73F01
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 02A6995B
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 02A7584B
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 02A73F51
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 02A75A81
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 02A73D34
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 02A7591D
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 02A75A3B
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 02A759AC
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 02A75ACA
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 02A75963
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 02A759F5
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 02A73E12
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!SetCapture 762530AF 5 Bytes JMP 02A73DB8
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 02A73D7B
    .text C:\Windows\System32\WLTRAY.EXE[2588] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 02A69AC8
    .text C:\Windows\System32\WLTRAY.EXE[2588] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 02A7979E
    .text C:\Windows\System32\WLTRAY.EXE[2588] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 02A797F7
    .text C:\Windows\System32\WLTRAY.EXE[2588] WS2_32.dll!send 776E659B 5 Bytes JMP 02A797D6
    .text C:\Windows\System32\WLTRAY.EXE[2588] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 02A79A66
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 02A78AA0
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 02A78B55
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 02A78A5D
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 02A78B29
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 02A7887D
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 02A788D1
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 02A78ADF
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 02A789C1
    .text C:\Windows\System32\WLTRAY.EXE[2588] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 02A78925
    .text C:\Program Files\DellTPad\Apoint.exe[2600] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 019B418D
    .text C:\Program Files\DellTPad\Apoint.exe[2600] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 019B405E
    .text C:\Program Files\DellTPad\Apoint.exe[2600] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 019B422F
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 019B5C3B
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 019B4AB4
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 019B3D02
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetCapture 7622A986 5 Bytes JMP 019B3E62
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 019B582D
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 019B57DD
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 019B4A21
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 019B5BE9
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 019B5891
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 019B5B9C
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 019B5B4F
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 019B49A2
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 019B58D7
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 019B4908
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 019B3F7C
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 019B3F29
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetDC 76239C31 5 Bytes JMP 019B4963
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 019B49E1
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 019B48C8
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 019B485A
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 019B3F01
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 019A995B
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 019B584B
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 019B3F51
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 019B5A81
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 019B3D34
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 019B591D
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 019B5A3B
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 019B59AC
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 019B5ACA
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 019B5963
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 019B59F5
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 019B3E12
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!SetCapture 762530AF 5 Bytes JMP 019B3DB8
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 019B3D7B
    .text C:\Program Files\DellTPad\Apoint.exe[2600] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 019A9AC8
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 019B979E
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 019B97F7
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WS2_32.dll!send 776E659B 5 Bytes JMP 019B97D6
    .text C:\Program Files\DellTPad\Apoint.exe[2600] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 019B9A66
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 019B8AA0
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 019B8B55
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 019B8A5D
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 019B8B29
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 019B887D
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 019B88D1
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 019B8ADF
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 019B89C1
    .text C:\Program Files\DellTPad\Apoint.exe[2600] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 019B8925
     
  5. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    .text C:\Windows\System32\rundll32.exe[2620] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 008D418D
    .text C:\Windows\System32\rundll32.exe[2620] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 008D405E
    .text C:\Windows\System32\rundll32.exe[2620] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 008D422F
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 008D5C3B
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 008D4AB4
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 008D3D02
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetCapture 7622A986 5 Bytes JMP 008D3E62
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 008D582D
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 008D57DD
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 008D4A21
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 008D5BE9
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 008D5891
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 008D5B9C
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 008D5B4F
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 008D49A2
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 008D58D7
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 008D4908
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 008D3F7C
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 008D3F29
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetDC 76239C31 5 Bytes JMP 008D4963
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 008D49E1
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 008D48C8
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 008D485A
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 008D3F01
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 008C995B
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 008D584B
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 008D3F51
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 008D5A81
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 008D3D34
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 008D591D
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 008D5A3B
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 008D59AC
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 008D5ACA
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 008D5963
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 008D59F5
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 008D3E12
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!SetCapture 762530AF 5 Bytes JMP 008D3DB8
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 008D3D7B
    .text C:\Windows\System32\rundll32.exe[2620] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 008C9AC8
    .text C:\Windows\System32\rundll32.exe[2620] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 008D979E
    .text C:\Windows\System32\rundll32.exe[2620] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 008D97F7
    .text C:\Windows\System32\rundll32.exe[2620] WS2_32.dll!send 776E659B 5 Bytes JMP 008D97D6
    .text C:\Windows\System32\rundll32.exe[2620] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 008D9A66
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 008D8AA0
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 008D8B55
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 008D8A5D
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 008D8B29
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 008D887D
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 008D88D1
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 008D8ADF
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 008D89C1
    .text C:\Windows\System32\rundll32.exe[2620] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 008D8925
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 027E418D
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 027E405E
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 027E422F
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 027E5C3B
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 027E4AB4
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 027E3D02
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetCapture 7622A986 5 Bytes JMP 027E3E62
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 027E582D
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 027E57DD
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 027E4A21
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 027E5BE9
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 027E5891
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 027E5B9C
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 027E5B4F
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 027E49A2
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 027E58D7
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 027E4908
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 027E3F7C
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 027E3F29
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetDC 76239C31 5 Bytes JMP 027E4963
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 027E49E1
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 027E48C8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 027E485A
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 027E3F01
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 027D995B
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 027E584B
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 027E3F51
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 027E5A81
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 027E3D34
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 027E591D
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 027E5A3B
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 027E59AC
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 027E5ACA
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 027E5963
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 027E59F5
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!ReleaseCapture 762530A2 3 Bytes JMP 027E3E12
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!ReleaseCapture + 4 762530A6 1 Byte [8C]
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!SetCapture 762530AF 5 Bytes JMP 027E3DB8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 027E3D7B
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 027D9AC8
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 027E8AA0
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 027E8B55
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 027E8A5D
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 027E8B29
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 027E887D
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 027E88D1
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 027E8ADF
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 027E89C1
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 027E8925
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 027E979E
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 027E97F7
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] WS2_32.dll!send 776E659B 5 Bytes JMP 027E97D6
    .text C:\Program Files\Dell\QuickSet\quickset.exe[2628] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 027E9A66
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0254418D
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0254405E
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0254422F
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 02545C3B
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 02544AB4
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 02543D02
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetCapture 7622A986 5 Bytes JMP 02543E62
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0254582D
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 025457DD
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 02544A21
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 02545BE9
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 02545891
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 02545B9C
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 02545B4F
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 025449A2
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 025458D7
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 02544908
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 02543F7C
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 02543F29
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetDC 76239C31 5 Bytes JMP 02544963
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 025449E1
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 025448C8
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0254485A
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 02543F01
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0253995B
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0254584B
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 02543F51
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 02545A81
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 02543D34
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0254591D
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 02545A3B
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 025459AC
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 02545ACA
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 02545963
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 025459F5
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 02543E12
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!SetCapture 762530AF 5 Bytes JMP 02543DB8
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 02543D7B
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 02539AC8
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 02548AA0
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 02548B55
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 02548A5D
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 02548B29
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0254887D
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 025488D1
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 02548ADF
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 025489C1
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 02548925
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0254979E
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 025497F7
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] WS2_32.dll!send 776E659B 5 Bytes JMP 025497D6
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2644] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 02549A66
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0023418D
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0023405E
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0023422F
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00235C3B
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00234AB4
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00233D02
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00233E62
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0023582D
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!OpenInputDesktop 7622BCE6 3 Bytes JMP 002357DD
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!OpenInputDesktop + 4 7622BCEA 1 Byte [8A]
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00234A21
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00235BE9
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00235891
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00235B9C
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00235B4F
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetWindowDC 76233BA7 3 Bytes JMP 002349A2
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetWindowDC + 4 76233BAB 1 Byte [8A]
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 002358D7
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00234908
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00233F7C
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00233F29
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetDC 76239C31 5 Bytes JMP 00234963
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 002349E1
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 002348C8
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0023485A
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00233F01
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0022995B
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0023584B
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00233F51
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00235A81
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00233D34
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0023591D
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00235A3B
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 002359AC
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00235ACA
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00235963
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 002359F5
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00233E12
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00233DB8
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00233D7B
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00229AC8
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0023979E
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 002397F7
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WS2_32.dll!send 776E659B 5 Bytes JMP 002397D6
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00239A66
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00238AA0
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00238B55
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00238A5D
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00238B29
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0023887D
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 002388D1
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00238ADF
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 002389C1
    .text C:\Program Files\dvd43\DVD43_Tray.exe[2656] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00238925
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0099418D
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0099405E
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0099422F
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00999A66
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00995C3B
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00994AB4
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00993D02
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00993E62
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0099582D
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 009957DD
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00994A21
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00995BE9
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00995891
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00995B9C
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00995B4F
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 009949A2
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 009958D7
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00994908
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00993F7C
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00993F29
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetDC 76239C31 5 Bytes JMP 00994963
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 009949E1
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 009948C8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0099485A
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00993F01
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0098995B
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0099584B
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00993F51
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00995A81
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00993D34
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0099591D
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00995A3B
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 009959AC
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00995ACA
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00995963
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 009959F5
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00993E12
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00993DB8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00993D7B
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00989AC8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00998AA0
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00998B55
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00998A5D
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00998B29
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0099887D
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 009988D1
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00998ADF
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 009989C1
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00998925
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0099979E
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 009997F7
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[2672] WS2_32.dll!send 776E659B 5 Bytes JMP 009997D6
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0162418D
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0162405E
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0162422F
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 01625C3B
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 01624AB4
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 01623D02
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetCapture 7622A986 5 Bytes JMP 01623E62
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0162582D
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 016257DD
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 01624A21
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 01625BE9
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 01625891
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 01625B9C
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 01625B4F
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 016249A2
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 016258D7
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 01624908
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 01623F7C
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 01623F29
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetDC 76239C31 5 Bytes JMP 01624963
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 016249E1
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 016248C8
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0162485A
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 01623F01
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0161995B
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0162584B
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 01623F51
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 01625A81
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 01623D34
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0162591D
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 01625A3B
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 016259AC
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 01625ACA
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 01625963
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 016259F5
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 01623E12
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!SetCapture 762530AF 5 Bytes JMP 01623DB8
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 01623D7B
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 01619AC8
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0162979E
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 016297F7
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WS2_32.dll!send 776E659B 5 Bytes JMP 016297D6
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 01629A66
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 01628AA0
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 01628B55
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 01628A5D
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 01628B29
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0162887D
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 016288D1
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 01628ADF
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 016289C1
    .text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2692] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 01628925
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0068418D
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0068405E
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0068422F
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00685C3B
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00684AB4
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00683D02
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00683E62
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0068582D
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 006857DD
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00684A21
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00685BE9
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00685891
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00685B9C
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00685B4F
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 006849A2
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 006858D7
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00684908
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00683F7C
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00683F29
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetDC 76239C31 5 Bytes JMP 00684963
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 006849E1
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 006848C8
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0068485A
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00683F01
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0067995B
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0068584B
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00683F51
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00685A81
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00683D34
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0068591D
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00685A3B
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 006859AC
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00685ACA
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00685963
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 006859F5
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00683E12
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00683DB8
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00683D7B
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00679AC8
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0068979E
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 006897F7
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WS2_32.dll!send 776E659B 5 Bytes JMP 006897D6
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00689A66
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00688AA0
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00688B55
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00688A5D
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00688B29
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0068887D
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 006888D1
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00688ADF
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 006889C1
    .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2708] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00688925
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 01C8418D
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 01C8405E
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 01C8422F
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 01C85C3B
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 01C84AB4
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 01C83D02
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetCapture 7622A986 5 Bytes JMP 01C83E62
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 01C8582D
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 01C857DD
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 01C84A21
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 01C85BE9
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 01C85891
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 01C85B9C
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 01C85B4F
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 01C849A2
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 01C858D7
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 01C84908
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 01C83F7C
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 01C83F29
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetDC 76239C31 5 Bytes JMP 01C84963
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 01C849E1
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 01C848C8
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 01C8485A
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 01C83F01
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 01C7995B
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 01C8584B
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 01C83F51
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 01C85A81
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 01C83D34
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 01C8591D
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 01C85A3B
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 01C859AC
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 01C85ACA
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 01C85963
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 01C859F5
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 01C83E12
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!SetCapture 762530AF 5 Bytes JMP 01C83DB8
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 01C83D7B
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 01C79AC8
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 01C8979E
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 01C897F7
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WS2_32.dll!send 776E659B 5 Bytes JMP 01C897D6
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!InternetReadFile 7613654B 5 Bytes JMP 01C88AA0
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!HttpQueryInfoA 7613878D 5 Bytes JMP 01C88B55
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!InternetCloseHandle 76139088 5 Bytes JMP 01C88A5D
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 01C88B29
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!HttpSendRequestW 7613FABE 5 Bytes JMP 01C8887D
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!HttpSendRequestA 7614EE89 5 Bytes JMP 01C888D1
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!InternetReadFileExA 76153381 5 Bytes JMP 01C88ADF
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!HttpSendRequestExA 761AA642 5 Bytes JMP 01C889C1
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] WININET.DLL!HttpSendRequestExW 761AA69B 5 Bytes JMP 01C88925
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2728] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 01C89A66
    .text C:\Windows\system32\igfxsrvc.exe[2780] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0158418D
    .text C:\Windows\system32\igfxsrvc.exe[2780] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0158405E
    .text C:\Windows\system32\igfxsrvc.exe[2780] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0158422F
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 01585C3B
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 01584AB4
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 01583D02
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetCapture 7622A986 5 Bytes JMP 01583E62
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0158582D
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 015857DD
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 01584A21
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 01585BE9
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 01585891
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 01585B9C
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 01585B4F
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 015849A2
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 015858D7
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 01584908
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 01583F7C
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 01583F29
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetDC 76239C31 5 Bytes JMP 01584963
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 015849E1
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 015848C8
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0158485A
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 01583F01
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0157995B
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0158584B
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 01583F51
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 01585A81
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 01583D34
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0158591D
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 01585A3B
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 015859AC
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 01585ACA
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 01585963
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 015859F5
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 01583E12
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!SetCapture 762530AF 5 Bytes JMP 01583DB8
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 01583D7B
    .text C:\Windows\system32\igfxsrvc.exe[2780] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 01579AC8
    .text C:\Windows\system32\igfxsrvc.exe[2780] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0158979E
    .text C:\Windows\system32\igfxsrvc.exe[2780] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 015897F7
    .text C:\Windows\system32\igfxsrvc.exe[2780] WS2_32.dll!send 776E659B 5 Bytes JMP 015897D6
    .text C:\Windows\system32\igfxsrvc.exe[2780] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 01589A66
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 01588AA0
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 01588B55
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 01588A5D
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 01588B29
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0158887D
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 015888D1
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 01588ADF
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 015889C1
    .text C:\Windows\system32\igfxsrvc.exe[2780] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 01588925
    .text C:\Windows\system32\svchost.exe[3124] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 002D0000
    .text C:\Windows\system32\svchost.exe[3124] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 002D0FCA
    .text C:\Windows\system32\svchost.exe[3124] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 002D0FDB
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 002F006C
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 002F0F26
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 002F0ED5
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 002F0EF0
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 002F003D
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 002F0FAF
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 002F0000
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 002F0F37
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 002F002C
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 002F0F80
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 002F0F6F
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 002F0011
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 002F0F48
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 002F0EBA
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 002F0FCA
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 002F0FEF
    .text C:\Windows\system32\svchost.exe[3124] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 002F0F01
    .text C:\Windows\system32\svchost.exe[3124] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 002B0044
    .text C:\Windows\system32\svchost.exe[3124] msvcrt.dll!system 774D804B 5 Bytes JMP 002B0033
    .text C:\Windows\system32\svchost.exe[3124] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 002B0FCD
    .text C:\Windows\system32\svchost.exe[3124] msvcrt.dll!_open 774DD106 5 Bytes JMP 002B0FEF
    .text C:\Windows\system32\svchost.exe[3124] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 002B0022
    .text C:\Windows\system32\svchost.exe[3124] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 002B0FDE
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00100F8D
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 0010002F
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00100FEF
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00100FA8
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00100F72
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00100014
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00100FDE
    .text C:\Windows\system32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00100FC3
    .text C:\Windows\system32\svchost.exe[3124] WS2_32.dll!socket 776E36D1 5 Bytes JMP 002E0FEF
    .text C:\Windows\system32\svchost.exe[3168] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00090FEF
    .text C:\Windows\system32\svchost.exe[3168] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00090FD4
    .text C:\Windows\system32\svchost.exe[3168] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 0009000A
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 000A009D
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 000A0F61
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 000A00DD
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 000A00C2
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 000A0082
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 000A0FCA
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 000A001B
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 000A0F7C
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 000A0F9E
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 000A0036
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 000A005B
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 000A0FAF
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 000A0F8D
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 000A0F2B
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 000A0FDB
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 000A0000
    .text C:\Windows\system32\svchost.exe[3168] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 000A0F46
    .text C:\Windows\system32\svchost.exe[3168] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00080058
    .text C:\Windows\system32\svchost.exe[3168] msvcrt.dll!system 774D804B 5 Bytes JMP 00080FCD
    .text C:\Windows\system32\svchost.exe[3168] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00080FDE
    .text C:\Windows\system32\svchost.exe[3168] msvcrt.dll!_open 774DD106 5 Bytes JMP 0008000C
    .text C:\Windows\system32\svchost.exe[3168] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 0008003D
    .text C:\Windows\system32\svchost.exe[3168] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00080FEF
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00070FCA
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00070051
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00070FEF
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00070062
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00070FAF
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 0007002F
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 0007000A
    .text C:\Windows\system32\svchost.exe[3168] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00070040
    .text C:\Windows\system32\svchost.exe[3224] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 009E0000
    .text C:\Windows\system32\svchost.exe[3224] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 009E0FDB
    .text C:\Windows\system32\svchost.exe[3224] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 009E0011
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00AC0F86
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00AC00CC
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00AC0113
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00AC0102
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00AC0FA8
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00AC001B
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00AC0FD4
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00AC00B1
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00AC0076
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00AC005B
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00AC0FB9
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00AC0036
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00AC0F97
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00AC0F61
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00AC0FE5
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00AC0000
    .text C:\Windows\system32\svchost.exe[3224] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00AC00F1
    .text C:\Windows\system32\svchost.exe[3224] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00780FC8
    .text C:\Windows\system32\svchost.exe[3224] msvcrt.dll!system 774D804B 5 Bytes JMP 0078005D
    .text C:\Windows\system32\svchost.exe[3224] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 0078002E
    .text C:\Windows\system32\svchost.exe[3224] msvcrt.dll!_open 774DD106 5 Bytes JMP 00780000
    .text C:\Windows\system32\svchost.exe[3224] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00780FE3
    .text C:\Windows\system32\svchost.exe[3224] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 0078001D
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 0074004A
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00740025
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00740FEF
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00740F9E
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 0074005B
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 00740FCA
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 0074000A
    .text C:\Windows\system32\svchost.exe[3224] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00740FB9
    .text C:\Windows\system32\svchost.exe[3224] WS2_32.dll!socket 776E36D1 5 Bytes JMP 00A70FEF
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0402418D
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0402405E
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0402422F
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 04025C3B
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 04024AB4
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 04023D02
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetCapture 7622A986 5 Bytes JMP 04023E62
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0402582D
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 040257DD
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 04024A21
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 04025BE9
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 04025891
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 04025B9C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 04025B4F
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 040249A2
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 040258D7
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 04024908
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 04023F7C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 04023F29
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetDC 76239C31 5 Bytes JMP 04024963
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 040249E1
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 040248C8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0402485A
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 04023F01
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0401995B
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0402584B
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 04023F51
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 04025A81
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 04023D34
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0402591D
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 04025A3B
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 040259AC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 04025ACA
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 04025963
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 040259F5
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 04023E12
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!SetCapture 762530AF 5 Bytes JMP 04023DB8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 04023D7B
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 04019AC8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 04029A66
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0402979E
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 040297F7
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WS2_32.dll!send 776E659B 5 Bytes JMP 040297D6
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 04028AA0
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 04028B55
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 04028A5D
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 04028B29
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0402887D
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 040288D1
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 04028ADF
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 040289C1
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3252] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 04028925
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0004418D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00210000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00210FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 0021001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0004405E
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 00330091
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00330F4B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00330F0E
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00330F29
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00330F8B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00330FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00330FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0004422F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00330F5C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00330065
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00330FB2
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 0033004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 0033002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00330076
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 003300CA
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00330FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 0033000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00330F3A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 006D002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 006D0FA8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 006D0FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 006D0F97
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 006D0040
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 006D000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 006D0FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 006D0FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00045C3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CreateDialogParamW 762272A2 5 Bytes JMP 6B8FDED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00044AB4
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetAsyncKeyState 7622863C 5 Bytes JMP 6B818F0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 6B8F9AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CallNextHookEx 76228E3B 5 Bytes JMP 6B8ED14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00043D02
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 6B864686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00043E62
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0004582D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 000457DD
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!EnableWindow 7622CD8B 5 Bytes JMP 6B8FDD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00044A21
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00045BE9
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00045891
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00045B9C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00045B4F
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CreateWindowExW 76231305 5 Bytes JMP 6B8FDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 000449A2
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 000458D7
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00044908
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00043F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00043F29
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetKeyState 76238CB1 5 Bytes JMP 6B8FD30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetDC 76239C31 5 Bytes JMP 00044963
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 000449E1
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 000448C8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0004485A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00043F01
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0003995B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0004584B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00043F51
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!IsDialogMessageW 76240745 5 Bytes JMP 6B825A07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00045A81
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00043D34
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CreateDialogParamA 762417AA 5 Bytes JMP 6B9F5C93 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!IsDialogMessage 76241847 5 Bytes JMP 6B9F552F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0004591D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CreateDialogIndirectParamA 762426F1 5 Bytes JMP 6B9F5CCA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CreateDialogIndirectParamW 76249A62 5 Bytes JMP 6B9F5D01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00045A3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 000459AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00045ACA
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00045963
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 000459F5
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!SetKeyboardState 76250987 5 Bytes JMP 6B9F589E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DialogBoxParamW 762510B0 5 Bytes JMP 6B8254F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DialogBoxIndirectParamW 76252EF5 5 Bytes JMP 6B9F5027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!SendInput 76252F75 5 Bytes JMP 6B9F645B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00043E12
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00043DB8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!EndDialog 7625326E 5 Bytes JMP 6B827EAE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 6B9F64AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00039AC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DialogBoxParamA 76268152 5 Bytes JMP 6B9F4FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!DialogBoxIndirectParamA 7626847D 5 Bytes JMP 6B9F508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!MessageBoxIndirectA 7627D4D9 5 Bytes JMP 6B9F4F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!MessageBoxIndirectW 7627D5D3 5 Bytes JMP 6B9F4EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!MessageBoxExA 7627D639 5 Bytes JMP 6B9F4E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!MessageBoxExW 7627D65D 5 Bytes JMP 6B9F4E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] USER32.dll!keybd_event 7627D972 5 Bytes JMP 6B9F67DF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 006F0042
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] msvcrt.dll!system 774D804B 5 Bytes JMP 006F0FB7
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 006F0FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] msvcrt.dll!_open 774DD106 5 Bytes JMP 006F0000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 006F0FD2
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 006F0011
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] SHELL32.dll!SHRestricted + D95 763489A8 4 Bytes [4D, 30, 2C, 66] {DEC EBP; XOR [ESI], CH}
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] SHELL32.dll!SHRestricted + D9D 763489B0 8 Bytes [57, 2F, 2C, 66, 9C, 5B, 2B, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ole32.dll!OleLoadFromStream 75FF1E80 5 Bytes JMP 6B9F538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] ole32.dll!CoCreateInstance 76029F3E 5 Bytes JMP 6B8FDBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 01BE000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!recv 776E343A 5 Bytes JMP 01B4000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!socket 776E36D1 5 Bytes JMP 01680FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!connect 776E40D9 5 Bytes JMP 01BD000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!getaddrinfo 776E418A 5 Bytes JMP 0231000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 000497F7
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!send 776E659B 5 Bytes JMP 01BF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WS2_32.dll!gethostbyname 776F62D4 5 Bytes JMP 0230000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00049A66
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00048AA0
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00048B55
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00048A5D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00048B29
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpAddRequestHeadersA 7613CF46 5 Bytes JMP 01AC000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpOpenRequestA 7613D508 5 Bytes JMP 01B0000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetConnectA 7613DEAE 5 Bytes JMP 01B2000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetConnectW 7613F862 5 Bytes JMP 01B1000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0004887D
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpOpenRequestW 7613FBFB 5 Bytes JMP 01AF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpAddRequestHeadersW 7613FE49 5 Bytes JMP 01AD000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetOpenA 7614D690 5 Bytes JMP 016D0FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetOpenW 7614DB09 5 Bytes JMP 016D0000
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 000488D1
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetOpenUrlA 7614F3A4 5 Bytes JMP 016D0FC0
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00048ADF
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!InternetOpenUrlW 76196D5F 5 Bytes JMP 016D0011
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 000489C1
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00048925
    .text C:\Windows\ehome\ehtray.exe[3272] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0091418D
    .text C:\Windows\ehome\ehtray.exe[3272] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0091405E
    .text C:\Windows\ehome\ehtray.exe[3272] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0091422F
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00915C3B
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00914AB4
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00913D02
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00913E62
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0091582D
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 009157DD
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00914A21
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00915BE9
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00915891
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00915B9C
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00915B4F
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 009149A2
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 009158D7
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00914908
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00913F7C
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00913F29
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetDC 76239C31 5 Bytes JMP 00914963
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 009149E1
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 009148C8
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0091485A
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00913F01
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0090995B
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0091584B
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00913F51
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00915A81
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00913D34
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0091591D
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00915A3B
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 009159AC
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00915ACA
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00915963
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 009159F5
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00913E12
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00913DB8
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00913D7B
    .text C:\Windows\ehome\ehtray.exe[3272] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00909AC8
    .text C:\Windows\ehome\ehtray.exe[3272] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0091979E
    .text C:\Windows\ehome\ehtray.exe[3272] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 009197F7
    .text C:\Windows\ehome\ehtray.exe[3272] WS2_32.dll!send 776E659B 5 Bytes JMP 009197D6
    .text C:\Windows\ehome\ehtray.exe[3272] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00919A66
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00918AA0
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00918B55
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00918A5D
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00918B29
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0091887D
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 009188D1
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00918ADF
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 009189C1
    .text C:\Windows\ehome\ehtray.exe[3272] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00918925
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 006B418D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 006B405E
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 006B422F
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 006B5C3B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 006B4AB4
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 006B3D02
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetCapture 7622A986 5 Bytes JMP 006B3E62
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 006B582D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 006B57DD
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 006B4A21
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 006B5BE9
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 006B5891
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 006B5B9C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 006B5B4F
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 006B49A2
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 006B58D7
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 006B4908
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 006B3F7C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 006B3F29
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetDC 76239C31 5 Bytes JMP 006B4963
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 006B49E1
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 006B48C8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 006B485A
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 006B3F01
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 006A995B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 006B584B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 006B3F51
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 006B5A81
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 006B3D34
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 006B591D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 006B5A3B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 006B59AC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 006B5ACA
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 006B5963
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 006B59F5
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 006B3E12
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!SetCapture 762530AF 5 Bytes JMP 006B3DB8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 006B3D7B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 006A9AC8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 006B979E
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 006B97F7
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WS2_32.dll!send 776E659B 5 Bytes JMP 006B97D6
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 006B9A66
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 006B8AA0
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 006B8B55
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 006B8A5D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 006B8B29
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 006B887D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 006B88D1
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 006B8ADF
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 006B89C1
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3308] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 006B8925
    .text C:\Windows\System32\svchost.exe[3388] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00070FEF
    .text C:\Windows\System32\svchost.exe[3388] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 0007000A
    .text C:\Windows\System32\svchost.exe[3388] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 00070FD4
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 000800B3
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 000800A2
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00080F1C
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00080F37
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00080F9C
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00080025
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00080036
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00080091
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00080FAD
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00080051
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00080076
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00080FCA
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00080F81
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 00080F0B
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 0008000A
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00080FE5
    .text C:\Windows\System32\svchost.exe[3388] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 00080F48
    .text C:\Windows\System32\svchost.exe[3388] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 00060F92
    .text C:\Windows\System32\svchost.exe[3388] msvcrt.dll!system 774D804B 5 Bytes JMP 0006001D
    .text C:\Windows\System32\svchost.exe[3388] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 00060FC1
    .text C:\Windows\System32\svchost.exe[3388] msvcrt.dll!_open 774DD106 5 Bytes JMP 00060FEF
    .text C:\Windows\System32\svchost.exe[3388] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 0006000C
    .text C:\Windows\System32\svchost.exe[3388] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00060FD2
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegCreateKeyExA 75D839AB 1 Byte [E9]
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00050FAF
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00050FC0
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00050000
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00050051
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 00050F94
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 0005001B
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00050FE5
    .text C:\Windows\System32\svchost.exe[3388] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 0005002C
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3888] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 69BD9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3888] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 69BD9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\ehome\ehmsas.exe[4232] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0076418D
    .text C:\Windows\ehome\ehmsas.exe[4232] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0076405E
    .text C:\Windows\ehome\ehmsas.exe[4232] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0076422F
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00765C3B
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00764AB4
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00763D02
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00763E62
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0076582D
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 007657DD
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00764A21
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00765BE9
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00765891
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00765B9C
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00765B4F
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 007649A2
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 007658D7
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00764908
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00763F7C
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00763F29
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetDC 76239C31 5 Bytes JMP 00764963
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 007649E1
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 007648C8
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0076485A
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00763F01
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0075995B
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0076584B
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00763F51
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00765A81
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00763D34
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0076591D
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00765A3B
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 007659AC
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00765ACA
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00765963
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 007659F5
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00763E12
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00763DB8
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00763D7B
    .text C:\Windows\ehome\ehmsas.exe[4232] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00759AC8
    .text C:\Windows\ehome\ehmsas.exe[4232] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0076979E
    .text C:\Windows\ehome\ehmsas.exe[4232] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 007697F7
    .text C:\Windows\ehome\ehmsas.exe[4232] WS2_32.dll!send 776E659B 5 Bytes JMP 007697D6
    .text C:\Windows\ehome\ehmsas.exe[4232] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00769A66
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00768AA0
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00768B55
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00768A5D
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00768B29
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0076887D
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 007688D1
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00768ADF
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 007689C1
    .text C:\Windows\ehome\ehmsas.exe[4232] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00768925
    .text C:\Program Files\DellTPad\HidFind.exe[4548] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0031418D
    .text C:\Program Files\DellTPad\HidFind.exe[4548] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0031405E
    .text C:\Program Files\DellTPad\HidFind.exe[4548] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0031422F
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00315C3B
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00314AB4
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00313D02
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00313E62
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0031582D
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 003157DD
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00314A21
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00315BE9
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00315891
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00315B9C
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00315B4F
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 003149A2
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 003158D7
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00314908
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00313F7C
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00313F29
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetDC 76239C31 5 Bytes JMP 00314963
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 003149E1
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 003148C8
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0031485A
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00313F01
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0030995B
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0031584B
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00313F51
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00315A81
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00313D34
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0031591D
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00315A3B
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 003159AC
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00315ACA
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00315963
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 003159F5
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00313E12
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00313DB8
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00313D7B
    .text C:\Program Files\DellTPad\HidFind.exe[4548] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00309AC8
    .text C:\Program Files\DellTPad\HidFind.exe[4548] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00319A66
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0031979E
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 003197F7
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WS2_32.dll!send 776E659B 5 Bytes JMP 003197D6
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00318AA0
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00318B55
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00318A5D
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00318B29
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0031887D
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 003188D1
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00318ADF
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 003189C1
    .text C:\Program Files\DellTPad\HidFind.exe[4548] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00318925
    .text C:\Program Files\DellTPad\Apntex.exe[4568] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 003C418D
    .text C:\Program Files\DellTPad\Apntex.exe[4568] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 003C405E
    .text C:\Program Files\DellTPad\Apntex.exe[4568] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 003C422F
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 003C5C3B
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 003C4AB4
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 003C3D02
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetCapture 7622A986 5 Bytes JMP 003C3E62
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 003C582D
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 003C57DD
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 003C4A21
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 003C5BE9
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 003C5891
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 003C5B9C
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 003C5B4F
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 003C49A2
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 003C58D7
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 003C4908
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 003C3F7C
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 003C3F29
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetDC 76239C31 5 Bytes JMP 003C4963
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 003C49E1
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 003C48C8
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 003C485A
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 003C3F01
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 003B995B
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 003C584B
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 003C3F51
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 003C5A81
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 003C3D34
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 003C591D
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 003C5A3B
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 003C59AC
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 003C5ACA
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 003C5963
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 003C59F5
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 003C3E12
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!SetCapture 762530AF 5 Bytes JMP 003C3DB8
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 003C3D7B
    .text C:\Program Files\DellTPad\Apntex.exe[4568] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 003B9AC8
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 003C979E
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 003C97F7
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WS2_32.dll!send 776E659B 5 Bytes JMP 003C97D6
    .text C:\Program Files\DellTPad\Apntex.exe[4568] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 003C9A66
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 003C8AA0
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 003C8B55
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 003C8A5D
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 003C8B29
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 003C887D
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 003C88D1
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 003C8ADF
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 003C89C1
    .text C:\Program Files\DellTPad\Apntex.exe[4568] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 003C8925
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 0004418D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ntdll.dll!NtCreateFile 775F43D4 5 Bytes JMP 00110000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ntdll.dll!NtCreateProcess 775F4494 5 Bytes JMP 00110FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ntdll.dll!NtProtectVirtualMemory 775F4D34 5 Bytes JMP 0011001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 0004405E
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!GetStartupInfoW 77711929 5 Bytes JMP 001300A7
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!GetStartupInfoA 777119C9 5 Bytes JMP 00130F61
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreateProcessW 77711BF3 5 Bytes JMP 00130F2B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreateProcessA 77711C28 5 Bytes JMP 00130F46
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!VirtualProtect 77711DC3 5 Bytes JMP 00130056
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreateNamedPipeA 77712EF5 5 Bytes JMP 00130014
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreateNamedPipeW 77715C0C 5 Bytes JMP 00130FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 0004422F
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreatePipe 77738E6E 5 Bytes JMP 00130082
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!LoadLibraryExW 77739109 5 Bytes JMP 00130045
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!LoadLibraryW 77739362 5 Bytes JMP 00130F97
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!LoadLibraryExA 777394B4 5 Bytes JMP 00130F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!LoadLibraryA 777394DC 5 Bytes JMP 00130FB2
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!VirtualProtectEx 7773DBDA 5 Bytes JMP 00130071
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!GetProcAddress 7775903B 5 Bytes JMP 001300DD
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreateFileW 7775AECB 5 Bytes JMP 00130FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!CreateFileA 7775CE5F 5 Bytes JMP 00130FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] kernel32.dll!WinExec 777A5CF7 5 Bytes JMP 001300B8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegCreateKeyExA 75D839AB 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegCreateKeyExA 75D839AB 5 Bytes JMP 00150FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegCreateKeyA 75D83BA9 5 Bytes JMP 00150FC0
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegOpenKeyA 75D889C7 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegCreateKeyW 75D9391E 5 Bytes JMP 00150051
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegCreateKeyExW 75D941F1 5 Bytes JMP 0015006C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegOpenKeyExA 75D97C42 5 Bytes JMP 0015002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegOpenKeyW 75D9E2B5 5 Bytes JMP 00150011
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] ADVAPI32.dll!RegOpenKeyExW 75DA7BA1 5 Bytes JMP 00150FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00045C3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00044AB4
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00043D02
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00043E62
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 0004582D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 000457DD
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00044A21
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00045BE9
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00045891
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00045B9C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00045B4F
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!CreateWindowExW 76231305 5 Bytes JMP 6B8FDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 000449A2
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 000458D7
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00044908
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00043F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00043F29
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetDC 76239C31 5 Bytes JMP 00044963
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 000449E1
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 000448C8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 0004485A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00043F01
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 0003995B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 0004584B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00043F51
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00045A81
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00043D34
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 0004591D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00045A3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 000459AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00045ACA
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00045963
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 000459F5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxParamW 762510B0 5 Bytes JMP 6B8254F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxIndirectParamW 76252EF5 5 Bytes JMP 6B9F5027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00043E12
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00043DB8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00043D7B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00039AC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxParamA 76268152 5 Bytes JMP 6B9F4FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxIndirectParamA 7626847D 5 Bytes JMP 6B9F508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxIndirectA 7627D4D9 5 Bytes JMP 6B9F4F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxIndirectW 7627D5D3 5 Bytes JMP 6B9F4EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxExA 7627D639 5 Bytes JMP 6B9F4E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxExW 7627D65D 5 Bytes JMP 6B9F4E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] msvcrt.dll!_wsystem 774D7F2F 5 Bytes JMP 0017002E
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] msvcrt.dll!system 774D804B 5 Bytes JMP 00170FA3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] msvcrt.dll!_creat 774DBBE1 5 Bytes JMP 0017001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] msvcrt.dll!_open 774DD106 5 Bytes JMP 00170000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] msvcrt.dll!_wcreat 774DD326 5 Bytes JMP 00170FC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] msvcrt.dll!_wopen 774DD501 5 Bytes JMP 00170FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 0004979E
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!recv 776E343A 5 Bytes JMP 00AF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!socket 776E36D1 5 Bytes JMP 002C0FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!connect 776E40D9 5 Bytes JMP 00B0000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!getaddrinfo 776E418A 5 Bytes JMP 00B4000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 000497F7
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!send 776E659B 5 Bytes JMP 000497D6
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WS2_32.dll!gethostbyname 776F62D4 5 Bytes JMP 00B3000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00049A66
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00048AA0
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00048B55
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00048A5D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00048B29
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpAddRequestHeadersA 7613CF46 3 Bytes JMP 009F000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpAddRequestHeadersA + 4 7613CF4A 1 Byte [8A]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpOpenRequestA 7613D508 5 Bytes JMP 00C0000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetConnectA 7613DEAE 5 Bytes JMP 00C6000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetConnectW 7613F862 5 Bytes JMP 00C1000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 0004887D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpOpenRequestW 7613FBFB 5 Bytes JMP 00BF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpAddRequestHeadersW 7613FE49 5 Bytes JMP 00AE000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetOpenA 7614D690 5 Bytes JMP 00510000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetOpenW 7614DB09 5 Bytes JMP 0051001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 000488D1
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetOpenUrlA 7614F3A4 5 Bytes JMP 00510036
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00048ADF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!InternetOpenUrlW 76196D5F 5 Bytes JMP 00510047
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 000489C1
    .text C:\Program Files\Internet Explorer\iexplore.exe[4632] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00048925
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] ntdll.dll!LdrLoadDll 775B9390 5 Bytes JMP 00AA418D
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] ntdll.dll!NtCreateUserProcess 775F5804 5 Bytes JMP 00AA405E
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] kernel32.dll!GetFileAttributesExW 77729B95 5 Bytes JMP 00AA422F
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!RegisterClassExA 762261E1 5 Bytes JMP 00AA5C3B
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetUpdateRgn 762285E4 5 Bytes JMP 00AA4AB4
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetMessagePos 76229071 5 Bytes JMP 00AA3D02
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetCapture 7622A986 5 Bytes JMP 00AA3E62
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!SwitchDesktop 7622B8D2 5 Bytes JMP 00AA582D
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!OpenInputDesktop 7622BCE6 5 Bytes JMP 00AA57DD
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetUpdateRect 7622D3E0 5 Bytes JMP 00AA4A21
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!RegisterClassExW 7622DA30 5 Bytes JMP 00AA5BE9
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefWindowProcA 7622DB88 5 Bytes JMP 00AA5891
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!RegisterClassA 7622DF42 5 Bytes JMP 00AA5B9C
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!RegisterClassW 7622E1AB 5 Bytes JMP 00AA5B4F
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetWindowDC 76233BA7 5 Bytes JMP 00AA49A2
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefDlgProcW 76234A11 5 Bytes JMP 00AA58D7
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetDCEx 76234D22 5 Bytes JMP 00AA4908
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!PeekMessageA 76238343 5 Bytes JMP 00AA3F7C
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetMessageA 76238AB3 5 Bytes JMP 00AA3F29
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetDC 76239C31 5 Bytes JMP 00AA4963
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!ReleaseDC 76239CED 5 Bytes JMP 00AA49E1
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!EndPaint 7623A28F 5 Bytes JMP 00AA48C8
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!BeginPaint 7623A2A3 5 Bytes JMP 00AA485A
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetMessageW 7623FEF7 5 Bytes JMP 00AA3F01
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!TranslateMessage 762401AD 5 Bytes JMP 00A9995B
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefWindowProcW 762403B4 5 Bytes JMP 00AA584B
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!PeekMessageW 7624045A 5 Bytes JMP 00AA3F51
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!CallWindowProcW 7624095E 5 Bytes JMP 00AA5A81
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetCursorPos 76240B88 5 Bytes JMP 00AA3D34
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefDlgProcA 762426B8 5 Bytes JMP 00AA591D
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefMDIChildProcA 7624B031 5 Bytes JMP 00AA5A3B
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefFrameProcA 7624B24F 5 Bytes JMP 00AA59AC
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!CallWindowProcA 7624B73E 5 Bytes JMP 00AA5ACA
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefFrameProcW 7624D1F9 5 Bytes JMP 00AA5963
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!DefMDIChildProcW 7624D4F6 5 Bytes JMP 00AA59F5
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!ReleaseCapture 762530A2 5 Bytes JMP 00AA3E12
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!SetCapture 762530AF 5 Bytes JMP 00AA3DB8
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!SetCursorPos 76266FB2 5 Bytes JMP 00AA3D7B
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] USER32.dll!GetClipboardData 7626715A 5 Bytes JMP 00A99AC8
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] CRYPT32.dll!PFXImportCertStore 755F9521 5 Bytes JMP 00AA9A66
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WS2_32.dll!closesocket 776E330C 5 Bytes JMP 00AA979E
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WS2_32.dll!WSASend 776E4496 5 Bytes JMP 00AA97F7
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WS2_32.dll!send 776E659B 5 Bytes JMP 00AA97D6
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!InternetReadFile 7613654B 5 Bytes JMP 00AA8AA0
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!HttpQueryInfoA 7613878D 5 Bytes JMP 00AA8B55
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!InternetCloseHandle 76139088 5 Bytes JMP 00AA8A5D
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!InternetQueryDataAvailable 7613BF7F 5 Bytes JMP 00AA8B29
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!HttpSendRequestW 7613FABE 5 Bytes JMP 00AA887D
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!HttpSendRequestA 7614EE89 5 Bytes JMP 00AA88D1
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!InternetReadFileExA 76153381 5 Bytes JMP 00AA8ADF
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!HttpSendRequestExA 761AA642 5 Bytes JMP 00AA89C1
    .text C:\Windows\system32\SearchProtocolHost.exe[4684] WININET.dll!HttpSendRequestExW 761AA69B 5 Bytes JMP 00AA8925
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ---- Threads - GMER 1.0.15 ----
    Thread System [4:292] 86A1458D
    ---- EOF - GMER 1.0.15 ----
     
  6. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    Still getting the random audio adverts playing in the background. Soap commercial and mastercard etc!. They repeat so it is obviously not a radio station link. Also I now find Internet Explorer Google search results get redirected to unknown sites and so I close I.E. Also having trouble with I.E. form windows not allowing input randomly. Still hoping for someone who can help - Thanks.
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    Refer to the ComboFix User's Guide

    1. Download ComboFix from one of these locations:

      Link 1
      Link 2

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------
     
  8. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    Thankyou for yr help and time. Unfortunately I was just out doing my lawns. ComboFix now going through its paces on infected notebook. Will reply with log shortly. How long are you available for?
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    that's not the way the forum works, you post a reply...I get notified via email...I log on, read your post and reply...you get a notification of my reply via your email, you log on and read my reply....so neither of us actually need to be logged on to read and receive replies or respond :)
     
  10. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    ComboFix 10-12-07.06 - scotty 09/12/2010 12:08:16.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3034.2072 [GMT 10:00]
    Running from: c:\users\scotty\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\users\scotty\AppData\Roaming\Adobe\AdobeUpdate .exe
    c:\users\scotty\AppData\Roaming\Adobe\plugs
    c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic
    c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
    c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk
    c:\users\scotty\g2ax_customer_downloadhelper_win32_x86.exe
    c:\windows\system32\drivers\sst8E6B.sys
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_sst8E6B
    -------\Service_sst8E6B

    ((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
    .
    2010-12-09 02:16 . 2010-12-09 02:18 -------- d-----w- c:\users\scotty\AppData\Local\temp
    2010-12-09 02:16 . 2010-12-09 02:16 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
    2010-12-09 02:16 . 2010-12-09 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-08 09:17 . 2010-12-08 10:09 -------- d-----w- c:\users\scotty\AppData\Roaming\Kingston
    2010-12-07 13:17 . 2010-12-08 23:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-07 13:17 . 2010-12-07 14:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-12-06 13:00 . 2010-11-29 07:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 13:00 . 2010-12-06 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-06 13:00 . 2010-11-29 07:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-05 13:59 . 2010-12-05 13:59 0 ----a-w- c:\windows\system32\drivers\sst8E6B.tmp
    2010-11-26 07:27 . 2010-11-26 07:27 -------- d-----w- c:\users\scotty\AppData\Local\Microsoft_Corporation
    2010-11-26 07:03 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-25 10:36 . 2010-11-25 10:36 -------- d-----w- c:\users\scotty\AppData\Roaming\McAfee
    2010-11-12 23:53 . 2010-11-12 23:53 -------- d-----w- c:\programdata\WindowsSearch
    2010-11-10 11:56 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-13 12:28 . 2010-09-14 09:12 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-10-13 12:28 . 2010-09-14 09:12 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-10-13 12:28 . 2010-09-14 09:12 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-10-13 12:28 . 2010-09-14 09:12 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-10-13 12:28 . 2010-09-14 09:12 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2010-10-13 12:28 . 2010-09-14 09:12 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-10-13 12:28 . 2010-09-14 09:12 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-10-13 12:28 . 2010-09-14 09:12 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2010-10-13 12:28 . 2009-07-20 06:04 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-10-13 12:28 . 2009-07-20 06:04 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-10-13 12:28 . 2009-05-13 13:25 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-09-16 00:24 . 2010-09-30 08:49 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61BAC70B-C0CE-4614-B8DA-1E5AEE563EEA}\mpengine.dll
    2010-09-13 13:56 . 2010-10-14 08:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2007-11-23 14336]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
    c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-20 1316192]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\startupfolder\C:^Users^scotty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 13:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-22 18:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
    2009-11-13 06:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
    2009-01-09 18:49 405639 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2009-06-03 04:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
    2008-12-18 04:27 4823928 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
    R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-04-12 189680]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-06-09 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-09 79360]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-10-14 348160]
    R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-06-09 79360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
    R4 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
    S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-05 133632]
    S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]

    --- Other Services/Drivers In Memory ---
    *Deregistered* - mfeavfk01
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    2010-12-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-30 11:02]
    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 09:29]
    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 09:29]
    2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{34FBD01D-90E6-4E74-B50F-AA90AC85BE5D}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    2010-12-08 c:\windows\Tasks\vtscheduletask.job
    - c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-11-25 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .
    - - - - ORPHANS REMOVED - - - -
    Toolbar-Locked - (no file)
    HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
    MSConfigStartUp-ajyWlxBiFK - c:\users\scotty\AppData\Local\Temp\ajyWlxBiFK.exe
    MSConfigStartUp-BigPondWirelessBroadbandCM - c:\program files\Telstra\BigPond Wireless Broadband 2.13.16\BigPond_CM.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 12:18
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...

    c:\users\scotty\AppData\Local\Temp\Cab9CF9.tmp 30273 bytes
    c:\users\scotty\AppData\Local\Temp\Tar9CFA.tmp 65536 bytes
    scan completed successfully
    hidden files: 2
    **************************************************************************
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'Explorer.exe'(6056)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\TeamViewer3\TeamViewer_Service.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-09 12:24:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-09 02:24
    Pre-Run: 127,273,447,424 bytes free
    Post-Run: 126,911,881,216 bytes free
    - - End Of File - - 364E52A9465F82BA39DD014663AB60F9
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/7716339-post10.html
    
    File::
    c:\windows\system32\drivers\sst8E6B.tmp
    
    Collect::
    c:\users\scotty\AppData\Local\Temp\Cab9CF9.tmp 
    c:\users\scotty\AppData\Local\Temp\Tar9CFA.tmp 
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT


    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  12. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    Had some trouble getting access to Notepad and unable to disable or see if Windows Defender was running. ComboFix seems to have scanned okay.
    ComboFix 10-12-08.02 - scotty 09/12/2010 14:04:36.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3034.2099 [GMT 10:00]
    Running from: c:\users\scotty\Desktop\COMBOFIX.EXE
    Command switches used :: c:\users\scotty\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    FILE ::
    "c:\windows\system32\drivers\sst8E6B.tmp"
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\system32\drivers\sst8E6B.tmp
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
    .
    2010-12-09 04:10 . 2010-12-09 04:10 -------- d-----w- c:\users\scotty\AppData\Local\temp
    2010-12-09 04:10 . 2010-12-09 04:10 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
    2010-12-09 04:10 . 2010-12-09 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-08 09:17 . 2010-12-08 10:09 -------- d-----w- c:\users\scotty\AppData\Roaming\Kingston
    2010-12-07 13:17 . 2010-12-08 23:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-07 13:17 . 2010-12-07 14:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-12-06 13:00 . 2010-11-29 07:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 13:00 . 2010-12-06 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-06 13:00 . 2010-11-29 07:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-26 07:27 . 2010-11-26 07:27 -------- d-----w- c:\users\scotty\AppData\Local\Microsoft_Corporation
    2010-11-26 07:03 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-25 10:36 . 2010-11-25 10:36 -------- d-----w- c:\users\scotty\AppData\Roaming\McAfee
    2010-11-12 23:53 . 2010-11-12 23:53 -------- d-----w- c:\programdata\WindowsSearch
    2010-11-10 11:56 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-13 12:28 . 2010-09-14 09:12 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-10-13 12:28 . 2010-09-14 09:12 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-10-13 12:28 . 2010-09-14 09:12 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-10-13 12:28 . 2010-09-14 09:12 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-10-13 12:28 . 2010-09-14 09:12 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2010-10-13 12:28 . 2010-09-14 09:12 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-10-13 12:28 . 2010-09-14 09:12 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-10-13 12:28 . 2010-09-14 09:12 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2010-10-13 12:28 . 2009-07-20 06:04 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-10-13 12:28 . 2009-07-20 06:04 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-10-13 12:28 . 2009-05-13 13:25 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-09-16 00:24 . 2010-09-30 08:49 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61BAC70B-C0CE-4614-B8DA-1E5AEE563EEA}\mpengine.dll
    2010-09-13 13:56 . 2010-10-14 08:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2007-11-23 14336]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
    c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-20 1316192]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\startupfolder\C:^Users^scotty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 13:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-22 18:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
    2009-11-13 06:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
    2009-01-09 18:49 405639 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2009-06-03 04:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
    2008-12-18 04:27 4823928 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
    R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-04-12 189680]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-06-09 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-09 79360]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-10-14 348160]
    R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-06-09 79360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
    R4 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
    S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-05 133632]
    S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]

    --- Other Services/Drivers In Memory ---
    *Deregistered* - mfeavfk01
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    2010-12-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-30 11:02]
    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 09:29]
    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 09:29]
    2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{34FBD01D-90E6-4E74-B50F-AA90AC85BE5D}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    2010-12-08 c:\windows\Tasks\vtscheduletask.job
    - c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-11-25 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 14:10
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    Completion time: 2010-12-09 14:12:19
    ComboFix-quarantined-files.txt 2010-12-09 04:12
    ComboFix2.txt 2010-12-09 02:24
    Pre-Run: 126,837,526,528 bytes free
    Post-Run: 126,804,979,712 bytes free
    - - End Of File - - 7D636B2AF4025EA980C6C8C5D726FCAB
     
  13. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    Mbam ran okay - downloading updates for Eset online scanner failed after nearly an hour so trying that again.
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org
    Database version: 5276
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975
    9/12/2010 2:35:51 PM
    mbam-log-2010-12-09 (14-35-51).txt
    Scan type: Quick scan
    Objects scanned: 151124
    Time elapsed: 3 minute(s), 24 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  14. gazaau

    gazaau Thread Starter

    Joined:
    Dec 13, 2008
    Messages:
    22
    C:\Users\scotty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4a4764bc-283a3d7d a variant of Java/TrojanDownloader.OpenStream.NAU trojan
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following;

    Visit ADOBEand download the latest version of Acrobat Reader (version X)
    Having the latest updates ensures there are no security vulnerabilities in your system.



    NEXT



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    • Download the latest version of Java Runtime Environment (JRE) 23 and save it to your desktop.
      Scroll down to where it says JDK 6 Update 23 (JDK or JRE)
      Click the Download JRE button to the right
      Select the Windows platform from the dropdown menu.
      Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u23 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
      Click on the link to download Windows Offline Installation and save the file to your desktop.
      Close any programs you may have running - especially your web browser.
      Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
      Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
      Click the Remove or Change/Remove button.
      Repeat as many times as necessary to remove each Java versions.
      Reboot your computer once all Java components are removed.
      Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version.
      After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

      • On the General tab, under Temporary Internet Files, click the Settings button.
        Next, click on the Delete Files button
        There are two options in the window to clear the cache - Leave BOTH Checked

        • Applications and Applets
          Trace and Log Files

          Click OK on Delete Temporary Files Window
          Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
          Click OK to leave the Temporary Files Window
          Click OK to leave the Java Control Panel.


      NEXT


      P2P - I see you have P2P software Limewire installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.
      Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
      Please see this topic for more information:
      Perils of P2P File Sharing.
      I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.


      NEXT



      Please post a fresh DDS log and advise how the computer is running now and if there are any outstanding issues
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/967107

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice