1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google links redirecting

Discussion in 'Virus & Other Malware Removal' started by duncagr, Jan 3, 2011.

Thread Status:
Not open for further replies.
  1. duncagr

    duncagr Thread Starter

    Joined:
    Nov 15, 2010
    Messages:
    5
    A few weeks ago I had issues with google search results taking me to ad sites. It seems to have stopped for the moment but I'm worried it'll reappear so I want to be sure.
    Running Vista on an Advent 7110 Laptop. Thanks for any help.

    HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:45:27, on 03/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Users\Gordie\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Internet Explorer\IELowutil.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Gordie\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - (no file)
    O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - (no file) (HKCU)
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    --
    End of file - 5210 bytes

    DDS Log


    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Gordie at 20:51:34.16 on 03/01/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.880 [GMT 0:00]
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\lkcitdl.exe
    C:\Windows\system32\lkads.exe
    C:\Windows\system32\lktsrv.exe
    C:\Windows\system32\nisvcloc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Gordie\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Gordie\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Gordie\Desktop\dds.scr
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.bing.com/
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {37236812-C1A2-4529-A9CE-CFE04E3DF08A}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: ssegateway.co.uk\cwi
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    ============= SERVICES / DRIVERS ===============
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 RapportCerberus_21408;RapportCerberus_21408;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus_21408.sys [2010-12-28 46952]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2010-12-28 63160]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-12-28 156344]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-12-28 821048]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-25 517448]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-21 21504]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-20 10976]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2011-01-03 14:00:29 -------- d-----w- c:\program files\Trusteer
    2010-12-28 23:30:48 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2010-12-16 10:09:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2010-12-16 10:01:20 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2010-12-16 10:01:20 515584 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-16 10:01:20 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2010-12-16 10:01:17 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-16 10:01:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-16 10:01:12 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-16 10:01:12 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-16 10:01:11 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-16 10:01:11 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-16 10:01:04 81920 ----a-w- c:\windows\system32\consent.exe
    2010-12-16 10:00:21 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    ==================== Find3M ====================
    2010-11-16 18:51:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-08 01:20:24 89088 ----a-w- c:\windows\MBR.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    ============= FINISH: 20:53:16.69 ===============

    Ark File

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-15 21:55:36
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 HTS541080G9SA00 rev.MB4OC60D
    Running: flcs141d.exe; Driver: C:\Users\Gordie\AppData\Local\Temp\axtyapob.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    ? C:\Users\Gordie\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 0004418D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 0004405E
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 0004422F
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] kernel32.dll!CreateProcessInternalW 763E53DF 5 Bytes JMP 0007767D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 00045C3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 00044AB4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 00043D02
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 00043E62
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 0004582D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 000457DD
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 00044A21
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 00045BE9
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 00045891
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 00045B9C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 00045B4F
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!CreateWindowExW 75DB1305 5 Bytes JMP 6F06DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 000449A2
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 000458D7
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 00044908
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 00043F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 00043F29
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 00044963
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 000449E1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 000448C8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 0004485A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 00043F01
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 0003995B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefWindowProcW 75DC03B4 3 Bytes JMP 0004584B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefWindowProcW + 4 75DC03B8 1 Byte [8A]
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 00043F51
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 00045A81
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 00043D34
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 0004591D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 00045A3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 000459AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 00045ACA
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 00045963
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 000459F5
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DialogBoxParamW 75DD10B0 5 Bytes JMP 6EF954F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DialogBoxIndirectParamW 75DD2EF5 5 Bytes JMP 6F165027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 00043E12
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 00043DB8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 00043D7B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 00039AC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DialogBoxParamA 75DE8152 5 Bytes JMP 6F164FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!DialogBoxIndirectParamA 75DE847D 5 Bytes JMP 6F16508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!MessageBoxIndirectA 75DFD4D9 5 Bytes JMP 6F164F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!MessageBoxIndirectW 75DFD5D3 5 Bytes JMP 6F164EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!MessageBoxExA 75DFD639 5 Bytes JMP 6F164E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] USER32.dll!MessageBoxExW 75DFD65D 5 Bytes JMP 6F164E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ws2_32.dll!closesocket 75CB330C 5 Bytes JMP 0004979E
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ws2_32.dll!recv 75CB343A 5 Bytes JMP 0007600A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ws2_32.dll!WSASend 75CB4496 5 Bytes JMP 000497F7
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ws2_32.dll!send 75CB659B 5 Bytes JMP 000497D6
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] ws2_32.dll!WSARecv 75CB8400 5 Bytes JMP 00076194
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 00049A66
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 00048AA0
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 00048B55
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 00048A5D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 00048B29
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 0004887D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 000488D1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 00048ADF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 000489C1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1056] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 00048925
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 0004418D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 0004405E
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 0004422F
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] kernel32.dll!CreateProcessInternalW 763E53DF 5 Bytes JMP 0007767D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 00045C3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CreateDialogParamW 75DA72A2 5 Bytes JMP 6F06DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 00044AB4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetAsyncKeyState 75DA863C 5 Bytes JMP 6EF88F0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!SetWindowsHookExW 75DA87AD 5 Bytes JMP 6F069AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CallNextHookEx 75DA8E3B 5 Bytes JMP 6F05D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 00043D02
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!UnhookWindowsHookEx 75DA98DB 5 Bytes JMP 6EFD4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 00043E62
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 0004582D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 000457DD
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!EnableWindow 75DACD8B 5 Bytes JMP 6F06DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 00044A21
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 00045BE9
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 00045891
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 00045B9C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 00045B4F
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CreateWindowExW 75DB1305 5 Bytes JMP 6F06DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 000449A2
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 000458D7
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 00044908
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 00043F7C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 00043F29
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetKeyState 75DB8CB1 5 Bytes JMP 6F06D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 00044963
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 000449E1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 000448C8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 0004485A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 00043F01
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 0003995B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefWindowProcW 75DC03B4 3 Bytes JMP 0004584B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefWindowProcW + 4 75DC03B8 1 Byte [8A]
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 00043F51
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!IsDialogMessageW 75DC0745 5 Bytes JMP 6EF95A07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 00045A81
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 00043D34
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CreateDialogParamA 75DC17AA 5 Bytes JMP 6F165C93 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!IsDialogMessage 75DC1847 5 Bytes JMP 6F16552F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 0004591D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CreateDialogIndirectParamA 75DC26F1 5 Bytes JMP 6F165CCA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CreateDialogIndirectParamW 75DC9A62 5 Bytes JMP 6F165D01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 00045A3B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 000459AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 00045ACA
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 00045963
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 000459F5
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!SetKeyboardState 75DD0987 5 Bytes JMP 6F16589E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DialogBoxParamW 75DD10B0 5 Bytes JMP 6EF954F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DialogBoxIndirectParamW 75DD2EF5 5 Bytes JMP 6F165027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!SendInput 75DD2F75 5 Bytes JMP 6F16645B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 00043E12
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 00043DB8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!EndDialog 75DD326E 5 Bytes JMP 6EF97EAE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 6F1664AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 00039AC8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DialogBoxParamA 75DE8152 5 Bytes JMP 6F164FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!DialogBoxIndirectParamA 75DE847D 5 Bytes JMP 6F16508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!MessageBoxIndirectA 75DFD4D9 5 Bytes JMP 6F164F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!MessageBoxIndirectW 75DFD5D3 5 Bytes JMP 6F164EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!MessageBoxExA 75DFD639 5 Bytes JMP 6F164E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!MessageBoxExW 75DFD65D 5 Bytes JMP 6F164E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] USER32.dll!keybd_event 75DFD972 5 Bytes JMP 6F1667DF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] SHELL32.dll!SHRestricted + D95 765889A8 4 Bytes [4D, 30, 78, 73] {DEC EBP; XOR [EAX+0x73], BH}
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] SHELL32.dll!SHRestricted + D9D 765889B0 8 Bytes [57, 2F, 78, 73, 9C, 5B, 77, ...] {PUSH EDI; DAS ; JS 0x77; PUSHF ; POP EBX; JA 0x7b}
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ole32.dll!OleLoadFromStream 77101E80 5 Bytes JMP 6F16538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ole32.dll!CoCreateInstance 77139F3E 5 Bytes JMP 6F06DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ws2_32.dll!closesocket 75CB330C 5 Bytes JMP 0004979E
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ws2_32.dll!recv 75CB343A 5 Bytes JMP 0007600A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ws2_32.dll!WSASend 75CB4496 5 Bytes JMP 000497F7
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ws2_32.dll!send 75CB659B 5 Bytes JMP 000497D6
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] ws2_32.dll!WSARecv 75CB8400 5 Bytes JMP 00076194
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 00049A66
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 00048AA0
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 00048B55
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 00048A5D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 00048B29
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 0004887D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 000488D1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 00048ADF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 000489C1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1132] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 00048925
    .text C:\Windows\system32\Dwm.exe[3056] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 017E418D
    .text C:\Windows\system32\Dwm.exe[3056] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 017E405E
    .text C:\Windows\system32\Dwm.exe[3056] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 017E422F
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 017E5C3B
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 017E4AB4
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 017E3D02
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 017E3E62
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 017E582D
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 017E57DD
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 017E4A21
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 017E5BE9
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 017E5891
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 017E5B9C
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 017E5B4F
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 017E49A2
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 017E58D7
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 017E4908
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 017E3F7C
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 017E3F29
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 017E4963
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 017E49E1
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 017E48C8
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 017E485A
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 017E3F01
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 017D995B
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefWindowProcW 75DC03B4 5 Bytes JMP 017E584B
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 017E3F51
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 017E5A81
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 017E3D34
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 017E591D
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 017E5A3B
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 017E59AC
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 017E5ACA
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 017E5963
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 017E59F5
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 017E3E12
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 017E3DB8
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 017E3D7B
    .text C:\Windows\system32\Dwm.exe[3056] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 017D9AC8
    .text C:\Windows\system32\Dwm.exe[3056] WS2_32.dll!closesocket 75CB330C 5 Bytes JMP 017E979E
    .text C:\Windows\system32\Dwm.exe[3056] WS2_32.dll!WSASend 75CB4496 5 Bytes JMP 017E97F7
    .text C:\Windows\system32\Dwm.exe[3056] WS2_32.dll!send 75CB659B 5 Bytes JMP 017E97D6
    .text C:\Windows\system32\Dwm.exe[3056] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 017E9A66
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 017E8AA0
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 017E8B55
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 017E8A5D
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 017E8B29
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 017E887D
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 017E88D1
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 017E8ADF
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 017E89C1
    .text C:\Windows\system32\Dwm.exe[3056] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 017E8925
    .text C:\Windows\Explorer.EXE[3128] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 03FE418D
    .text C:\Windows\Explorer.EXE[3128] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 03FE405E
    .text C:\Windows\Explorer.EXE[3128] kernel32.dll!CreateProcessInternalW 763E53DF 5 Bytes JMP 054D766A
    .text C:\Windows\Explorer.EXE[3128] kernel32.dll!WaitForSingleObject 764097E0 5 Bytes JMP 7648DA90 C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 03FE5C3B
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 03FE4AB4
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 03FE3D02
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 03FE3E62
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 03FE582D
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 03FE57DD
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 03FE4A21
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 03FE5BE9
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 03FE5891
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 03FE5B9C
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 03FE5B4F
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 03FE49A2
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 03FE58D7
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 03FE4908
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 03FE3F7C
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 03FE3F29
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 03FE4963
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 03FE49E1
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 03FE48C8
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 03FE485A
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 03FE3F01
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 03FD995B
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefWindowProcW 75DC03B4 5 Bytes JMP 03FE584B
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 03FE3F51
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 03FE5A81
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 03FE3D34
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 03FE591D
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 03FE5A3B
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 03FE59AC
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 03FE5ACA
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 03FE5963
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 03FE59F5
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 03FE3E12
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 03FE3DB8
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 03FE3D7B
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 03FD9AC8
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 03FE8AA0
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 03FE8B55
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 03FE8A5D
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 03FE8B29
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 03FE887D
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 03FE88D1
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 03FE8ADF
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 03FE89C1
    .text C:\Windows\Explorer.EXE[3128] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 03FE8925
    .text C:\Windows\Explorer.EXE[3128] WS2_32.dll!closesocket 75CB330C 5 Bytes JMP 03FE979E
    .text C:\Windows\Explorer.EXE[3128] WS2_32.dll!WSASend 75CB4496 5 Bytes JMP 03FE97F7
    .text C:\Windows\Explorer.EXE[3128] WS2_32.dll!send 75CB659B 5 Bytes JMP 03FE97D6
    .text C:\Windows\Explorer.EXE[3128] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 03FE9A66
    .text C:\Windows\system32\taskeng.exe[3204] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 00A0418D
    .text C:\Windows\system32\taskeng.exe[3204] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 00A0405E
    .text C:\Windows\system32\taskeng.exe[3204] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 00A0422F
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 00A05C3B
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 00A04AB4
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 00A03D02
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 00A03E62
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 00A0582D
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 00A057DD
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 00A04A21
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 00A05BE9
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 00A05891
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 00A05B9C
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 00A05B4F
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 00A049A2
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 00A058D7
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 00A04908
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 00A03F7C
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 00A03F29
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 00A04963
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 00A049E1
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 00A048C8
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 00A0485A
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 00A03F01
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 009F995B
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefWindowProcW 75DC03B4 5 Bytes JMP 00A0584B
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 00A03F51
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 00A05A81
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 00A03D34
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 00A0591D
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 00A05A3B
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 00A059AC
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 00A05ACA
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 00A05963
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 00A059F5
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 00A03E12
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 00A03DB8
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 00A03D7B
    .text C:\Windows\system32\taskeng.exe[3204] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 009F9AC8
    .text C:\Windows\system32\taskeng.exe[3204] WS2_32.dll!closesocket 75CB330C 5 Bytes JMP 00A0979E
    .text C:\Windows\system32\taskeng.exe[3204] WS2_32.dll!WSASend 75CB4496 5 Bytes JMP 00A097F7
    .text C:\Windows\system32\taskeng.exe[3204] WS2_32.dll!send 75CB659B 5 Bytes JMP 00A097D6
    .text C:\Windows\system32\taskeng.exe[3204] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 00A09A66
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 00A08AA0
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 00A08B55
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 00A08A5D
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 00A08B29
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 00A0887D
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 00A088D1
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 00A08ADF
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 00A089C1
    .text C:\Windows\system32\taskeng.exe[3204] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 00A08925
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 008B418D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 008B405E
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 008B422F
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 008B5C3B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 008B4AB4
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 008B3D02
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 008B3E62
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 008B582D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 008B57DD
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 008B4A21
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 008B5BE9
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 008B5891
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 008B5B9C
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 008B5B4F
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 008B49A2
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 008B58D7
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 008B4908
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 008B3F7C
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 008B3F29
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 008B4963
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 008B49E1
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 008B48C8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 008B485A
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 008B3F01
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 008A995B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefWindowProcW 75DC03B4 5 Bytes JMP 008B584B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 008B3F51
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 008B5A81
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 008B3D34
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 008B591D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 008B5A3B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 008B59AC
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 008B5ACA
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 008B5963
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 008B59F5
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 008B3E12
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 008B3DB8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 008B3D7B
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 008A9AC8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 008B8AA0
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 008B8B55
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 008B8A5D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 008B8B29
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 008B887D
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 008B88D1
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 008B8ADF
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 008B89C1
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 008B8925
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 008B9A66
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WS2_32.dll!closesocket 75CB330C 5 Bytes JMP 008B979E
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WS2_32.dll!WSASend 75CB4496 5 Bytes JMP 008B97F7
    .text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[3376] WS2_32.dll!send 75CB659B 5 Bytes JMP 008B97D6
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 0004418D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 0004405E
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 0004422F
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 00045C3B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 00044AB4
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 00043D02
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 00043E62
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 0004582D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 000457DD
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 00044A21
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 00045BE9
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 00045891
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 00045B9C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 00045B4F
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 000449A2
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 000458D7
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 00044908
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 00043F7C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 00043F29
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 00044963
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 000449E1
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 000448C8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 0004485A
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 00043F01
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 0003995B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefWindowProcW 75DC03B4 3 Bytes JMP 0004584B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefWindowProcW + 4 75DC03B8 1 Byte [8A]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 00043F51
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 00045A81
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 00043D34
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 0004591D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 00045A3B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 000459AC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 00045ACA
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 00045963
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 000459F5
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 00043E12
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 00043DB8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 00043D7B
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 00039AC8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WS2_32.dll!closesocket 75CB330C 5 Bytes JMP 0004979E
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WS2_32.dll!WSASend 75CB4496 5 Bytes JMP 000497F7
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WS2_32.dll!send 75CB659B 5 Bytes JMP 000497D6
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 00049A66
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 00048AA0
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 00048B55
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 00048A5D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 00048B29
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 0004887D
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 000488D1
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 00048ADF
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 000489C1
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3452] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 00048925
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] ntdll.dll!LdrLoadDll 77259390 5 Bytes JMP 0028418D
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] ntdll.dll!NtCreateUserProcess 77295804 5 Bytes JMP 0028405E
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] kernel32.dll!GetFileAttributesExW 763D9B95 5 Bytes JMP 0028422F
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!RegisterClassExA 75DA61E1 5 Bytes JMP 00285C3B
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetUpdateRgn 75DA85E4 5 Bytes JMP 00284AB4
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetMessagePos 75DA9071 5 Bytes JMP 00283D02
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetCapture 75DAA986 5 Bytes JMP 00283E62
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!SwitchDesktop 75DAB8D2 5 Bytes JMP 0028582D
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!OpenInputDesktop 75DABCE6 5 Bytes JMP 002857DD
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetUpdateRect 75DAD3E0 5 Bytes JMP 00284A21
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!RegisterClassExW 75DADA30 5 Bytes JMP 00285BE9
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefWindowProcA 75DADB88 5 Bytes JMP 00285891
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!RegisterClassA 75DADF42 5 Bytes JMP 00285B9C
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!RegisterClassW 75DAE1AB 5 Bytes JMP 00285B4F
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetWindowDC 75DB3BA7 5 Bytes JMP 002849A2
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefDlgProcW 75DB4A11 5 Bytes JMP 002858D7
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetDCEx 75DB4D22 5 Bytes JMP 00284908
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!PeekMessageA 75DB8343 5 Bytes JMP 00283F7C
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetMessageA 75DB8AB3 5 Bytes JMP 00283F29
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetDC 75DB9C31 5 Bytes JMP 00284963
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!ReleaseDC 75DB9CED 5 Bytes JMP 002849E1
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!EndPaint 75DBA28F 5 Bytes JMP 002848C8
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!BeginPaint 75DBA2A3 5 Bytes JMP 0028485A
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetMessageW 75DBFEF7 5 Bytes JMP 00283F01
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!TranslateMessage 75DC01AD 5 Bytes JMP 0027995B
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefWindowProcW 75DC03B4 5 Bytes JMP 0028584B
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!PeekMessageW 75DC045A 5 Bytes JMP 00283F51
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!CallWindowProcW 75DC095E 5 Bytes JMP 00285A81
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetCursorPos 75DC0B88 5 Bytes JMP 00283D34
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefDlgProcA 75DC26B8 5 Bytes JMP 0028591D
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefMDIChildProcA 75DCB031 5 Bytes JMP 00285A3B
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefFrameProcA 75DCB24F 5 Bytes JMP 002859AC
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!CallWindowProcA 75DCB73E 5 Bytes JMP 00285ACA
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefFrameProcW 75DCD1F9 5 Bytes JMP 00285963
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!DefMDIChildProcW 75DCD4F6 5 Bytes JMP 002859F5
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!ReleaseCapture 75DD30A2 5 Bytes JMP 00283E12
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!SetCapture 75DD30AF 5 Bytes JMP 00283DB8
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!SetCursorPos 75DE6FB2 5 Bytes JMP 00283D7B
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] USER32.dll!GetClipboardData 75DE715A 5 Bytes JMP 00279AC8
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WS2_32.dll!closesocket 75CB330C 5 Bytes JMP 0028979E
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WS2_32.dll!WSASend 75CB4496 5 Bytes JMP 002897F7
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WS2_32.dll!send 75CB659B 5 Bytes JMP 002897D6
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] CRYPT32.dll!PFXImportCertStore 75279521 5 Bytes JMP 00289A66
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!InternetReadFile 75EE654B 5 Bytes JMP 00288AA0
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!HttpQueryInfoA 75EE878D 5 Bytes JMP 00288B55
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!InternetCloseHandle 75EE9088 5 Bytes JMP 00288A5D
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!InternetQueryDataAvailable 75EEBF7F 5 Bytes JMP 00288B29
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!HttpSendRequestW 75EEFABE 5 Bytes JMP 0028887D
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!HttpSendRequestA 75EFEE89 5 Bytes JMP 002888D1
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!InternetReadFileExA 75F03381 5 Bytes JMP 00288ADF
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!HttpSendRequestExA 75F5A642 5 Bytes JMP 002889C1
    .text C:\Windows\system32\wbem\unsecapp.exe[3976] WININET.dll!HttpSendRequestExW 75F5A69B 5 Bytes JMP 00288925
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972483

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice