Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVT.exe, Google redirect rootkit


  • This topic is locked This topic is locked
5 replies to this topic

#1 sazmeister

sazmeister

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 27 September 2010 - 05:36 PM

Hi!

I have been helped on this forum before and would be very grateful for another round! I'm trying to fix my dad's laptop this time, he has a Dell laptop running XP. He says a fake XP Security pop-up appeared and he clicked it, thus infecting his system. I installed Avira Antivir which cleared up some of it, I tried to run Malwarebytes Anti-malware but it caused a blue screen. DDS won't run as it is 'not a valid Win32 application' and Gmer causes blue screen upon completion so I stopped it near the end to get a log.

Before I ran Avira Antivir, the task manager was disabled (I think I googled how to fix that!) and there was a constant warning box on the bottom right saying my computer was 'in danger.' Google redirect virus is still there, Adobe Acrobat is having lots of problems, and the process 'avt.exe' was running whilst the XP Security pop-up was open. It seems to have gone from running processes now.

Am posting the Gmer log below, any help would be massively appreciated! =)

Sarah
~x~

EDIT: tried to do an OTL scan instead and got the same error message as DDS =( I also ran RKill and it terminated:

C:\Documents and Settings\gjones\Application Data\Microsoft\windows\shell.exe
C:\Documents and Settings\gjones\Application Data\Microsoft\svchost.exe
C:\DOCUME~1\gjones\LOCALS~1\Temp\dwm.exe
C:\Documents and Settings\gjones\Desktop\rkill.exe

Renamed MBAM to iexplore.exe and it worked! I have also attached the log for that below.

Attached Files


Edited by sazmeister, 27 September 2010 - 07:13 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 01 October 2010 - 07:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Note...download the randomly named GMER file and rename OTL to something else to get them to run.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 sazmeister

sazmeister
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 01 October 2010 - 09:00 PM

Hi,

Am posting the latest Gmer log below, it's started causing blue screens even if I stop it manually but I've got as much as I could! Tried OTL again and got the same 'not a valid Win32 application' error message. I saved it under a different name on both occasions and tried running RKill beforehand but no luck.

My dad is primarily concerned that Adobe has stopped working since the virus, any ideas on how this might have been caused and whether it is fixable? The error message says 'a serious error has been detected' when I try to open it, and on startup an error message says 'Acrobat is not activated.' I'd try a reinstall but having Googled it it doesn't look like this works for other users...I bring this up because if Adobe cannot be saved my dad will probably just wipe his laptop anyway and I won't need to bother virus-busting =p

Many thanks!
Sarah ~x~

----------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-02 02:31:20
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\gjones\LOCALS~1\Temp\fwryyaow.sys


---- System - GMER 1.0.15 ----

SSDT 86AA5928 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAAF5A350]
SSDT 86774B48 ZwQueryValueKey
SSDT 86684A90 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAAF5A580]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[108] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 012F3FA7
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 012F418D
.text C:\Program Files\Internet Explorer\iexplore.exe[108] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 012F422F
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 012F49E1
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 012F4963
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 012E995B
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 012F49A2
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 012F3F01
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 012F3F51
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 012F3E62
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 012F5B4F
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 012F5BE9
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 012F584B
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 012F485A
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 012F48C8
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 012F3D34
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 012F3D02
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 012F5A81
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 012F3F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 012F5891
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 012F3DB8
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 012F3E12
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 012F4A21
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 012F4908
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 012F5ACA
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 012F5B9C
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 012F5C3B
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 012F58D7
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 012F57DD
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 012F582D
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 012F3F29
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 012F4AB4
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [EC, 82]
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 012F5963
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 012F59F5
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 012E9AC8
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 012F591D
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 012F59AC
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 012F5A3B
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 012F3D7B
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ws2_32.dll!send 71AB428A 2 Bytes JMP 012F97D6
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ws2_32.dll!send + 3 71AB428D 2 Bytes [84, 8F]
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 012F97F7
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 012F979E
.text C:\Program Files\Internet Explorer\iexplore.exe[108] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 012F9A66
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 012F8A5D
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 012F8B55
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 012F8AA0
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 012F8B29
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 012F88D1
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 012F8925
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 012F887D
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 012F8ADF
.text C:\Program Files\Internet Explorer\iexplore.exe[108] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 012F89C1
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01173FA7
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0117418D
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0117422F
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 011749E1
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01174963
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0116995B
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 011749A2
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 01173F01
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01173F51
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01173E62
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 01175B4F
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01175BE9
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0117584B
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0117485A
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 011748C8
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01173D34
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 01173D02
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 01175A81
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 01173F7C
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 01175891
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 01173DB8
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 01173E12
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 01174A21
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 01174908
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 01175ACA
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 01175B9C
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 01175C3B
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 011758D7
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 011757DD
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0117582D
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 01173F29
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 01174AB4
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [D4, 82] {AAM 0x82}
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 01175963
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 011759F5
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01169AC8
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0117591D
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 011759AC
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 01175A3B
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 01173D7B
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] Crypt32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01179A66
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WS2_32.dll!send 71AB428A 2 Bytes JMP 011797D6
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WS2_32.dll!send + 3 71AB428D 2 Bytes [6C, 8F]
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 011797F7
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0117979E
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 01178A5D
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 01178B55
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 01178AA0
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 01178B29
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 011788D1
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 01178925
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0117887D
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 01178ADF
.text C:\PROGRA~1\Symantec AntiVirus\VPTray.exe[604] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 011789C1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00143FA7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0014418D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0014422F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 001449E1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00144963
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013995B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 001449A2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00143F01
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00143F51
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00143E62
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00145B4F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00145BE9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0014584B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0014485A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 001448C8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00143D34
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00143D02
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00145A81
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00143F7C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00145891
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00143DB8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00143E12
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00144A21
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00144908
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00145ACA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00145B9C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00145C3B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 001458D7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 001457DD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0014582D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00143F29
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00144AB4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [D1, 81]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00145963
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 001459F5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00139AC8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0014591D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 001459AC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00145A3B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00143D7B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WS2_32.dll!send 71AB428A 2 Bytes JMP 001497D6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WS2_32.dll!send + 3 71AB428D 2 Bytes [69, 8E]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 001497F7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0014979E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00149A66
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00148A5D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00148B55
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00148AA0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00148B29
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 001488D1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00148925
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0014887D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00148ADF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[652] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 001489C1
.text C:\WINDOWS\system32\ctfmon.exe[788] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00AD3FA7
.text C:\WINDOWS\system32\ctfmon.exe[788] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AD418D
.text C:\WINDOWS\system32\ctfmon.exe[788] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00AD422F
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00AD49E1
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00AD4963
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00AC995B
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00AD49A2
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00AD3F01
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00AD3F51
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00AD3E62
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00AD5B4F
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00AD5BE9
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00AD584B
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00AD485A
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00AD48C8
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00AD3D34
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00AD3D02
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00AD5A81
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00AD3F7C
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00AD5891
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00AD3DB8
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00AD3E12
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00AD4A21
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00AD4908
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00AD5ACA
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00AD5B9C
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00AD5C3B
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00AD58D7
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00AD57DD
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00AD582D
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00AD3F29
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00AD4AB4
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [6A, 82] {PUSH -0x7e}
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00AD5963
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00AD59F5
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00AC9AC8
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00AD591D
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00AD59AC
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00AD5A3B
.text C:\WINDOWS\system32\ctfmon.exe[788] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00AD3D7B
.text C:\WINDOWS\system32\ctfmon.exe[788] WS2_32.dll!send 71AB428A 2 Bytes JMP 00AD97D6
.text C:\WINDOWS\system32\ctfmon.exe[788] WS2_32.dll!send + 3 71AB428D 2 Bytes [02, 8F]
.text C:\WINDOWS\system32\ctfmon.exe[788] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00AD97F7
.text C:\WINDOWS\system32\ctfmon.exe[788] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00AD979E
.text C:\WINDOWS\system32\ctfmon.exe[788] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00AD9A66
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00AD8A5D
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00AD8B55
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00AD8AA0
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00AD8B29
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00AD88D1
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00AD8925
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00AD887D
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00AD8ADF
.text C:\WINDOWS\system32\ctfmon.exe[788] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00AD89C1
.text C:\WINDOWS\system32\hkcmd.exe[880] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E93FA7
.text C:\WINDOWS\system32\hkcmd.exe[880] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E9418D
.text C:\WINDOWS\system32\hkcmd.exe[880] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00E9422F
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00E949E1
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00E94963
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E8995B
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00E949A2
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00E93F01
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00E93F51
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00E93E62
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00E95B4F
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00E95BE9
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00E9584B
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00E9485A
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00E948C8
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00E93D34
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00E93D02
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00E95A81
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00E93F7C
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00E95891
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00E93DB8
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00E93E12
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00E94A21
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00E94908
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00E95ACA
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00E95B9C
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00E95C3B
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00E958D7
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00E957DD
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00E9582D
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00E93F29
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00E94AB4
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [A6, 82]
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00E95963
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00E959F5
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00E89AC8
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00E9591D
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00E959AC
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00E95A3B
.text C:\WINDOWS\system32\hkcmd.exe[880] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00E93D7B
.text C:\WINDOWS\system32\hkcmd.exe[880] WS2_32.dll!send 71AB428A 2 Bytes JMP 00E997D6
.text C:\WINDOWS\system32\hkcmd.exe[880] WS2_32.dll!send + 3 71AB428D 2 Bytes [3E, 8F]
.text C:\WINDOWS\system32\hkcmd.exe[880] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00E997F7
.text C:\WINDOWS\system32\hkcmd.exe[880] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00E9979E
.text C:\WINDOWS\system32\hkcmd.exe[880] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00E99A66
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00E98A5D
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00E98B55
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00E98AA0
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00E98B29
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00E988D1
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00E98925
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00E9887D
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00E98ADF
.text C:\WINDOWS\system32\hkcmd.exe[880] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00E989C1
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F83FA7
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00F8418D
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00F8422F
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00F849E1
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00F84963
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F7995B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00F849A2
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00F83F01
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00F83F51
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00F83E62
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00F85B4F
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00F85BE9
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00F8584B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00F8485A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00F848C8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00F83D34
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00F83D02
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00F85A81
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00F83F7C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00F85891
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00F83DB8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00F83E12
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00F84A21
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00F84908
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00F85ACA
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00F85B9C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00F85C3B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00F858D7
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00F857DD
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00F8582D
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00F83F29
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00F84AB4
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [B5, 82] {MOV CH, 0x82}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00F85963
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00F859F5
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00F79AC8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00F8591D
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00F859AC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00F85A3B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00F83D7B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WS2_32.dll!send 71AB428A 2 Bytes JMP 00F897D6
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WS2_32.dll!send + 3 71AB428D 2 Bytes [4D, 8F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00F897F7
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00F8979E
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00F89A66
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00F88A5D
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00F88B55
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00F88AA0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00F88B29
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00F888D1
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00F88925
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00F8887D
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00F88ADF
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[944] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00F889C1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C83FA7
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C8418D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00C8422F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00C849E1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00C84963
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00C7995B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00C849A2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00C83F01
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00C83F51
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00C83E62
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C85B4F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C85BE9
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00C8584B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00C8485A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00C848C8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00C83D34
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00C83D02
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00C85A81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00C83F7C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00C85891
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00C83DB8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00C83E12
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00C84A21
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00C84908
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00C85ACA
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00C85B9C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00C85C3B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00C858D7
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00C857DD
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00C8582D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00C83F29
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00C84AB4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [85, 82]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00C85963
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00C859F5
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00C79AC8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00C8591D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00C859AC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00C85A3B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00C83D7B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00C88A5D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00C88B55
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00C88AA0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00C88B29
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00C888D1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00C88925
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00C8887D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00C88ADF
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00C889C1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WS2_32.dll!send 71AB428A 2 Bytes JMP 00C897D6
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WS2_32.dll!send + 3 71AB428D 2 Bytes [1D, 8F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C897F7
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C8979E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2296] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00C89A66
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 003E3FA7
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003E418D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 003E422F
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 003E49E1
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 003E4963
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 003D995B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 003E49A2
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 003E3F01
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 003E3F51
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 003E3E62
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 003E5B4F
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 003E5BE9
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 003E584B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 003E485A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 003E48C8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 003E3D34
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 003E3D02
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 003E5A81
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 003E3F7C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 003E5891
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 003E3DB8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 003E3E12
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 003E4A21
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 003E4908
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 003E5ACA
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 003E5B9C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 003E5C3B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 003E58D7
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 003E57DD
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 003E582D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 003E3F29
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 003E4AB4
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [FB, 81]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 003E5963
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 003E59F5
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 003D9AC8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 003E591D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 003E59AC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 003E5A3B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 003E3D7B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WS2_32.dll!send 71AB428A 2 Bytes JMP 003E97D6
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WS2_32.dll!send + 3 71AB428D 2 Bytes [93, 8E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 003E97F7
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 003E979E
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 003E9A66
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 003E8A5D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 003E8B55
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 003E8AA0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 003E8B29
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 003E88D1
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 003E8925
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 003E887D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 003E8ADF
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2816] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 003E89C1
.text C:\WINDOWS\system32\WLTRAY.exe[2876] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01023FA7
.text C:\WINDOWS\system32\WLTRAY.exe[2876] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0102418D
.text C:\WINDOWS\system32\WLTRAY.exe[2876] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0102422F
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 010249E1
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01024963
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0101995B
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 010249A2
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 01023F01
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01023F51
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01023E62
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 01025B4F
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01025BE9
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0102584B
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0102485A
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 010248C8
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01023D34
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 01023D02
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 01025A81
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 01023F7C
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 01025891
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 01023DB8
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 01023E12
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 01024A21
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 01024908
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 01025ACA
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 01025B9C
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 01025C3B
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 010258D7
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 010257DD
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0102582D
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 01023F29
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 01024AB4
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [BF, 82]
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 01025963
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 010259F5
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01019AC8
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0102591D
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 010259AC
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 01025A3B
.text C:\WINDOWS\system32\WLTRAY.exe[2876] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 01023D7B
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WS2_32.dll!send 71AB428A 2 Bytes JMP 010297D6
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WS2_32.dll!send + 3 71AB428D 2 Bytes [57, 8F]
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 010297F7
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0102979E
.text C:\WINDOWS\system32\WLTRAY.exe[2876] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01029A66
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 01028A5D
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 01028B55
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 01028AA0
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 01028B29
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 010288D1
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 01028925
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0102887D
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 01028ADF
.text C:\WINDOWS\system32\WLTRAY.exe[2876] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 010289C1
.text C:\Program Files\Apoint\Apoint.exe[3288] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F73FA7
.text C:\Program Files\Apoint\Apoint.exe[3288] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00F7418D
.text C:\Program Files\Apoint\Apoint.exe[3288] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00F7422F
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00F749E1
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00F74963
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F6995B
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00F749A2
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00F73F01
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00F73F51
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00F73E62
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00F75B4F
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00F75BE9
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00F7584B
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00F7485A
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00F748C8
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00F73D34
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00F73D02
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00F75A81
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00F73F7C
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00F75891
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00F73DB8
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00F73E12
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00F74A21
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00F74908
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00F75ACA
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00F75B9C
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00F75C3B
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00F758D7
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00F757DD
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00F7582D
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00F73F29
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00F74AB4
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [B4, 82] {MOV AH, 0x82}
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00F75963
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00F759F5
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00F69AC8
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00F7591D
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00F759AC
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00F75A3B
.text C:\Program Files\Apoint\Apoint.exe[3288] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00F73D7B
.text C:\Program Files\Apoint\Apoint.exe[3288] WS2_32.dll!send 71AB428A 2 Bytes JMP 00F797D6
.text C:\Program Files\Apoint\Apoint.exe[3288] WS2_32.dll!send + 3 71AB428D 2 Bytes [4C, 8F]
.text C:\Program Files\Apoint\Apoint.exe[3288] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00F797F7
.text C:\Program Files\Apoint\Apoint.exe[3288] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00F7979E
.text C:\Program Files\Apoint\Apoint.exe[3288] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00F79A66
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00F78A5D
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00F78B55
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00F78AA0
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00F78B29
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00F788D1
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00F78925
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00F7887D
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00F78ADF
.text C:\Program Files\Apoint\Apoint.exe[3288] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00F789C1
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00983FA7
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0098418D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0098422F
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 009849E1
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00984963
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0097995B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 009849A2
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00983F01
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00983F51
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00983E62
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00985B4F
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00985BE9
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0098584B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0098485A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 009848C8
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00983D34
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00983D02
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00985A81
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00983F7C
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00985891
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00983DB8
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00983E12
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00984A21
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00984908
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00985ACA
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00985B9C
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00985C3B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 009858D7
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 009857DD
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0098582D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00983F29
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00984AB4
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [55, 82]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00985963
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 009859F5
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00979AC8
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0098591D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 009859AC
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00985A3B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00983D7B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WS2_32.dll!send 71AB428A 2 Bytes JMP 009897D6
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WS2_32.dll!send + 3 71AB428D 2 Bytes [ED, 8E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 009897F7
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0098979E
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00989A66
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00988A5D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00988B55
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00988AA0
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00988B29
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 009888D1
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00988925
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0098887D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00988ADF
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!HttpSendRequestExA 780CD5B6 3 Bytes JMP 009889C1
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3396] WININET.dll!HttpSendRequestExA + 4 780CD5BA 1 Byte [88]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01453FA7
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0145418D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0145422F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 014549E1
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01454963
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0144995B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 014549A2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 01453F01
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01453F51
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01453E62
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 01455B4F
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01455BE9
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0145584B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0145485A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 014548C8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01453D34
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 01453D02
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 01455A81
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 01453F7C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 01455891
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 01453DB8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 01453E12
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 01454A21
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 01454908
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 01455ACA
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 01455B9C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 01455C3B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 014558D7
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 014557DD
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0145582D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 01453F29
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 01454AB4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [02, 83]

*Sorry, wouldn't let me post this all in one post!! Here's the second half of the Gmer log!



.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 01455963
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 014559F5
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01449AC8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0145591D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 014559AC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 01455A3B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 01453D7B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WS2_32.dll!send 71AB428A 2 Bytes JMP 014597D6
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WS2_32.dll!send + 3 71AB428D 2 Bytes [9A, 8F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 014597F7
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0145979E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 01458A5D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 01458B55
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 01458AA0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 01458B29
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 014588D1
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 01458925
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0145887D
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 01458ADF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 014589C1
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3520] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01459A66
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D43FA7
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00D4418D
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00D4422F
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00D449E1
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00D44963
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D3995B
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00D449A2
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00D43F01
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00D43F51
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00D43E62
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00D45B4F
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00D45BE9
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00D4584B
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00D4485A
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00D448C8
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00D43D34
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00D43D02
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00D45A81
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00D43F7C
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00D45891
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00D43DB8
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00D43E12
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00D44A21
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00D44908
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00D45ACA
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00D45B9C
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00D45C3B
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00D458D7
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00D457DD
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00D4582D
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00D43F29
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00D44AB4
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [91, 82]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00D45963
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00D459F5
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00D39AC8
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00D4591D
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00D459AC
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00D45A3B
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00D43D7B
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WS2_32.dll!send 71AB428A 2 Bytes JMP 00D497D6
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WS2_32.dll!send + 3 71AB428D 2 Bytes [29, 8F]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D497F7
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D4979E
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00D49A66
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00D48A5D
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00D48B55
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00D48AA0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00D48B29
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00D488D1
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00D48925
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00D4887D
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00D48ADF
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3616] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00D489C1
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F63FA7
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00F6418D
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00F6422F
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00F649E1
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00F64963
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F5995B
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00F649A2
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00F63F01
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00F63F51
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00F63E62
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00F65B4F
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00F65BE9
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00F6584B
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00F6485A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00F648C8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00F63D34
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00F63D02
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00F65A81
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00F63F7C
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00F65891
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00F63DB8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00F63E12
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00F64A21
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00F64908
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00F65ACA
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00F65B9C
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00F65C3B
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00F658D7
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00F657DD
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00F6582D
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00F63F29
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00F64AB4
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [B3, 82] {MOV BL, 0x82}
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00F65963
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00F659F5
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00F59AC8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00F6591D
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00F659AC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00F65A3B
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00F63D7B
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WS2_32.dll!send 71AB428A 2 Bytes JMP 00F697D6
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WS2_32.dll!send + 3 71AB428D 2 Bytes [4B, 8F]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00F697F7
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00F6979E
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00F69A66
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00F68A5D
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00F68B55
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00F68AA0
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00F68B29
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00F688D1
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00F68925
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00F6887D
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00F68ADF
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3680] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00F689C1
.text C:\Program Files\Apoint\HidFind.exe[3848] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00EF3FA7
.text C:\Program Files\Apoint\HidFind.exe[3848] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00EF418D
.text C:\Program Files\Apoint\HidFind.exe[3848] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00EF422F
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00EF49E1
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00EF4963
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00EE995B
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00EF49A2
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00EF3F01
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00EF3F51
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00EF3E62
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00EF5B4F
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00EF5BE9
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00EF584B
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00EF485A
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00EF48C8
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00EF3D34
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00EF3D02
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00EF5A81
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00EF3F7C
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00EF5891
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00EF3DB8
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00EF3E12
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00EF4A21
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00EF4908
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00EF5ACA
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00EF5B9C
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00EF5C3B
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00EF58D7
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00EF57DD
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00EF582D
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00EF3F29
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00EF4AB4
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [AC, 82]
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00EF5963
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00EF59F5
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00EE9AC8
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00EF591D
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00EF59AC
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00EF5A3B
.text C:\Program Files\Apoint\HidFind.exe[3848] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00EF3D7B
.text C:\Program Files\Apoint\HidFind.exe[3848] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00EF9A66
.text C:\Program Files\Apoint\HidFind.exe[3848] WS2_32.dll!send 71AB428A 2 Bytes JMP 00EF97D6
.text C:\Program Files\Apoint\HidFind.exe[3848] WS2_32.dll!send + 3 71AB428D 2 Bytes [44, 8F]
.text C:\Program Files\Apoint\HidFind.exe[3848] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00EF97F7
.text C:\Program Files\Apoint\HidFind.exe[3848] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00EF979E
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00EF8A5D
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00EF8B55
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00EF8AA0
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00EF8B29
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00EF88D1
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00EF8925
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00EF887D
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00EF8ADF
.text C:\Program Files\Apoint\HidFind.exe[3848] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00EF89C1
.text C:\Program Files\Apoint\Apntex.exe[3912] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C03FA7
.text C:\Program Files\Apoint\Apntex.exe[3912] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C0418D
.text C:\Program Files\Apoint\Apntex.exe[3912] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 00C0422F
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00C049E1
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00C04963
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00BF995B
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00C049A2
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00C03F01
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00C03F51
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00C03E62
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C05B4F
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C05BE9
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 00C0584B
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 00C0485A
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 00C048C8
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00C03D34
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00C03D02
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00C05A81
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00C03F7C
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00C05891
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00C03DB8
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00C03E12
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00C04A21
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00C04908
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00C05ACA
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00C05B9C
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00C05C3B
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 00C058D7
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 00C057DD
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 00C0582D
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00C03F29
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00C04AB4
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [7D, 82] {JGE 0xffffffffffffff84}
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00C05963
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 00C059F5
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00BF9AC8
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 00C0591D
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 00C059AC
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00C05A3B
.text C:\Program Files\Apoint\Apntex.exe[3912] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00C03D7B
.text C:\Program Files\Apoint\Apntex.exe[3912] WS2_32.dll!send 71AB428A 2 Bytes JMP 00C097D6
.text C:\Program Files\Apoint\Apntex.exe[3912] WS2_32.dll!send + 3 71AB428D 2 Bytes [15, 8F]
.text C:\Program Files\Apoint\Apntex.exe[3912] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C097F7
.text C:\Program Files\Apoint\Apntex.exe[3912] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C0979E
.text C:\Program Files\Apoint\Apntex.exe[3912] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00C09A66
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00C08A5D
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00C08B55
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00C08AA0
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00C08B29
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 00C088D1
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00C08925
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 00C0887D
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00C08ADF
.text C:\Program Files\Apoint\Apntex.exe[3912] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 00C089C1
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01483FA7
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0148418D
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0148422F
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 014849E1
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01484963
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0147995B
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 014849A2
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 01483F01
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01483F51
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01483E62
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 01485B4F
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01485BE9
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0148584B
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0148485A
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 014848C8
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01483D34
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 01483D02
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 01485A81
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 01483F7C
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 01485891
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 01483DB8
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 01483E12
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 01484A21
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 01484908
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 01485ACA
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 01485B9C
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 01485C3B
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 014858D7
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 014857DD
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0148582D
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 01483F29
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 01484AB4
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [05, 83]
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 01485963
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 014859F5
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01479AC8
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0148591D
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 014859AC
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 01485A3B
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 01483D7B
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WS2_32.dll!send 71AB428A 2 Bytes JMP 014897D6
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WS2_32.dll!send + 3 71AB428D 2 Bytes [9D, 8F]
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 014897F7
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0148979E
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01489A66
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 01488A5D
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 01488B55
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 01488AA0
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 01488B29
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 014888D1
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 01488925
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0148887D
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 01488ADF
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[4032] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 014889C1
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 024F3FA7
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 024F418D
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 024F422F
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 024F49E1
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 024F4963
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 024E995B
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 024F49A2
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 024F3F01
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 024F3F51
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 024F3E62
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 024F5B4F
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 024F5BE9
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 024F584B
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 024F485A
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 024F48C8
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 024F3D34
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 024F3D02
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 024F5A81
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 024F3F7C
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 024F5891
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 024F3DB8
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 024F3E12
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 024F4A21
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 024F4908
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 024F5ACA
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 024F5B9C
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 024F5C3B
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 024F58D7
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 024F57DD
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 024F582D
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 024F3F29
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 024F4AB4
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [0C, 84] {OR AL, 0x84}
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 024F5963
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 024F59F5
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 024E9AC8
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 024F591D
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 024F59AC
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 024F5A3B
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 024F3D7B
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 024F8A5D
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 024F8B55
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!InternetReadFile 7806ABCC 5 Bytes JMP 024F8AA0
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 024F8B29
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 024F88D1
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 024F8925
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!HttpSendRequestW 7808083D 5 Bytes JMP 024F887D
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!InternetReadFileExA 78083F48 5 Bytes JMP 024F8ADF
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] wininet.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 024F89C1
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] ws2_32.dll!send 71AB428A 2 Bytes JMP 024F97D6
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] ws2_32.dll!send + 3 71AB428D 2 Bytes [A4, 90] {MOVSB ; NOP }
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 024F97F7
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 024F979E
.text C:\WINDOWS\Downloaded Program Files\BCFileMonitor.exe[4080] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 024F9A66
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00143FA7
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0014418D
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0014422F
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 001449E1
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00144963
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013995B
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 001449A2
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00143F01
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00143F51
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00143E62
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00145B4F
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00145BE9
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0014584B
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0014485A
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 001448C8
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 00143D34
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetMessagePos 7E41BF94 5 Bytes JMP 00143D02
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 00145A81
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 00143F7C
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 00145891
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 00143DB8
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 00143E12
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 00144A21
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 00144908
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 00145ACA
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 00145B9C
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 00145C3B
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 001458D7
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 001457DD
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0014582D
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 00143F29
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 00144AB4
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [D1, 81]
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 00145963
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 001459F5
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00139AC8
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0014591D
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 001459AC
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 00145A3B
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 00143D7B
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WS2_32.dll!send 71AB428A 2 Bytes JMP 001497D6
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WS2_32.dll!send + 3 71AB428D 2 Bytes [69, 8E]
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 001497F7
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0014979E
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00149A66
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 00148A5D
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 00148B55
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 00148AA0
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 00148B29
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 001488D1
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 00148925
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0014887D
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 00148ADF
.text C:\Documents and Settings\gjones\Desktop\computer fixing stuff\gmer\gmer.exe[5936] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 001489C1
.text C:\WINDOWS\explorer.exe[6008] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01613FA7
.text C:\WINDOWS\explorer.exe[6008] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0161418D
.text C:\WINDOWS\explorer.exe[6008] kernel32.dll!GetFileAttributesExW 7C811105 5 Bytes JMP 0161422F
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 016149E1
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01614963
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0160995B
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 016149A2
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 01613F01
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01613F51
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01613E62
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 01615B4F
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01615BE9
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefWindowProcW 7E41B33C 5 Bytes JMP 0161584B
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!BeginPaint 7E41B609 5 Bytes JMP 0161485A
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!EndPaint 7E41B61D 5 Bytes JMP 016148C8
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01613D34
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetMessagePos 7E41BF94 3 Bytes JMP 01613D02
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetMessagePos + 4 7E41BF98 1 Byte [83]
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!CallWindowProcW 7E41C64A 5 Bytes JMP 01615A81
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!PeekMessageA 7E41C96C 5 Bytes JMP 01613F7C
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefWindowProcA 7E41D4EE 5 Bytes JMP 01615891
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!SetCapture 7E41D6CE 5 Bytes JMP 01613DB8
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!ReleaseCapture 7E41D6EA 5 Bytes JMP 01613E12
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetUpdateRect 7E41D6F7 5 Bytes JMP 01614A21
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetDCEx 7E41E875 5 Bytes JMP 01614908
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!CallWindowProcA 7E41F642 5 Bytes JMP 01615ACA
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!RegisterClassA 7E420A36 5 Bytes JMP 01615B9C
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!RegisterClassExA 7E422DA0 5 Bytes JMP 01615C3B
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefDlgProcW 7E42379A 5 Bytes JMP 016158D7
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!OpenInputDesktop 7E427C7A 5 Bytes JMP 016157DD
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!SwitchDesktop 7E429496 5 Bytes JMP 0161582D
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetMessageA 7E42E002 5 Bytes JMP 01613F29
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetUpdateRgn 7E42F5AC 2 Bytes JMP 01614AB4
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetUpdateRgn + 3 7E42F5AF 2 Bytes [1E, 83]
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefFrameProcW 7E4307F3 5 Bytes JMP 01615963
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefMDIChildProcW 7E430A07 5 Bytes JMP 016159F5
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01609AC8
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefDlgProcA 7E43E53F 5 Bytes JMP 0161591D
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefFrameProcA 7E44F705 5 Bytes JMP 016159AC
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!DefMDIChildProcA 7E44F754 5 Bytes JMP 01615A3B
.text C:\WINDOWS\explorer.exe[6008] USER32.dll!SetCursorPos 7E455F53 5 Bytes JMP 01613D7B
.text C:\WINDOWS\explorer.exe[6008] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01619A66
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!InternetCloseHandle 7805DA71 5 Bytes JMP 01618A5D
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!HttpQueryInfoA 78060C67 5 Bytes JMP 01618B55
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!InternetReadFile 7806ABCC 5 Bytes JMP 01618AA0
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!InternetQueryDataAvailable 7806AE0D 5 Bytes JMP 01618B29
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!HttpSendRequestA 7806CD50 5 Bytes JMP 016188D1
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!HttpSendRequestExW 7807353A 5 Bytes JMP 01618925
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!HttpSendRequestW 7808083D 5 Bytes JMP 0161887D
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!InternetReadFileExA 78083F48 5 Bytes JMP 01618ADF
.text C:\WINDOWS\explorer.exe[6008] WININET.dll!HttpSendRequestExA 780CD5B6 5 Bytes JMP 016189C1
.text C:\WINDOWS\explorer.exe[6008] WS2_32.dll!send 71AB428A 2 Bytes JMP 016197D6
.text C:\WINDOWS\explorer.exe[6008] WS2_32.dll!send + 3 71AB428D 2 Bytes [B6, 8F] {MOV DH, 0x8f}
.text C:\WINDOWS\explorer.exe[6008] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 016197F7
.text C:\WINDOWS\explorer.exe[6008] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0161979E

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 02 October 2010 - 11:13 AM

Hi,

You may want to reformat...have him read this warning: Malwarebytes' detected a backdoor rootkit.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.













Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 07 October 2010 - 07:22 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 12 October 2010 - 05:40 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users