Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

IE Popups while using Firefox

Started by Angelino , Dec 22 2008 12:40 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 Angelino

Angelino

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 22 December 2008 - 12:40 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:10 AM, on 12/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\User\Application Data\Twain\Twain.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KPMRCPM7\HijackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KPMRCPM7\HiJackThis[2].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: {f8812498-6127-1de9-c8b4-7dc966a8fb51} - {15bf8a66-9cd7-4b8c-9ed1-72168942188f} - C:\WINDOWS\System32\doeavt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\byXPIxyV.dll
O2 - BHO: (no name) - {EE9CEF07-F579-44EE-A798-14E2746C7EC5} - C:\WINDOWS\System32\awttrRij.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKLM\..\Run: [f089b3b1] rundll32.exe "C:\WINDOWS\System32\qdjenhmh.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas90.exe" /minimize
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\User\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\User\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://vpn.osi-systems.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vpn.osi-systems.com/vdesk/terminal/...llerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://vpn.osi-systems.com/vdesk/terminal/...,2008,0904,1939
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://vpn.osi-systems.com/policy/download...,2008,0904,1947
O20 - AppInit_DLLs: doeavt.dll
O20 - Winlogon Notify: byXPIxyV - C:\WINDOWS\SYSTEM32\byXPIxyV.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXNlcg\command.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 7190 bytes

BC AdBot (Login to Remove)

 

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:58 AM

Posted 23 December 2008 - 05:04 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • A second report, Attach.txt will open next.
  • Save both reports to your desktop.
---------------------------------------------------

Please copy and paste both logs into your next reply.


=============


The next log will show us any hidden files that are present.

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 30 December 2008 - 01:19 PM

Sam, this is the report that you requested. I made some changes since my original post.

1. updated to SP3
2. Enabled Norton anti virus
3. Updated Adaware and Spybot

The situation has slowed but not fixed. Here is the report:
=========
DDS (Version 1.1.0) - NTFSx86
Run by User at 9:48:07.10 on Tue 12/30/2008
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {4079abdd-dd72-981b-5844-a3b2f8ee03b0}: {0b30ee8f-2b3a-4485-b189-27ddddba9704} - c:\windows\system32\khpjgm.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: {56f972e2-fbb5-47a0-98e5-73a4a27fa627} - c:\windows\system32\ljJDVmkh.dll
BHO: {5fd2b4f7-0de1-4c27-b7e4-db5995c9e5e9} - c:\windows\system32\awttrRij.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\byXPIxyV.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: {DA68C7C1-0ED4-4D81-937E-7DD6CAD4A650} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [tgcmd]
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\spybot - search & destroy\TeaTimer.exe
mRun: [S3TRAY2] S3Tray2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [UC_SMB]
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
Trusted Zone: osi-systems.com\vpn
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: byXPIxyV - byXPIxyV.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\byXPIxyV.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ljJDVmkh

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\zds632gq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2008-12-30 09:45 369,663 a------- C:\dds.scr
2008-12-30 09:26 136,192 a------- c:\windows\system32\jekpqm.dll
2008-12-30 09:26 136,192 a------- c:\windows\system32\bxhllmle.dll
2008-12-30 09:20 120 a--sh--- c:\windows\system32\csffajfc.ini
2008-12-30 09:20 94,208 a------- c:\windows\system32\cfjaffsc.dll
2008-12-29 15:16 695,786 a--sh--- c:\windows\system32\hkmVDJjl.ini2
2008-12-29 09:24 136,192 a------- c:\windows\system32\vtdamy.dll
2008-12-29 09:24 136,192 a------- c:\windows\system32\cfrkldlg.dll
2008-12-29 09:20 120 a--sh--- c:\windows\system32\ifmrdrlo.ini
2008-12-29 09:20 94,208 a------- c:\windows\system32\olrdrmfi.dll
2008-12-27 20:02 120 a--sh--- c:\windows\system32\mskedole.ini
2008-12-27 20:02 94,208 a------- c:\windows\system32\elodeksm.dll
2008-12-27 20:01 136,192 a------- c:\windows\system32\cudqfv.dll
2008-12-27 20:01 136,192 a------- c:\windows\system32\mjyfxqpx.dll
2008-12-26 14:23 136,192 a------- c:\windows\system32\ndytle.dll
2008-12-26 14:23 136,192 a------- c:\windows\system32\spannctj.dll
2008-12-26 14:17 120 a--sh--- c:\windows\system32\jrkrdngo.ini
2008-12-26 14:17 94,208 a------- c:\windows\system32\ogndrkrj.dll
2008-12-26 09:49 136,192 a------- c:\windows\system32\lulkrm.dll
2008-12-26 09:49 136,192 a------- c:\windows\system32\isxcksss.dll
2008-12-26 09:48 120 a--sh--- c:\windows\system32\hnpcvqtt.ini
2008-12-26 09:47 94,208 a------- c:\windows\system32\ttqvcpnh.dll
2008-12-24 16:27 120 a--sh--- c:\windows\system32\olwyglfw.ini
2008-12-24 16:27 94,208 a------- c:\windows\system32\wflgywlo.dll
2008-12-24 16:24 136,192 a------- c:\windows\system32\xklwhq.dll
2008-12-24 16:24 136,192 a------- c:\windows\system32\uglmhmmu.dll
2008-12-24 15:41 22 a------- c:\windows\system32\byXPIxyV.zip
2008-12-24 15:14 136,192 a------- c:\windows\system32\rtdnxf.dll
2008-12-24 15:14 120 a--sh--- c:\windows\system32\kakkagge.ini
2008-12-24 15:14 136,192 a------- c:\windows\system32\fyplvrwe.dll
2008-12-24 15:13 94,208 a------- c:\windows\system32\eggakkak.dll
2008-12-24 12:48 434 a------- c:\windows\wininit.ini
2008-12-24 12:16 <DIR> --d----- C:\Spybot - Search & Destroy
2008-12-24 11:50 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-24 11:50 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-24 11:50 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-24 11:50 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-24 09:57 10,752 a------- c:\windows\system32\smtpapi.dll
2008-12-24 09:57 9,728 a------- c:\windows\system32\rwnh.dll
2008-12-24 09:54 19,569 a------- c:\windows\000001_.tmp
2008-12-24 09:23 <DIR> --d----- C:\b3ad047fa5d9c77153e255b1
2008-12-23 21:30 <DIR> --d----- C:\Hijackthis
2008-12-23 21:10 <DIR> --d----- C:\backups
2008-12-23 19:58 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-23 19:54 23,804,784 a------- C:\aaw2008.exe
2008-12-23 17:03 80,896 a------- c:\windows\system32\firewall.cpl
2008-12-23 16:58 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-23 16:50 19,569 a------- c:\windows\002689_.tmp
2008-12-23 16:45 <DIR> --d----- c:\windows\EHome
2008-12-23 15:48 331,805,736 a------- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-12-23 15:13 7,518,240 a------- C:\Firefox Setup 3.0.5.exe
2008-12-23 15:10 0 a--sh--- c:\windows\system32\hkmVDJjl.ini
2008-12-23 15:10 292,864 a------- c:\windows\system32\ljJDVmkh.dll
2008-12-23 15:04 2,206 a------- c:\windows\system32\wpa.dbl
2008-12-23 14:10 235,744 a------- c:\windows\system32\drivers\SAVRT.SYS
2008-12-23 14:10 35,552 a------- c:\windows\system32\drivers\SAVRTPEL.SYS
2008-12-23 14:10 7,133 a------- c:\windows\system32\drivers\SAVRTPEL.CAT
2008-12-23 14:10 7,127 a------- c:\windows\system32\drivers\SAVRT.CAT
2008-12-23 14:10 632 a------- c:\windows\system32\drivers\SAVRTPEL.INF
2008-12-23 14:10 616 a------- c:\windows\system32\drivers\SAVRT.INF
2008-12-23 10:07 32 a--sh--- c:\windows\system32\{D2028518-0DF9-4849-AC1F-7CBB16795D2D}.dat
2008-12-23 10:07 32 a--sh--- c:\windows\{AD5973C4-236C-4C39-8B3D-98AB0624C539}.dat
2008-12-23 10:07 14 a------- c:\windows\system32\SR2.dat
2008-12-23 10:07 123,619 a------- c:\windows\system32\SYMEVNT.386
2008-12-23 10:07 83,672 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-23 10:07 73,224 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-23 10:06 <DIR> --d----- c:\docume~1\user\applic~1\Symantec
2008-12-23 10:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-12-23 10:06 <DIR> --d----- c:\program files\Symantec
2008-12-23 10:06 <DIR> --d----- c:\program files\Norton AntiVirus
2008-12-23 10:06 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-12-22 01:09 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-12-22 01:07 <DIR> --d----- c:\windows\ShellNew
2008-12-22 01:07 <DIR> --d----- c:\program files\common files\L&H
2008-12-22 00:55 <DIR> --d----- c:\program files\common files\uwru
2008-12-22 00:55 <DIR> --d----- c:\windows\uwru
2008-12-22 00:47 <DIR> --d----- c:\docume~1\user\applic~1\TrojanHunter
2008-12-21 17:41 <DIR> --dsh--- c:\windows\VXNlcg
2008-12-21 16:54 <DIR> --d----- c:\docume~1\user\applic~1\Twain
2008-12-21 16:49 <DIR> --d----- c:\program files\Webtools
2008-12-20 21:19 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-20 15:18 <DIR> --d----- c:\temp\tn3
2008-12-20 15:17 <DIR> --d----- c:\temp\REX81
2008-12-20 15:17 167,976 -------- c:\windows\system32\drivers\core.cache.dsk
2008-12-20 15:17 86,272 -------- c:\windows\system32\drivers\usb80233.sys
2008-12-20 15:17 <DIR> --d----- c:\windows\system32\cap2
2008-12-20 15:17 <DIR> --d----- c:\windows\system32\ain
2008-12-20 15:17 <DIR> --d----- C:\Temp
2008-12-20 15:02 57,856 a------- c:\windows\system32\byXPIxyV.dll

==================== Find3M ====================

2008-12-23 21:04 424 a------- c:\program files\Shortcut to HiJackThis.lnk
2008-12-23 17:09 80,375 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 10:59 60,744 a------- c:\windows\java\g2mdlhlpx.exe
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2006-12-20 10:48 32,440 a------- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 9:50:58.42 ===============

#4 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 30 December 2008 - 02:52 PM

This is the first half of the gmer file. Apparently there was too much data so I had to cut in half:


=========

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-30 11:35:10
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT F1B389A8 ZwClose
SSDT F1B387E4 ZwCreateKey
SSDT F1B38900 ZwDeleteKey
SSDT F1B38928 ZwDeleteValueKey
SSDT F1B389A2 ZwLoadKey
SSDT F1B38687 ZwOpenKey
SSDT F1B38886 ZwQueryValueKey
SSDT F1B38952 ZwReplaceKey
SSDT F1B3897A ZwRestoreKey
SSDT F1B38834 ZwSetValueKey

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\System32\drivers\usb80233.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + FFE25751 7C9C217D 272 Bytes [ C0, F1, 77, CB, A8, F1, 77, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + FFE25862 7C9C228E 1 Byte [ 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + FFE25864 7C9C2290 89 Bytes [ FF, 30, 83, 7C, 17, F8, 82, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + FFE258BE 7C9C22EA 121 Bytes [ 91, 7C, F9, BC, 80, 7C, 0D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + FFE25938 7C9C2364 3 Bytes [ 18, AD, 80 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceExW + 8C 7C9EA5DD 267 Bytes [ 53, 48, 47, 65, 74, 44, 65, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceExW + 198 7C9EA6E9 25 Bytes [ 72, 6C, 61, 79, 49, 6E, 64, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceExW + 1B2 7C9EA703 40 Bytes [ 53, 48, 47, 65, 74, 49, 6E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceExW + 1DB 7C9EA72C 181 Bytes [ 77, 4C, 69, 6E, 6B, 49, 6E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceExW + 291 7C9EA7E2 818 Bytes [ 53, 48, 47, 65, 74, 53, 68, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFree + 29 7C9EAB15 151 Bytes [ 6E, 72, 65, 61, 64, 4D, 61, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFree + C1 7C9EABAD 231 Bytes [ 65, 49, 6D, 61, 67, 65, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadOLE + 54 7C9EAC95 140 Bytes [ 53, 68, 65, 52, 65, 6D, 6F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadOLE + E1 7C9EAD22 122 Bytes [ 53, 68, 65, 6C, 6C, 45, 78, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetSize + D 7C9EAD9D 34 Bytes [ 53, 68, 65, 6C, 6C, 5F, 47, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetSize + 30 7C9EADC0 334 Bytes [ 49, 6D, 61, 67, 65, 4C, 69, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILClone + 11A 7C9EAF0F 103 Bytes [ 53, 74, 72, 53, 74, 72, 49, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILClone + 182 7C9EAF77 224 Bytes [ 68, 61, 72, 65, 64, 00, 73, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILClone + 263 7C9EB058 95 Bytes [ 00, 50, FF, 15, 60, 15, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCloneFirst + 54 7C9EB0B8 36 Bytes [ 00, 00, 8B, F8, 39, 1D, C4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCloneFirst + 7A 7C9EB0DE 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCloneFirst + 7E 7C9EB0E2 96 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCombine + 2E 7C9EB143 7 Bytes [ 74, 1D, 8B, 07, 8B, CF, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCombine + 36 7C9EB14B 26 Bytes [ CC, 00, 00, 00, 85, C0, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCombine + 51 7C9EB166 86 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCombine + A8 7C9EB1BD 17 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCombine + BA 7C9EB1CF 37 Bytes [ 81, C1, 40, 02, 00, 00, 51, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDesktopFolder + 13 7C9EB77B 44 Bytes [ 3B, D7, 72, 1A, 77, 04, 3B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDesktopFolder + 40 7C9EB7A8 25 Bytes [ 5E, 5B, C9, C2, 10, 00, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDesktopFolder + 5A 7C9EB7C2 24 Bytes [ 15, 60, 15, 9C, 7C, 8B, F8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDesktopFolder + 73 7C9EB7DB 44 Bytes [ C7, 5F, 5E, 5D, C2, 04, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDesktopFolder + A0 7C9EB808 233 Bytes [ 90, 90, 90, 90, 90, C7, 01, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRestricted + 38 7C9EC091 38 Bytes [ 85, C0, 74, 1E, 56, 8B, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRestricted + 5F 7C9EC0B8 2 Bytes [ 90, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRestricted + 63 7C9EC0BC 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRestricted + 6F 7C9EC0C8 41 Bytes [ 83, C0, 04, 50, FF, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRestricted + 99 7C9EC0F2 35 Bytes [ 4D, 08, 56, 8B, F1, 57, C1, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILRemoveLastID + 1 7C9EC1B8 4 Bytes [ EC, 83, EC, 10 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILRemoveLastID + 8 7C9EC1BF 28 Bytes [ 85, C9, 0F, 85, 06, 07, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILRemoveLastID + 25 7C9EC1DC 93 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILRemoveLastID + 83 7C9EC23A 104 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILRemoveLastID + EC 7C9EC2A3 6 Bytes [ 80, 0F, 8D, C6, 74, 00 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetSettings + 63 7C9EC413 75 Bytes [ 50, A5, 89, 45, C8, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetSettings + AF 7C9EC45F 42 Bytes [ 74, 17, FF, 75, CC, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetSettings + DA 7C9EC48A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetSettings + F6 7C9EC4A6 78 Bytes [ 0F, 8C, E4, 01, 00, 00, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetSettings + 145 7C9EC4F5 5 Bytes [ 56, 57, 68, D0, 00 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCLSIDFromString + 26 7C9EC7D9 28 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCLSIDFromString + 43 7C9EC7F6 96 Bytes CALL CA29C801
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCLSIDFromString + A4 7C9EC857 39 Bytes [ 47, 85, C0, 74, 49, 8B, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCLSIDFromString + CC 7C9EC87F 71 Bytes [ 11, 85, C0, 7C, 18, 56, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCLSIDFromString + 114 7C9EC8C7 5 Bytes [ FF, FF, 5D, C2, 10 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindLastID + 2A 7C9EC9A6 80 Bytes [ 53, FF, 75, 10, 8D, 4F, F0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindLastID + 7B 7C9EC9F7 53 Bytes [ CE, 2B, C8, D1, F9, 51, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindLastID + B1 7C9ECA2D 94 Bytes [ 75, 10, 53, FF, 37, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindLastID + 110 7C9ECA8C 19 Bytes [ 73, 00, 00, 00, 41, 00, 6C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindLastID + 124 7C9ECAA0 55 Bytes [ 49, 00, 44, 00, 50, 00, 52, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHParseDisplayName + 3E 7C9EDBAE 133 Bytes [ 0F, 84, 78, 1A, 01, 00, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHParseDisplayName + C4 7C9EDC34 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHParseDisplayName + FF 7C9EDC6F 51 Bytes CALL 7C9EDB13 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHParseDisplayName + 133 7C9EDCA3 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHParseDisplayName + 13F 7C9EDCAF 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHILCreateFromPath + 8C 7C9EE1CC 27 Bytes CALL 7C9EE171 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHILCreateFromPath + A8 7C9EE1E8 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHILCreateFromPath + D8 7C9EE218 33 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHILCreateFromPath + FA 7C9EE23A 89 Bytes [ 8D, BD, E4, FB, FF, FF, F3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHILCreateFromPath + 154 7C9EE294 19 Bytes [ 53, FF, 75, 14, 57, 50, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPath + 1 7C9EE2E0 8 Bytes [ EC, FF, 75, 10, FF, 75, 0C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPath + A 7C9EE2E9 13 Bytes [ 68, 90, 44, 9C, 7C, 6A, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPath + 18 7C9EE2F7 7 Bytes [ FF, 5D, C2, 0C, 00, 90, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPath + 22 7C9EE301 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPath + 29 7C9EE308 52 Bytes [ 30, 02, 00, 00, A1, 48, F5, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathW + 1 7C9EED77 38 Bytes [ D8, 85, DB, 7C, 6B, 83, C6, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathW + 28 7C9EED9E 150 Bytes [ 51, 14, 8B, D8, 85, DB, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathW + BF 7C9EEE35 27 Bytes [ 8B, 75, 08, 89, 45, F8, 89, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathW + DC 7C9EEE52 13 Bytes [ 85, C0, 0F, 84, 92, 0B, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathW + EA 7C9EEE60 4 Bytes [ 85, 86, 1B, 00 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderLocation + 19 7C9EF27A 16 Bytes [ 8D, 43, 03, 50, FF, 15, 24, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderLocation + 2A 7C9EF28B 33 Bytes [ FF, 85, C0, 0F, 85, 26, 17, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderLocation + 4C 7C9EF2AD 49 Bytes [ 00, 00, 85, C0, 0F, 8D, 68, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderLocation + 7E 7C9EF2DF 16 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderLocation + E 7C9EF2F1 73 Bytes CALL 7C9EF13F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderLocation + 58 7C9EF33B 1 Byte [ FB ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderLocation + 5B 7C9EF33E 3 Bytes [ 84, DC, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderLocation + 60 7C9EF343 3 Bytes [ 66, 83, 22 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderLocation + 64 7C9EF347 14 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCoCreateInstance 7C9EF5E2 65 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCoCreateInstance + 42 7C9EF624 40 Bytes [ 15, A8, F2, BB, 7C, 3B, C7, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCoCreateInstance + 6B 7C9EF64D 32 Bytes [ 08, 50, FF, 51, 18, 8B, 06, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCoCreateInstance + 8C 7C9EF66E 1 Byte [ 08 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCoCreateInstance + 8E 7C9EF670 27 Bytes [ 33, DB, EB, 93, 90, 90, 90, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderPathW + 1A 7C9EF792 5 Bytes [ 45, 39, B5, A4, FD ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderPathW + 20 7C9EF798 33 Bytes [ FF, 74, 52, C7, 85, AC, FD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderPathW + 42 7C9EF7BA 22 Bytes CALL 7C9EE7B4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderPathW + 59 7C9EF7D1 58 Bytes [ FF, 8B, F8, 3B, FE, 7D, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSpecialFolderPathW + 94 7C9EF80C 41 Bytes [ FF, 50, F3, A5, FF, 15, 3C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsNetDrive + 2 7C9F063E 8 Bytes [ 15, 60, F5, 9E, 7C, 5D, C2, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsNetDrive + B 7C9F0647 98 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsNetDrive + 71 7C9F06AD 113 Bytes [ 8B, FF, 55, 8B, EC, 83, 3D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsNetDrive + E3 7C9F071F 7 Bytes CALL 7C9F01D6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsNetDrive + EB 7C9F0727 18 Bytes [ DB, 75, 21, F6, 45, 15, 40, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealDriveType + 15 7C9F0EAB 80 Bytes [ 18, 3B, C3, 74, 02, 89, 30, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DriveType + 2E 7C9F0EFC 29 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DriveType + 4C 7C9F0F1A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DriveType + 68 7C9F0F36 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DriveType + 85 7C9F0F53 50 Bytes CALL 7C9F0D0E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DriveType + B8 7C9F0F86 21 Bytes [ 75, 0C, 53, FF, 15, 30, 1C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDListW + 3B 7C9F105F 17 Bytes JMP 7C9EB1B7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDListW + 4D 7C9F1071 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDListW + 60 7C9F1084 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDListW + 7A 7C9F109E 47 Bytes [ 00, 49, 0F, 85, 55, 4F, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDListW + AA 7C9F10CE 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsEqual + 20 7C9F122F 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsEqual + 28 7C9F1237 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsEqual + 43 7C9F1252 2 Bytes [ FF, 55 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsEqual + 46 7C9F1255 48 Bytes [ EC, 81, EC, 54, 04, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsEqual + 77 7C9F1286 85 Bytes [ FF, 8D, 8D, D4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowW + 27 7C9F12DC 23 Bytes [ 3B, F3, 0F, 9F, C0, 8B, 4D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowW + 41 7C9F12F6 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowW + 47 7C9F12FC 144 Bytes [ EC, 51, 51, 53, 56, 57, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowW + D8 7C9F138D 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowW + 122 7C9F13D7 7 Bytes [ C0, 75, AD, B8, FF, FF, 00 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsParent + 14 7C9F1440 77 Bytes [ 00, B9, FF, FF, 00, 00, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsParent + 62 7C9F148E 79 Bytes [ FF, 50, FF, B5, 98, FE, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILIsParent + B2 7C9F14DE 90 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindChild + 4D 7C9F1539 95 Bytes CALL 7CA23B92 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindChild + AD 7C9F1599 37 Bytes [ DB, 7C, 41, 8B, 45, 0C, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindChild + D3 7C9F15BF 42 Bytes [ 45, 14, 8B, 4D, 0C, 8B, 11, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindChild + FE 7C9F15EA 133 Bytes [ 1B, C0, 83, D8, FF, E9, C5, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILFindChild + 184 7C9F1670 13 Bytes [ EC, FD, FF, FF, 50, 8D, 45, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetClassObject + A6 7C9F295F 85 Bytes [ A1, AC, FA, BC, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetClassObject + FC 7C9F29B5 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetClassObject + 102 7C9F29BB 15 Bytes [ FF, 55, 8B, EC, 53, 56, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetClassObject + 112 7C9F29CB 9 Bytes [ 85, FF, BB, 02, 40, 00, 80, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetClassObject + 11C 7C9F29D5 62 Bytes [ 07, 8D, 4D, 0C, 51, 68, 38, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetImageLists + 26 7C9F3D2F 51 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetImageLists + 5A 7C9F3D63 4 Bytes [ FF, 75, 20, 8B ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetImageLists + 5F 7C9F3D68 42 Bytes [ 08, FF, 75, 18, 83, C1, F0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetImageLists + 8A 7C9F3D93 63 Bytes [ 42, EB, 05, 00, FF, 75, 20, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetImageLists + CB 7C9F3DD4 15 Bytes [ FE, 34, 9F, 7C, AA, DF, 9F, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBindToParent + 72 7C9F3F02 32 Bytes [ F1, FF, 75, 08, FF, 76, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBindToParent + 93 7C9F3F23 9 Bytes [ 55, 8B, EC, 83, 3D, 78, FA, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBindToParent + 9D 7C9F3F2D 35 Bytes [ 0F, 84, 1F, E3, 00, 00, A1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBindToParent + C1 7C9F3F51 4 Bytes [ 90, 90, 90, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBindToParent + C6 7C9F3F56 32 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetCachedImageIndex + 1A 7C9F3FFA 45 Bytes CALL 7C9F4016 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetCachedImageIndex + 48 7C9F4028 348 Bytes [ 75, 08, 8B, F9, 8D, 5F, 20, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetCachedImageIndex + 1A5 7C9F4185 2 Bytes [ 00, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetCachedImageIndex + 1AA 7C9F418A 14 Bytes [ 00, 00, 3C, 7E, 87, 3B, DE, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_GetCachedImageIndex + 1B9 7C9F4199 14 Bytes [ 52, 1C, 6A, 90, 90, 90, 90, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyDeregister + 2D 7C9F5457 30 Bytes [ 00, 83, F8, 34, 0F, 86, F3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyDeregister + 4C 7C9F5476 64 Bytes [ 4E, 0F, 85, 9B, 3D, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyDeregister + 8D 7C9F54B7 10 Bytes [ 89, 7D, E0, 89, 7D, E4, 81, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyDeregister + 9A 7C9F54C4 35 Bytes [ 0F, 84, C8, 5D, 00, 00, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyDeregister + BE 7C9F54E8 50 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2 7C9F659A 39 Bytes [ 75, 10, FF, 75, 08, E8, C4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2B 7C9F65C3 3 Bytes [ 8B, FF, 55 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2F 7C9F65C7 26 Bytes [ EC, 51, 51, 56, 57, 8B, F1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 4A 7C9F65E2 55 Bytes [ 00, 8B, D8, 3B, DF, 74, 6F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 82 7C9F661A 93 Bytes [ C6, 0C, 89, 75, F8, 89, 7D, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyRegister + 1E 7C9F88F5 92 Bytes [ 8B, 4D, FC, 8B, C7, 5F, 5E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyRegister + 7D 7C9F8954 30 Bytes [ 14, 8B, 06, FF, 75, 10, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyRegister + 9C 7C9F8973 9 Bytes [ FF, 39, 46, 1C, 0F, 8C, B7, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyRegister + A6 7C9F897D 55 Bytes [ EB, A3, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifyRegister + DE 7C9F89B5 10 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_MergeMenus + 15 7C9F8FE9 37 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_MergeMenus + 3B 7C9F900F 14 Bytes [ 46, 24, 3B, C1, 8D, 50, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_MergeMenus + 4A 7C9F901E 66 Bytes [ 00, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_MergeMenus + 8D 7C9F9061 2 Bytes [ 96, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_MergeMenus + 91 7C9F9065 15 Bytes [ EB, E1, FF, 75, 08, E8, B2, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderView + 2 7C9FA63C 88 Bytes [ 75, 08, 8D, 8E, 40, 02, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderView + 5B 7C9FA695 62 Bytes [ 00, 00, 85, C0, 0F, 84, 02, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderView + 9A 7C9FA6D4 130 Bytes [ 00, FF, 75, 08, 8B, 00, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderView + 11D 7C9FA757 5 Bytes [ 80, A6, 12, 02, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderView + 123 7C9FA75D 129 Bytes [ FE, F6, 86, 14, 02, 00, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7C9FCB7C 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7C9FCB98 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7C9FCB9F 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7C9FCBF3 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7C9FCBFB 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconExW + 4D 7C9FE204 78 Bytes [ CF, FF, 75, 08, 56, E8, B8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconExW + 9C 7C9FE253 31 Bytes [ 00, 68, 68, D2, 9F, 7C, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconExW + BC 7C9FE273 5 Bytes [ 00, 81, 32, 9F, 7C ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconExW + C2 7C9FE279 34 Bytes [ 00, 00, 00, 7A, DF, 66, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconExW + E9 7C9FE2A0 35 Bytes CALL 7C9E8417 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCloneSpecialIDList + 3A 7C9FE585 34 Bytes [ 89, 45, DC, 8B, 45, 14, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCloneSpecialIDList + 5D 7C9FE5A8 2 Bytes [ D9, A5 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCloneSpecialIDList + 60 7C9FE5AB 37 Bytes [ 15, 94, 1A, 9C, 7C, 8B, F8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCloneSpecialIDList + 86 7C9FE5D1 20 Bytes [ 03, 00, 00, 8B, 45, E8, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCloneSpecialIDList + 9B 7C9FE5E6 25 Bytes [ 56, 0C, 8B, F8, 33, F6, 3B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconW + 48 7C9FECE1 26 Bytes [ 7D, 10, 33, DB, 33, C0, 39, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconW + 63 7C9FECFC 57 Bytes [ 20, 85, C0, 74, 0C, FF, 46, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconW + 9D 7C9FED36 73 Bytes [ 75, 08, 8B, 46, 08, FF, 76, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHExtractIconsW + 36 7C9FED80 27 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHExtractIconsW + 52 7C9FED9C 24 Bytes [ 08, 50, FF, 51, 08, C7, 06, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHExtractIconsW + 6B 7C9FEDB5 54 Bytes [ 75, 0C, 57, 8B, 7D, 08, 23, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHExtractIconsW + A2 7C9FEDEC 23 Bytes [ 33, C0, EB, E3, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHExtractIconsW + BA 7C9FEE04 159 Bytes [ 89, 46, 0C, 8B, 45, 08, C7, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetVersion + 5 7C9FFA08 74 Bytes [ 81, EC, 28, 02, 00, 00, A1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetVersion + 51 7C9FFA54 51 Bytes [ 00, 57, 68, 70, F5, BC, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetVersion + 85 7C9FFA88 6 Bytes [ 00, 00, 75, 15, 56, 53 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetVersion + 8C 7C9FFA8F 88 Bytes [ B5, EC, FD, FF, FF, E8, 65, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllGetVersion + E5 7C9FFAE8 14 Bytes [ 85, E4, FD, FF, FF, 89, B5, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetImageList + C 7C9FFF35 39 Bytes [ F0, FF, FF, 75, 03, 09, 46, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetImageList + 34 7C9FFF5D 13 Bytes JMP 7C9F3AFF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetImageList + 43 7C9FFF6C 26 Bytes [ 88, F1, 9F, 7C, 6C, F1, 9F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetImageList + 5F 7C9FFF88 15 Bytes [ DC, F0, 9F, 7C, B8, F0, 9F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetImageList + 6F 7C9FFF98 11 Bytes [ 54, F0, 9F, 7C, 30, F0, 9F, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathResolve + 5B 7CA02AF5 338 Bytes [ B9, F1, 7E, AD, 7C, 89, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathResolve + 1AE 7CA02C48 2 Bytes [ E1, 69 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathResolve + 1B2 7CA02C4C 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathResolve + 1C4 7CA02C5E 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathResolve + 1DA 7CA02C74 19 Bytes [ 83, 25, A0, 00, BD, 7C, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteExW + 96 7CA02F99 61 Bytes [ 83, FF, 08, 0F, 8E, 51, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteExW + D4 7CA02FD7 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteExW + F6 7CA02FF9 92 Bytes [ 10, 89, 91, AC, 00, BD, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteExW + 153 7CA03056 62 Bytes [ 00, 56, FF, 35, 84, 05, BD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteExW + 192 7CA03095 30 Bytes [ 1D, 9C, 7C, 99, 2B, C2, D1, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHTestTokenMembership + 54 7CA055B3 32 Bytes [ 00, 57, FF, B6, 04, 60, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHTestTokenMembership + 75 7CA055D4 179 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHTestTokenMembership + 129 7CA05688 5 Bytes [ FF, 55, 8B, EC, 56 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHTestTokenMembership + 12F 7CA0568E 19 Bytes CALL 7CA056F6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHTestTokenMembership + 144 7CA056A3 50 Bytes [ 0F, 85, 97, 8E, 04, 00, 83, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenRegStream + 1 7CA05ABF 25 Bytes [ EC, 81, EC, 60, 02, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenRegStream + 1B 7CA05AD9 24 Bytes [ 89, BD, A8, FD, FF, FF, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenRegStream + 34 7CA05AF2 12 Bytes [ 8D, 70, 04, 56, FF, 15, F4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenRegStream + 41 7CA05AFF 52 Bytes [ 75, 8D, 85, A0, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenRegStream + 76 7CA05B34 32 Bytes CALL 7CA05B8C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILLoadFromStream + 4 7CA0693A 58 Bytes [ D8, 85, DB, 0F, 8C, 57, C1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILLoadFromStream + 3F 7CA06975 3 Bytes [ C3, 5B, E8 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILLoadFromStream + 43 7CA06979 27 Bytes [ 1A, FE, FF, C9, C2, 10, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILLoadFromStream + 5F 7CA06995 25 Bytes [ 5D, C2, 04, 00, 48, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILLoadFromStream + 79 7CA069AF 224 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_ShowDragImage + 1 7CA08C9D 114 Bytes [ 47, 30, 85, C0, 0F, 85, 7A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_ShowDragImage + 74 7CA08D10 2 Bytes [ 50, 53 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_ShowDragImage + 77 7CA08D13 3 Bytes [ CE, F9, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_ShowDragImage + 7B 7CA08D17 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_ShowDragImage + A7 7CA08D43 190 Bytes [ FF, 15, EC, 14, 9C, 7C, 85, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA0B1D7 5 Bytes [ FF, 01, 00, 00, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA0B1DD 131 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExW + 17 7CA0B261 99 Bytes [ 16, 9C, 7C, 5F, 5E, 5B, C3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA0B2C5 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExW + 93 7CA0B2DD 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExW + E8 7CA0B332 4 Bytes [ 84, 1E, E8, 04 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExW + ED 7CA0B337 3 Bytes [ 6A, 43, FF ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateRecycleBinIcon + 5 7CA0BCE5 39 Bytes [ 8B, C6, 5E, 5D, C2, 04, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateRecycleBinIcon + 2D 7CA0BD0D 49 Bytes [ BD, 7C, 3B, 18, 75, E0, 33, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateRecycleBinIcon + 5F 7CA0BD3F 93 Bytes JMP 7C9F9149 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateRecycleBinIcon + BD 7CA0BD9D 49 Bytes [ FF, 8B, F0, 3B, F7, 0F, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateRecycleBinIcon + EF 7CA0BDCF 69 Bytes [ FF, 75, FC, FF, 56, 18, E9, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsUserAnAdmin + 35 7CA0DB90 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsUserAnAdmin + 46 7CA0DBA1 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsUserAnAdmin + 5A 7CA0DBB5 5 Bytes [ 0F, 85, EA, C1, 03 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsUserAnAdmin + 60 7CA0DBBB 42 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsUserAnAdmin + 8B 7CA0DBE6 16 Bytes [ C5, C1, 03, 00, 8B, 45, 10, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathProcessCommand + 41 7CA0E4CC 1 Byte [ 53 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathProcessCommand + 43 7CA0E4CE 38 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathProcessCommand + 6A 7CA0E4F5 9 Bytes [ FF, 83, FE, FF, 0F, 84, AE, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathProcessCommand + 74 7CA0E4FF 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathProcessCommand + 8B 7CA0E516 5 Bytes [ 89, 9D, B0, FB, FF ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFileAorW + 3D 7CA1192E 48 Bytes [ C1, FD, FF, FF, 08, 0F, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFileAorW + 6E 7CA1195F 41 Bytes [ 76, 28, 33, DB, 8D, 85, B8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFileAorW + 98 7CA11989 30 Bytes [ 40, 89, 85, F8, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFileAorW + B7 7CA119A8 50 Bytes [ FF, FF, 8D, 4E, FC, E8, 46, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFileAorW + EB 7CA119DC 51 Bytes [ FF, 8B, 85, 58, FF, FF, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListA + 15 7CA1B936 5 Bytes [ 33, C8, 89, 8B, A4 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListA + 1C 7CA1B93D 46 Bytes JMP 7CA1BDD3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListA + 4B 7CA1B96C 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListA + 73 7CA1B994 5 Bytes [ 89, 83, A4, 00, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListA + 79 7CA1B99A 58 Bytes JMP 7CA1BDD4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetFolderCustomSettingsW + 53 7CA1DC20 68 Bytes [ 76, 08, FF, D7, 85, C0, 74, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetFolderCustomSettingsW + 98 7CA1DC65 25 Bytes [ 00, FF, 45, E4, 8B, 45, E4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetFolderCustomSettingsW + B2 7CA1DC7F 34 Bytes [ F6, D9, 1B, C9, 23, 4D, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetFolderCustomSettingsW + D5 7CA1DCA2 14 Bytes CALL 7CA197C3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSetFolderCustomSettingsW + E5 7CA1DCB2 43 Bytes [ F6, 46, 44, 01, 0F, 85, C4, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetLocalizedName + 6 7CA21652 8 Bytes [ 6C, 24, 04, 08, E9, D2, F5, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetLocalizedName + F 7CA2165B 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetLocalizedName + 2D 7CA21679 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetLocalizedName + 4B 7CA21697 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetLocalizedName + 85 7CA216D1 14 Bytes JMP 7CA0F4F3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushSFCache + 32 7CA217B0 59 Bytes [ 85, C0, 0F, 84, 86, 18, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushSFCache + 6E 7CA217EC 52 Bytes [ 75, 10, 0F, 84, 0D, 37, 03, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushSFCache + A3 7CA21821 86 Bytes [ 00, 90, 90, 90, 90, 90, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushSFCache + FA 7CA21878 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushSFCache + 161 7CA218DF 4 Bytes [ FD, FF, FF, 8D ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIcon + B 7CA221E1 45 Bytes [ 83, BD, 3C, F5, FF, FF, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIcon + 39 7CA2220F 7 Bytes [ FF, 00, 09, 8D, 28, F5, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIcon + 41 7CA22217 18 Bytes [ 89, 85, 58, F5, FF, FF, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIcon + 54 7CA2222A 8 Bytes [ FF, 8B, F8, 85, FF, 7C, 23, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIcon + 5D 7CA22233 2 Bytes [ 24, F5 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Lock + 6 7CA228EB 9 Bytes [ FF, 8B, CB, 50, 0F, 84, F9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Lock + 10 7CA228F5 66 Bytes [ FF, B5, BC, F9, FF, FF, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Lock + 53 7CA22938 144 Bytes [ 8B, 4D, FC, 8B, 85, C0, F9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Lock + E4 7CA229C9 2 Bytes [ EC, 56 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Lock + E7 7CA229CC 47 Bytes [ 75, 08, FF, 71, 3C, E8, 3F, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractVersionResource16W + 11 7CA22C52 5 Bytes [ FC, FF, C9, C2, 04 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractVersionResource16W + 17 7CA22C58 9 Bytes [ 83, 0E, 18, EB, D5, C7, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractVersionResource16W + 22 7CA22C63 114 Bytes [ A1, 60, FA, BC, 7C, 33, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractVersionResource16W + 96 7CA22CD7 36 Bytes [ 00, FF, 15, 7C, 1A, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractVersionResource16W + BB 7CA22CFC 1 Byte [ 52 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllCanUnloadNow + 27 7CA238B4 15 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllCanUnloadNow + 37 7CA238C4 46 Bytes [ 57, 8B, 7D, 08, F7, 47, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllCanUnloadNow + 66 7CA238F3 31 Bytes [ 00, 00, 85, C0, 74, 16, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllCanUnloadNow + 86 7CA23913 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllCanUnloadNow + 129 7CA239B6 4 Bytes [ 55, 8B, EC, 56 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsExe + 2 7CA23A9F 3 Bytes JMP 7CA2397C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsExe + 6 7CA23AA3 108 Bytes [ FF, 39, 7D, F4, 0F, 85, F1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsExe + 73 7CA23B10 30 Bytes JMP 7CA23893 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsExe + 92 7CA23B2F 8 Bytes JMP 7CA26B44 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsExe + 9B 7CA23B38 24 Bytes [ 40, 04, 8B, 34, 98, 3B, FE, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDrive + 3B 7CA23DCC 54 Bytes [ 69, 00, 6E, 00, 69, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDrive + 72 7CA23E03 96 Bytes [ 83, C6, 04, 81, FE, 2C, 59, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDrive + D3 7CA23E64 20 Bytes [ 9E, 7C, 0F, 85, 72, 01, 02, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDrive + E8 7CA23E79 77 Bytes [ 5E, C3, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDrive + 136 7CA23EC7 28 Bytes [ 0F, 85, 1A, 1A, 02, 00, C3, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Unlock + 5 7CA24415 89 Bytes [ A1, 54, FA, BC, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Unlock + 5F 7CA2446F 19 Bytes [ FF, 8B, 45, 08, 3B, C3, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Unlock + 73 7CA24483 3 Bytes [ CE, FF, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Unlock + 77 7CA24487 17 Bytes [ 8B, F8, 3B, FB, 74, 23, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotification_Unlock + 8B 7CA2449B 2 Bytes [ FF, 15 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotify + B 7CA24914 3 Bytes [ 68, 64, FA ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotify + 10 7CA24919 50 Bytes CALL 7CA00BA3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotify + 43 7CA2494C 118 Bytes [ 68, A4, FA, BC, 7C, E8, 4D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotify + BA 7CA249C3 16 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotify + CB 7CA249D4 26 Bytes [ 00, F6, 45, 08, 01, 74, 07, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIconW + 41 7CA2A570 7 Bytes [ 64, 00, 52, 00, 75, 00, 6E ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIconW + 49 7CA2A578 1 Byte [ 44 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIconW + 4B 7CA2A57A 41 Bytes [ 6C, 00, 6C, 00, 00, 00, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIconW + 75 7CA2A5A4 115 Bytes [ 63, 00, 64, 00, 6C, 00, 67, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Shell_NotifyIconW + E9 7CA2A618 74 Bytes [ 75, 00, 63, 00, 74, 00, 69, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListW + 17 7CA2AAD0 122 Bytes [ A2, 7C, C3, 90, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListW + 92 7CA2AB4B 8 Bytes [ 07, BD, 7C, C0, A0, A2, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListW + 9B 7CA2AB54 58 Bytes [ 90, 90, 90, 90, C7, 05, F0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListW + D6 7CA2AB8F 1 Byte [ A0 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListW + D8 7CA2AB91 94 Bytes [ 7C, C3, 90, 90, 90, 90, 90, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathA + FB 7CA2AD0C 5 Bytes [ BD, 7C, C0, A0, A2 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathA + 101 7CA2AD12 43 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathA + 12D 7CA2AD3E 19 Bytes [ C0, A0, A2, 7C, C3, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathA + 141 7CA2AD52 17 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathA + 154 7CA2AD65 77 Bytes [ 90, 90, 90, C7, 05, 14, 09, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfoW + 4D 7CA2B040 89 Bytes [ 3D, D0, F5, BC, 7C, 74, 0D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfoW + A7 7CA2B09A 72 Bytes [ 94, AB, 01, 00, A1, 2C, 09, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfoW + F0 7CA2B0E3 106 Bytes [ A1, 58, F5, BC, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfoW + 15B 7CA2B14E 5 Bytes [ 00, E8, 0B, 00, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfoW + 161 7CA2B154 64 Bytes [ 33, C0, 5D, C2, 0C, 00, 90, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragAcceptFiles + 14 7CA2B1BD 19 Bytes [ D8, 0D, 00, A2, A2, 7C, 89, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragAcceptFiles + 28 7CA2B1D1 155 Bytes [ 8B, 38, 4F, 78, 1C, 56, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragAcceptFiles + C4 7CA2B26D 49 Bytes [ 55, 8B, EC, 53, 56, 57, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragAcceptFiles + F6 7CA2B29F 16 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragAcceptFiles + 107 7CA2B2B0 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetMalloc + 43 7CA2B3D8 16 Bytes [ 80, FF, 15, 30, 10, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetMalloc + 54 7CA2B3E9 9 Bytes [ 10, 9C, 7C, 8B, C6, 5E, 5D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetMalloc + 5E 7CA2B3F3 8 Bytes [ 33, F6, 46, EB, F4, B8, 17, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetMalloc + 67 7CA2B3FC 14 Bytes [ 00, 3B, F8, 0F, 86, 80, 87, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetMalloc + 76 7CA2B40B 13 Bytes [ 72, 40, 81, FF, 12, 02, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILSaveToStream + 54 7CA2F480 28 Bytes [ 03, 56, 56, FF, 75, CC, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILSaveToStream + 73 7CA2F49F 82 Bytes [ 85, FF, C7, 45, FC, 01, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILSaveToStream + C6 7CA2F4F2 52 Bytes [ 00, C7, 45, D4, 02, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILSaveToStream + FB 7CA2F527 50 Bytes [ 75, F4, 8B, 46, 18, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILSaveToStream + 12F 7CA2F55B 26 Bytes [ 8D, B7, B4, 01, 00, 00, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAddToRecentDocs + 7 7CA2FD29 42 Bytes [ FF, 15, E0, 15, 9C, 7C, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAddToRecentDocs + 32 7CA2FD54 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAddToRecentDocs + 47 7CA2FD69 76 Bytes [ C0, 74, 12, 8B, CF, 8B, D1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAddToRecentDocs + 94 7CA2FDB6 45 Bytes [ 55, 8B, EC, 81, EC, 98, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAddToRecentDocs + C2 7CA2FDE4 2 Bytes [ 9D, 70 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Win32DeleteFile + 4B 7CA30510 4 Bytes [ 84, 4C, 48, 02 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Win32DeleteFile + 50 7CA30515 54 Bytes [ 56, 57, 6A, 60, 6A, 40, BF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Win32DeleteFile + 87 7CA3054C 36 Bytes CALL 7CA304A2 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Win32DeleteFile + AC 7CA30571 16 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Win32DeleteFile + BD 7CA30582 13 Bytes [ 15, 58, 18, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathYetAnotherMakeUniqueName + 6B 7CA308F4 12 Bytes [ 0A, 00, 89, B5, C6, FB, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathYetAnotherMakeUniqueName + 78 7CA30901 78 Bytes [ FF, 8D, BD, C4, FB, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathYetAnotherMakeUniqueName + C7 7CA30950 56 Bytes [ FF, 55, 8B, EC, 51, 56, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathYetAnotherMakeUniqueName + 100 7CA30989 14 Bytes [ 5E, C9, C2, 08, 00, 8D, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathYetAnotherMakeUniqueName + 10F 7CA30998 1 Byte [ FF ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathCleanupSpec + 33 7CA30A9F 63 Bytes [ FF, 6A, 00, 50, 6A, 00, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathCleanupSpec + 73 7CA30ADF 12 Bytes [ F3, 33, C0, F3, A7, 0F, 84, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathCleanupSpec + 80 7CA30AEC 4 Bytes [ B5, D0, FD, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathCleanupSpec + 85 7CA30AF1 18 Bytes CALL 7C9EEF16 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathCleanupSpec + 98 7CA30B04 37 Bytes [ 8D, 95, DC, FB, FF, FF, 52, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfoW + 20 7CA30B2A 16 Bytes [ 08, 50, FF, 51, 10, 8B, F0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfoW + 31 7CA30B3B 39 Bytes [ 51, 08, 81, FE, 01, 40, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfoW + 59 7CA30B63 53 Bytes [ 8D, 44, 43, 02, 51, 50, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfoW + 8F 7CA30B99 12 Bytes [ FF, A5, A5, A5, A5, C7, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfoW + 9C 7CA30BA6 26 Bytes [ 00, 00, 8B, 85, D4, F5, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrIW + 58 7CA311BF 106 Bytes JMP 7C9FF007 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrIW + C4 7CA3122B 5 Bytes [ 53, 8D, 45, FC, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrIW + CA 7CA31231 45 Bytes [ 75, 0C, 8B, CE, FF, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrIW + F8 7CA3125F 33 Bytes [ 75, 08, FF, 75, 0C, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrIW + 11A 7CA31281 31 Bytes [ 75, 10, FF, 15, 34, 16, 9C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfo + 1 7CA31552 47 Bytes [ 4D, 10, 56, 8B, 75, 0C, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfo + 31 7CA31582 16 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfo + 42 7CA31593 4 Bytes [ 8C, 9C, 00, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfo + 47 7CA31598 30 Bytes [ 83, BD, F0, FD, FF, FF, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFileInfo + 66 7CA315B7 14 Bytes CALL 7C9EBD8F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconW + 63 7CA318A1 17 Bytes [ 5D, 14, 89, 85, C0, F7, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconW + 75 7CA318B3 11 Bytes [ B5, D0, F7, FF, FF, 89, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconW + 81 7CA318BF 1 Byte [ 9D ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconW + 83 7CA318C1 78 Bytes [ F7, FF, FF, 0F, 84, BF, 2F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconW + D2 7CA31910 1 Byte [ D7 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetNext + 2B 7CA3449A 10 Bytes [ 50, FF, 75, 10, FF, B5, E0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetNext + 36 7CA344A5 2 Bytes [ CE, B0 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetNext + 3A 7CA344A9 21 Bytes [ FF, B5, E0, F9, FF, FF, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetNext + 50 7CA344BF 15 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILGetNext + 60 7CA344CF 15 Bytes [ 4D, FC, 5F, 8B, C6, 5E, 5B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ReadCabinetState + 2C 7CA346FD 54 Bytes [ C2, 10, 00, 90, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ReadCabinetState + 63 7CA34734 71 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ReadCabinetState + AB 7CA3477C 3 Bytes [ B6, 68, FB ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ReadCabinetState + AF 7CA34780 27 Bytes [ 85, C0, 59, 74, 35, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ReadCabinetState + CB 7CA3479C 84 Bytes [ 8B, 06, 57, FF, 75, 10, 68, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDList + 21 7CA34C52 94 Bytes [ 66, 00, 00, FF, 76, 28, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDList + 80 7CA34CB1 4 Bytes [ 75, 0C, 8B, D9 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDList + 85 7CA34CB6 53 Bytes CALL 7CA34BEF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDList + BB 7CA34CEC 215 Bytes [ F9, FF, 15, D4, 15, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetPathFromIDList + 193 7CA34DC4 61 Bytes [ 00, 0F, 85, 58, 4A, 02, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgReadMultiple + 1 7CA37A62 30 Bytes [ C7, 5F, 5E, 5D, C2, 0C, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgReadMultiple + 20 7CA37A81 95 Bytes CALL 7CA3796E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgReadMultiple + 80 7CA37AE1 94 Bytes [ FF, 75, 10, 8B, 06, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgReadMultiple + DF 7CA37B40 82 Bytes [ FF, FF, 90, 90, 4D, 6B, A3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgReadMultiple + 132 7CA37B93 19 Bytes [ F2, 33, DB, F3, A7, 74, 05, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetRealIDL + 17 7CA38DC8 46 Bytes [ EC, 81, EC, 10, 02, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetRealIDL + 46 7CA38DF7 18 Bytes [ 80, 00, 00, 3B, F8, 0F, 8F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetRealIDL + 59 7CA38E0A 35 Bytes [ 00, 02, 00, 00, 0F, 84, 6B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetRealIDL + 7D 7CA38E2E 2 Bytes [ 00, 20 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetRealIDL + 81 7CA38E32 50 Bytes [ 0F, 84, 47, 10, 00, 00, 6A, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableA + B 7CA3FA07 28 Bytes [ 00, 6A, 06, FF, B0, B0, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableA + 28 7CA3FA24 101 Bytes [ 51, 14, 85, DB, 0F, 8C, DC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableW + 5 7CA3FA93 57 Bytes [ 56, 57, 6A, 00, 8B, F1, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableW + 40 7CA3FACE 17 Bytes [ 8B, 45, 24, 8D, BE, 38, 02, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableW + 52 7CA3FAE0 48 Bytes [ 00, FF, 75, 18, 89, 86, 3C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableW + 83 7CA3FB11 14 Bytes [ 55, 8B, EC, 56, 57, 68, 40, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExecutableW + 92 7CA3FB20 5 Bytes [ 85, C0, 59, 74, 55 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSettings + 14 7CA3FBC1 32 Bytes [ 00, 8B, C7, 5F, 5E, 5D, C2, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSettings + 35 7CA3FBE2 17 Bytes [ 43, 3B, C3, B9, 05, 40, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSettings + 47 7CA3FBF4 8 Bytes [ F8, 03, 0F, 84, 43, 84, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSettings + 50 7CA3FBFD 19 Bytes [ C0, 75, 50, 53, 56, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetSettings + 64 7CA3FC11 13 Bytes [ 39, 1E, 75, 18, 8B, 47, 0C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteW + 26 7CA409C0 5 Bytes [ 04, 31, D1, EA, 52 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteW + 2C 7CA409C6 5 Bytes [ 6A, FF, 89, 04, BE ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteW + 32 7CA409CC 26 Bytes [ 45, FC, FF, 30, 6A, 00, 6A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteW + 4D 7CA409E7 58 Bytes [ 8B, 45, FC, 47, 3B, 7D, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteW + 88 7CA40A22 82 Bytes [ FF, FF, 33, DB, 8B, F8, 83, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstW + 37 7CA40D96 7 Bytes JMP 7CA4DF23 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstW + 3F 7CA40D9E 85 Bytes [ 83, 7D, FC, 02, 5F, 5E, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstW + 95 7CA40DF4 26 Bytes [ 8B, F0, 8D, 84, 3E, 09, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstW + B0 7CA40E0F 25 Bytes [ 15, 28, 16, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteEx + 4 7CA40E29 38 Bytes [ 7D, 08, 83, C0, F6, 89, 43, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteEx + 2B 7CA40E50 48 Bytes [ 5E, 25, 0E, 00, 07, 80, 5B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteEx + 5C 7CA40E81 68 Bytes [ 15, 80, 14, 9C, 7C, 57, 68, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteEx + A1 7CA40EC6 88 Bytes [ 2B, 45, 0C, 1B, 55, 10, 89, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteEx + FA 7CA40F1F 7 Bytes [ 55, 8B, EC, 51, 56, 8B, F1 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteA + 4B 7CA4119B 1 Byte [ 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteA + 4D 7CA4119D 12 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteA + 5A 7CA411AA 64 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteA + 9B 7CA411EB 50 Bytes [ 08, FF, 15, B8, 1D, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteA + CE 7CA4121E 19 Bytes [ F8, 50, 68, C0, 51, 9C, 7C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CommandLineToArgvW + 1 7CA41349 9 Bytes CALL 7C9E8480 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CommandLineToArgvW + B 7CA41353 150 Bytes [ 90, 90, 90, 90, 90, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CommandLineToArgvW + A2 7CA413EA 9 Bytes [ 83, 7E, 20, 00, 57, 0F, 84, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CommandLineToArgvW + AD 7CA413F5 78 Bytes [ FF, 15, 08, 1E, 9C, 7C, 68, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CommandLineToArgvW + FC 7CA41444 77 Bytes [ 5D, 08, 56, 57, 8B, F1, 56, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A 7CA41F80 84 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 5F 7CA41FD5 1 Byte [ 39 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 6F 7CA41FE5 53 Bytes [ 8B, F0, 8D, 7D, EC, A5, A5, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A5 7CA4201B 80 Bytes CALL 7C9F7D79 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + F6 7CA4206C 70 Bytes [ 61, 00, 6D, 00, 65, 00, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellAboutW + 3F 7CA62EAE 118 Bytes [ 6C, 00, 2C, 00, 2D, 00, 36, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellAboutA + 67 7CA62F25 70 Bytes [ 00, 90, 90, 78, 00, 70, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellAboutA + AE 7CA62F6C 31 Bytes [ 00, 00, 90, 90, 70, 00, 6F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellAboutA + CE 7CA62F8C 27 Bytes [ 32, 00, 30, 00, 32, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellAboutA + EA 7CA62FA8 3 Bytes [ 6C, 00, 6C ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellAboutA + EE 7CA62FAC 107 Bytes [ 2C, 00, 30, 00, 00, 00, 90, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHQueryRecycleBinW + 55 7CA66925 62 Bytes [ FF, FF, 15, B0, 1C, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHQueryRecycleBinA + 2 7CA66964 33 Bytes [ 15, AC, 15, 9C, 7C, 8D, 86, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHQueryRecycleBinA + 24 7CA66986 21 Bytes [ 15, 44, 19, 9F, 7C, 83, F8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHQueryRecycleBinA + 3A 7CA6699C 19 Bytes [ FF, 50, FF, 75, 14, E8, 7B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHQueryRecycleBinA + 4E 7CA669B0 2 Bytes [ 8D, 85 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHQueryRecycleBinA + 51 7CA669B3 66 Bytes [ FB, FF, FF, FF, 75, 10, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinW + 2 7CA66C63 6 Bytes [ FF, 53, E8, 3C, EE, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinW + 9 7CA66C6A 30 Bytes [ 39, B5, DC, F9, FF, FF, 74, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinW + 29 7CA66C8A 31 Bytes [ 18, 01, 00, 00, 74, 08, 39, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinW + 4A 7CA66CAB 14 Bytes CALL 7CA640C7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinW + 59 7CA66CBA 62 Bytes [ 8D, 1C, 9D, C0, 58, BD, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinA + 2E 7CA66CF9 89 Bytes [ 35, A4, F5, BC, 7C, E8, 6E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinA + 88 7CA66D53 110 Bytes [ 56, 0F, 94, C1, 56, 56, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinA + F7 7CA66DC2 55 Bytes [ FF, 0F, 94, C0, 89, 41, 18, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinA + 12F 7CA66DFA 9 Bytes [ 56, 57, 8B, 7D, 08, 89, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEmptyRecycleBinA + 139 7CA66E04 5 Bytes [ FF, 8D, 85, DC, F7 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateStdEnumFmtEtc + 18 7CA66E42 112 Bytes [ 85, C0, 0F, 84, 4A, 02, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateStdEnumFmtEtc + 89 7CA66EB3 183 Bytes [ 8D, 85, DC, F7, FF, FF, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateStdEnumFmtEtc + 141 7CA66F6B 24 Bytes [ D8, BE, 04, 01, 00, 00, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateStdEnumFmtEtc + 15A 7CA66F84 13 Bytes [ 08, FE, FF, FF, 50, 57, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateStdEnumFmtEtc + 168 7CA66F92 3 Bytes [ 32, 68, AC ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WriteCabinetState + 7E 7CA6718D 54 Bytes [ 15, 88, 1C, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WriteCabinetState + B5 7CA671C4 15 Bytes [ FF, 00, EB, 0C, FF, 15, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WriteCabinetState + C5 7CA671D4 135 Bytes [ 83, BD, BC, F7, FF, FF, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WriteCabinetState + 14D 7CA6725C 7 Bytes [ 15, 60, 1C, 9C, 7C, 57, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WriteCabinetState + 155 7CA67264 39 Bytes [ B5, D8, F7, FF, FF, 89, 85, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFreeNameMappings + 2E 7CA690F7 59 Bytes [ FF, 89, 9E, 18, 02, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFreeNameMappings + 6A 7CA69133 22 Bytes [ 07, 3B, C3, 74, 09, 50, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFreeNameMappings + 81 7CA6914A 19 Bytes [ 15, F4, 15, 9C, 7C, 89, 5E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFreeNameMappings + 95 7CA6915E 19 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFreeNameMappings + A9 7CA69172 20 Bytes [ 76, 04, 33, DB, 89, 5D, FC, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectory + 7 7CA6A8D4 1 Byte [ 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectory + 9 7CA6A8D6 18 Bytes [ 41, 56, 8B, 75, 08, 57, 6A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExA + 1 7CA6A8E9 15 Bytes CALL 7CA6A787 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExA + 11 7CA6A8F9 23 Bytes [ FF, 15, 64, 1D, 9C, 7C, 6A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExA + 29 7CA6A911 50 Bytes [ 15, DC, 1D, 9C, 7C, 5F, 5E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExA + 5D 7CA6A945 22 Bytes [ 00, 8B, 51, 34, 85, D2, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateDirectoryExA + 74 7CA6A95C 96 Bytes [ D7, FF, B6, EC, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperationW + 24 7CA70860 27 Bytes [ 00, 8B, 86, A4, 00, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperationW + 41 7CA7087D 225 Bytes [ 00, C7, 46, 3C, 01, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperationW + 123 7CA7095F 11 Bytes [ A1, 48, F5, BC, 7C, 53, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperationW + 12F 7CA7096B 8 Bytes [ FC, 8B, 45, 0C, 57, 8B, D8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperationW + 138 7CA70974 56 Bytes [ 40, 85, C0, BF, 00, 01, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperation + 4B 7CA70B6F 41 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperation + 75 7CA70B99 67 Bytes [ 85, F4, FD, FF, FF, 50, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperation + B9 7CA70BDD 56 Bytes [ FF, EB, 2B, 8B, 3D, AC, 1C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperation + F2 7CA70C16 16 Bytes [ FF, 8B, 46, 40, 85, C0, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFileOperation + 103 7CA70C27 36 Bytes [ FF, 00, 01, 00, 00, 75, 19, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLL + 3D 7CA716A5 27 Bytes JMP 7CA71315 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLL + 59 7CA716C1 88 Bytes [ 00, 50, 8D, 86, F4, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA7171A 5 Bytes [ 50, 8D, 86, F4, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLL + B9 7CA71721 91 Bytes CALL 7CA6BA0F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLLW + 20 7CA7177D 38 Bytes [ B5, 04, F9, FF, FF, E8, AD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLLW + 47 7CA717A4 29 Bytes [ 83, F8, FF, 74, 11, 8D, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA717C2 11 Bytes [ FF, 68, 04, 01, 00, 00, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA717CE 7 Bytes [ 8D, 85, B4, FD, FF, FF, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_FillCache_RunDLLW + 79 7CA717D6 108 Bytes [ 15, AC, 1C, 9C, 7C, 56, 8D, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRunControlPanel + 11 7CA72336 5 Bytes [ 5D, C2, 1C, 00, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHRunControlPanel + 1A 7CA7233F 40 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLL + 28 7CA72368 99 Bytes [ 5D, C2, 1C, 00, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLLW + 33 7CA723CC 72 Bytes [ 75, 34, 0F, B7, C0, 50, 53, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLLAsUserW + 23 7CA72415 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLLAsUserW + 41 7CA72433 67 Bytes [ 0C, 53, 8B, 5D, 08, 89, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLLAsUserW + 85 7CA72477 45 Bytes [ 85, DB, 74, 0D, 6A, 20, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLLAsUserW + B3 7CA724A5 62 Bytes [ 9C, 7C, 8B, 45, B4, 8B, 4D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Control_RunDLLAsUserW + F2 7CA724E4 25 Bytes [ D7, 66, 85, C0, 66, 89, 06, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconEx + 7 7CA72A4D 25 Bytes CALL 7CA72A4F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DuplicateIcon + 10 7CA72A67 32 Bytes [ FF, 7C, AE, 3B, 9D, F0, FD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DuplicateIcon + 31 7CA72A88 6 Bytes [ FF, 83, 20, 00, EB, 4D ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DuplicateIcon + 38 7CA72A8F 85 Bytes [ B5, E0, FD, FF, FF, 85, F6, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DuplicateIcon + 8E 7CA72AE5 25 Bytes [ 59, F7, FF, C9, C2, 10, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DuplicateIcon + A8 7CA72AFF 24 Bytes [ 04, 56, 89, 75, FC, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FreeIconList + C 7CA72B19 22 Bytes [ 89, 75, 08, FF, B6, 88, CC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FreeIconList + 23 7CA72B30 88 Bytes [ 86, 8C, CC, 9D, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoW + 1B 7CA72B89 53 Bytes [ B6, 94, CC, 9D, 7C, 57, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoW + 51 7CA72BBF 28 Bytes [ 6A, 00, FF, 75, FC, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoW + 6E 7CA72BDC 40 Bytes [ A1, 48, F5, BC, 7C, 53, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoW + 97 7CA72C05 15 Bytes CALL 7C9ED058 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoW + A7

#5 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 30 December 2008 - 02:53 PM

This is the second half of gmer data:

========

7CA72C15 38 Bytes [ 00, 68, 01, 26, 00, 00, 53, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoA + 11 7CA73088 24 Bytes [ F3, AB, 68, 08, 02, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoA + 2A 7CA730A1 6 Bytes [ FF, 50, 8D, 85, D4, F7 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoA + 32 7CA730A9 29 Bytes CALL 7CA728BC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconResInfoA + 50 7CA730C7 49 Bytes [ FF, 50, 68, 19, 00, 02, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExW + 17 7CA730FA 23 Bytes [ FF, 15, 30, 1C, 9C, 7C, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExW + 2F 7CA73112 3 Bytes [ 4D, FC, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExW + 33 7CA73116 6 Bytes [ C6, 5E, E8, D3, 52, F7 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExW + 3A 7CA7311D 42 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExW + 65 7CA73148 3 Bytes [ 85, F4, FD ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExA + 20 7CA732CE 10 Bytes [ 75, 0C, FF, 75, 10, 53, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExA + 2D 7CA732DB 24 Bytes [ F8, 56, FF, 15, 34, 16, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExA + 48 7CA732F6 57 Bytes [ 00, 74, 16, FF, B5, EC, FD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExA + 82 7CA73330 5 Bytes [ 75, 08, E8, 1C, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconExA + 89 7CA73337 121 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconW + 10 7CA733B1 115 Bytes [ 68, 08, 02, 00, 00, 89, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconA + 26 7CA73425 8 Bytes [ 53, 8B, 5D, 10, 56, 8B, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractIconA + 2F 7CA7342E 63 Bytes [ 8B, 7D, 0C, 89, 45, FC, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListW + C 7CA7346F 10 Bytes [ 33, C0, 40, EB, 05, 83, 26, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListW + 17 7CA7347A 36 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 6C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListW + 3C 7CA7349F 36 Bytes [ 33, C0, F3, A7, 74, 1E, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!InternalExtractIconListW + 61 7CA734C4 211 Bytes [ 75, 08, 8D, 46, 04, 50, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconA + 2B 7CA73598 14 Bytes [ 40, 04, 89, 48, 10, 8B, 4D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconA + 3A 7CA735A7 26 Bytes [ 48, 0C, 89, 03, 33, C0, EB, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconA + 55 7CA735C2 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconA + 60 7CA735CD 51 Bytes [ 6A, 10, 33, C0, 33, C9, 5E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ExtractAssociatedIconA + 94 7CA73601 31 Bytes [ 55, 8B, EC, 83, EC, 34, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstA + 4 7CA736B6 53 Bytes [ D1, 0F, AF, D1, 03, D0, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstA + 3A 7CA736EC 114 Bytes [ FF, 89, 45, FC, EB, 40, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstA + AD 7CA7375F 50 Bytes [ 8D, 45, CC, 50, FF, 15, 28, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DoEnvironmentSubstA + E0 7CA73792 174 Bytes CALL CCF7F7CA
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceA + 99 7CA73841 38 Bytes [ 15, 14, 11, 9C, 7C, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceA + C1 7CA73869 2 Bytes [ 48, 11 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceA + C6 7CA7386E 37 Bytes [ 3D, 4C, 12, 9C, 7C, 50, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceA + EC 7CA73894 43 Bytes [ D3, 8B, D8, 53, FF, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDiskFreeSpaceA + 118 7CA738C0 37 Bytes [ 38, 8B, 45, 1C, FF, 30, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHHelpShortcuts_RunDLLW + B 7CA739DD 36 Bytes [ 75, F4, 48, 50, FF, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHObjectProperties + 20 7CA73A02 26 Bytes [ FF, 75, FC, FF, 75, F8, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHObjectProperties + 3B 7CA73A1D 13 Bytes [ 15, 40, 12, 9C, 7C, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHObjectProperties + 83 7CA73A65 25 Bytes [ 0C, FF, 15, 48, 1E, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHObjectProperties + 9D 7CA73A7F 10 Bytes [ 8B, 35, 54, 12, 9C, 7C, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHObjectProperties + AA 7CA73A8C 39 Bytes [ FF, D6, 8B, C7, 5F, 5E, C9, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellMessageBoxA + 2 7CA73E03 17 Bytes [ FF, 66, 89, 01, C7, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellMessageBoxA + 15 7CA73E16 24 Bytes [ 66, 39, 5D, 10, 0F, 85, 1C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellMessageBoxA + 2E 7CA73E2F 37 Bytes [ FF, D7, 83, F8, 04, 0F, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellMessageBoxA + 54 7CA73E55 56 Bytes [ FF, 6B, C0, 0E, 83, C0, 06, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellMessageBoxA + 8E 7CA73E8F 1 Byte [ 66 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushClipboard + D 7CA73EDC 21 Bytes [ FF, FF, 15, F0, 14, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushClipboard + 23 7CA73EF2 10 Bytes [ 8B, BD, D8, FD, FF, FF, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushClipboard + 2E 7CA73EFD 11 Bytes [ FF, 8B, 95, D8, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushClipboard + 3A 7CA73F09 36 Bytes [ FF, 0E, 8D, B5, E4, FD, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFlushClipboard + 5F 7CA73F2E 13 Bytes [ 89, 85, DC, FD, FF, FF, 72, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowA + 38 7CA74BB9 7 Bytes [ 75, 08, 89, 5D, D8, FF, D6 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowA + 40 7CA74BC1 42 Bytes [ 75, 08, FF, 15, 54, 1E, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowA + 6B 7CA74BEC 118 Bytes [ 75, 08, FF, 15, B8, 1D, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowA + E2 7CA74C63 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathIsSlowA + E9 7CA74C6A 58 Bytes [ 55, 8B, EC, FF, 75, 0C, 6A, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathGetShortPath + 2 7CA74F80 33 Bytes [ 8B, 45, 08, 8B, 00, 3B, C3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathGetShortPath + 24 7CA74FA2 38 Bytes [ 75, 10, 8B, 7D, 0C, 68, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathGetShortPath + 4B 7CA74FC9 55 Bytes [ DE, 1B, F6, 46, 5F, 8B, C6, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathGetShortPath + 83 7CA75001 31 Bytes [ 85, C0, 74, 16, FF, 75, 18, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathGetShortPath + A3 7CA75021 56 Bytes [ F6, 7D, 07, 57, FF, 15, 20, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDriveA + 24 7CA7511E 28 Bytes [ 8D, 45, EC, 50, FF, 15, 38, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!IsLFNDriveA + 41 7CA7513B 18 Bytes [ 55, 8B, EC, 81, EC, 14, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathQualify + B 7CA7514F 40 Bytes [ 10, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathQualify + 34 7CA75178 44 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathQualify + 61 7CA751A5 50 Bytes [ FF, A1, A4, 5D, BD, 7C, 3B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathQualify + 95 7CA751D9 10 Bytes [ 04, 00, 00, 00, 89, 9D, 54, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathQualify + A0 7CA751E4 22 Bytes [ D7, 85, C0, 75, 14, 83, BD, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathMakeUniqueName + 12 7CA7553E 19 Bytes [ 08, 68, 98, 45, A7, 7C, 68, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathMakeUniqueName + 26 7CA75552 7 Bytes [ FF, 85, C0, 75, 29, 68, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathMakeUniqueName + 2E 7CA7555A 29 Bytes CALL 7C9ED057 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathMakeUniqueName + 4C 7CA75578 2 Bytes [ E2, F9 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PathMakeUniqueName + 4F 7CA7557B 42 Bytes [ FF, 85, C0, 75, 04, 33, C0, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PickIconDlg + 19 7CA763E0 29 Bytes [ 7D, 08, 89, 95, E0, FB, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PickIconDlg + 37 7CA763FE 7 Bytes [ 45, 0C, 8B, BD, D4, FB, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PickIconDlg + 3F 7CA76406 4 Bytes [ 8B, 9D, D0, FB ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PickIconDlg + 44 7CA7640B 10 Bytes [ FF, 03, C0, 89, 85, C8, FB, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PickIconDlg + 4F 7CA76416 17 Bytes [ B5, DC, FB, FF, FF, 2B, C7, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHInvokePrinterCommandA + 5B 7CA77241 10 Bytes [ 15, 98, 1D, 9C, 7C, E9, E1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHInvokePrinterCommandA + 66 7CA7724C 58 Bytes [ 35, 50, 1D, 9C, 7C, 6A, 0B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHInvokePrinterCommandA + A1 7CA77287 18 Bytes [ 15, 30, 11, 9C, 7C, 33, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHInvokePrinterCommandA + B4 7CA7729A 8 Bytes [ 76, 18, FF, 15, 2C, 11, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHInvokePrinterCommandA + BD 7CA772A3 247 Bytes CALL 7CA1BEDE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PrintersGetCommand_RunDLL + 28 7CA7739B 168 Bytes [ 56, 89, 07, FF, 15, 34, 16, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA77444 2 Bytes [ 75, 10 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PrintersGetCommand_RunDLLW + 4F 7CA77447 3 Bytes [ 45, F4, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PrintersGetCommand_RunDLLW + 53 7CA7744B 8 Bytes [ 75, F8, FF, 75, FC, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PrintersGetCommand_RunDLLW + 5C 7CA77454 8 Bytes [ 75, 08, FF, 75, 18, FF, 55, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PrintersGetCommand_RunDLLW + 66 7CA7745E 64 Bytes [ 75, 2E, FF, D3, 83, F8, 7A, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAddFromPropSheetExtArray + 2 7CA77818 109 Bytes [ 3C, 00, 00, 00, C7, 85, 54, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHReplaceFromPropSheetExtArray + 18 7CA77886 74 Bytes [ F8, FF, 15, 00, 10, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHReplaceFromPropSheetExtArray + 63 7CA778D1 78 Bytes [ 80, 00, 00, 56, 89, 85, E4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHReplaceFromPropSheetExtArray + B2 7CA77920 7 Bytes [ C7, 74, 38, 66, 39, 38, 74 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHReplaceFromPropSheetExtArray + BA 7CA77928 79 Bytes CALL 7CA349D3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHReplaceFromPropSheetExtArray + 10B 7CA77979 5 Bytes [ 50, E8, D0, 73, 04 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreatePropSheetExtArray + 20 7CA77A66 95 Bytes [ D6, 8D, 44, 00, 02, 01, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreatePropSheetExtArray + 80 7CA77AC6 14 Bytes [ C6, 5B, 5F, 5E, C9, C2, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreatePropSheetExtArray + 8F 7CA77AD5 104 Bytes [ 55, 8B, EC, 6A, 00, 68, 4F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreatePropSheetExtArray + F8 7CA77B3E 70 Bytes [ 55, 8B, EC, 81, EC, 3C, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreatePropSheetExtArray + 13F 7CA77B85 21 Bytes [ FF, FF, D7, 8D, 85, EC, FB, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryPoint + 1E 7CA77BD9 69 Bytes [ 34, 16, 9C, 7C, EB, 0C, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragFinish + 7 7CA77C1F 56 Bytes [ 50, 8D, 85, EC, FB, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFile + 2F 7CA77C58 43 Bytes [ 50, 56, 8D, 85, DC, F7, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFile + 5B 7CA77C84 17 Bytes [ B5, C8, F7, FF, FF, E8, 14, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFile + 6D 7CA77C96 18 Bytes [ 8D, 85, D4, F7, FF, FF, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFile + 80 7CA77CA9 52 Bytes [ 8B, 85, D4, F7, FF, FF, 3B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DragQueryFile + B5 7CA77CDE 9 Bytes [ 74, 31, FF, 75, 10, 8D, 85, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialogEx + 2D 7CA783C5 17 Bytes [ 7E, 11, FF, 75, 14, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialogEx + 3F 7CA783D7 44 Bytes [ FF, FF, 75, FC, FF, 15, 34, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialogEx + 6D 7CA78405 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialogEx + 93 7CA7842B 11 Bytes [ 59, 89, 85, A4, FB, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialogEx + 9F 7CA78437 28 Bytes CALL 06A78437
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialog + 7 7CA78C8C 13 Bytes [ 75, 11, 53, C7, 05, 58, 59, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialog + 15 7CA78C9A 29 Bytes [ 15, 48, 14, 9C, 7C, 57, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialog + 33 7CA78CB8 21 Bytes [ 15, 08, 16, 9C, 7C, C3, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialog + 49 7CA78CCE 8 Bytes [ A1, 48, F5, BC, 7C, 89, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RestartDialog + 52 7CA78CD7 22 Bytes [ 45, 08, 89, 85, 34, FD, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHOpenPropSheetW + A 7CA7964B 123 Bytes [ FF, 15, 78, 1D, 9C, 7C, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHOpenPropSheetW + 86 7CA796C7 18 Bytes [ 6A, 01, 68, 10, F0, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHOpenPropSheetW + 9B 7CA796DC 50 Bytes [ 8B, 75, 10, 83, E6, F0, 81, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHOpenPropSheetW + CE 7CA7970F 59 Bytes [ 35, A4, F5, BC, 7C, 89, 35, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHOpenPropSheetW + 10A 7CA7974B 74 Bytes [ 14, 56, FF, 75, 08, C7, 05, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesW + 85 7CA7B32D 9 Bytes [ 75, 10, 74, 11, 56, 68, 58, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesW + 8F 7CA7B337 8 Bytes [ 8D, 8D, 44, F9, FF, FF, 51, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesW + 98 7CA7B340 66 Bytes [ 50, 10, 53, FF, 15, 08, 16, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesA + 32 7CA7B383 30 Bytes [ FF, 15, 40, 1C, 9C, 7C, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesA + 51 7CA7B3A2 57 Bytes [ 55, 8B, EC, 51, 51, E8, 24, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesA + 8B 7CA7B3DC 100 Bytes [ 15, 04, 16, 9C, 7C, 8D, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CheckEscapesA + F0 7CA7B441 92 Bytes [ 8D, B7, BC, 00, 00, 00, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrCpyNA + 17 7CA7B49E 89 Bytes [ D6, 85, C0, 5E, 74, 0F, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpW + 36 7CA7B4F9 27 Bytes [ F7, D8, 1B, C0, 23, 45, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpW + 52 7CA7B515 53 Bytes [ 65, FC, 00, 56, 8B, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpA + 2 7CA7B54B 105 Bytes CALL 7CB9E284 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpA + 6C 7CA7B5B5 4 Bytes [ 35, A4, F5, BC ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpA + 71 7CA7B5BA 163 Bytes [ FF, 15, 54, 1D, 9C, 7C, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpIA + 30 7CA7B65E 26 Bytes [ 85, C0, 0F, 85, 6E, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpIA + 4B 7CA7B679 26 Bytes [ FF, 36, FF, 15, 34, 16, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCmpIA + 66 7CA7B694 145 Bytes [ 55, 8B, EC, 81, EC, CC, 05, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrNCpyA + 35 7CA7B726 30 Bytes [ 50, 68, A4, 52, 9C, 7C, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrRStrW + 4 7CA7B745 54 Bytes [ 85, 4C, FA, FF, FF, 0F, B7, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrRStrW + 3B 7CA7B77C 360 Bytes [ FF, 50, 68, 53, 33, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetPathOffsetW + 75 7CA7B8E5 6 Bytes [ 00, 8D, 85, 50, FA, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirW + 2 7CA7B8EC 35 Bytes [ 50, 53, 68, 80, 01, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirW + 26 7CA7B910 15 Bytes [ 83, A5, 4C, FA, FF, FF, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirW + 36 7CA7B920 49 Bytes [ 00, 0F, 8E, 9A, 00, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirW + 68 7CA7B952 5 Bytes [ 00, E8, 1D, 32, F9 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirW + 6E 7CA7B958 30 Bytes [ 8B, 9D, 34, FA, FF, FF, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirA + 29 7CA7B9B5 150 Bytes [ 3B, 86, B8, 00, 00, 00, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirW + 56 7CA7BA4C 84 Bytes [ 40, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirW + AB 7CA7BAA1 5 Bytes [ 56, E8, C2, F9, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirW + B1 7CA7BAA7 34 Bytes [ EB, 53, 57, 8B, 7D, 14, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirW + D4 7CA7BACA 19 Bytes [ 15, 70, 1E, 9C, 7C, EB, 2B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirW + E8 7CA7BADE 11 Bytes [ 70, 0C, EB, E7, 8B, 4D, 14, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirA + A 7CA7BBE4 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirA + 2D 7CA7BC07 11 Bytes [ 00, 00, 04, 89, 45, FC, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirA + 39 7CA7BC13 45 Bytes [ C0, 0F, 85, CF, 00, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetCurDrive + E 7CA7BC41 82 Bytes [ BC, FE, FF, FF, 89, 85, C4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheSetCurDrive + 3B 7CA7BC94 12 Bytes [ 15, B0, 1C, 9C, 7C, EB, 06, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheSetCurDrive + 48 7CA7BCA1 74 Bytes [ 80, 8D, B9, FE, FF, FF, 40, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathA + 42 7CA7BCEC 2 Bytes [ 07, 80 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathA + 45 7CA7BCEF 59 Bytes [ 4D, FC, 5F, 5E, 5B, E8, F7, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathA + 81 7CA7BD2B 43 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathA + AD 7CA7BD57 81 Bytes [ 00, 00, 48, C7, 85, A0, FD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathW + 4D 7CA7BDA9 38 Bytes [ 35, A4, F5, BC, 7C, FF, 15, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathW + 74 7CA7BDD0 32 Bytes [ 8B, D8, 85, DB, 74, 15, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathW + 95 7CA7BDF1 10 Bytes CALL 7C9EBAEC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheFullPathW + A0 7CA7BDFC 114 Bytes [ 8B, 4D, FC, 5E, 5B, E8, EA, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirExW + 5B 7CA7BE6F 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirExW + 62 7CA7BE76 48 Bytes [ 55, 8B, EC, 81, EC, 1C, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirExW + 93 7CA7BEA7 4 Bytes [ C7, 85, E8, FB ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirExW + 98 7CA7BEAC 23 Bytes [ FF, 02, 00, 00, 00, 50, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheGetDirExW + B0 7CA7BEC4 9 Bytes [ 68, 08, 02, 00, 00, 50, E8, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExW + 33 7CA7BF44 41 Bytes [ 8B, 4D, FC, 8B, 85, E8, FB, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExW + 5D 7CA7BF6E 21 Bytes [ 4D, 14, 53, 8B, 5D, 08, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExW + 73 7CA7BF84 52 Bytes [ FF, 89, 85, 40, F7, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExW + A8 7CA7BFB9 7 Bytes [ 00, 00, 8D, 85, 38, F7, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExW + B0 7CA7BFC1 55 Bytes [ 50, 8D, 85, 44, F7, FF, FF, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExA + 1F 7CA7C1B4 196 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExA + E5 7CA7C27A 17 Bytes [ 0C, 8B, 45, 08, 83, C0, 10, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExA + FA 7CA7C28F 25 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExA + 114 7CA7C2A9 36 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheChangeDirExA + 139 7CA7C2CE 59 Bytes CALL BDB436F6
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RegenerateUserEnvironment + 1B 7CA7D301 3 Bytes [ 85, F0, EF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RegenerateUserEnvironment + 20 7CA7D306 5 Bytes [ 50, 8D, 85, E8, EF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RegenerateUserEnvironment + 26 7CA7D30C 9 Bytes [ FF, 50, FF, 36, 66, 89, BD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RegenerateUserEnvironment + 30 7CA7D316 10 Bytes [ FF, 66, C7, 85, F2, EF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RegenerateUserEnvironment + 3B 7CA7D321 5 Bytes [ 15, 10, 17, 9C, 7C ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_CloseProperties + 11 7CA82AE5 1 Byte [ C0 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_CloseProperties + 13 7CA82AE7 77 Bytes [ 07, 66, 83, 4E, 02, FF, EB, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_CloseProperties + 61 7CA82B35 50 Bytes [ 50, 6A, 40, 8D, 85, 64, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_CloseProperties + 94 7CA82B68 71 Bytes [ 85, 54, FF, FF, FF, FF, 48, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_CloseProperties + DC 7CA82BB0 100 Bytes [ A8, FD, FF, FF, 8B, 45, 18, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_GetProperties + 18 7CA83208 11 Bytes CALL 7C9E83ED C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_GetProperties + 24 7CA83214 22 Bytes [ 90, 90, 90, 90, 90, E8, BB, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_GetProperties + 3B 7CA8322B 15 Bytes [ FF, 55, 8B, EC, 68, 00, 20, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_GetProperties + 4B 7CA8323B 71 Bytes CALL 7CA2BFF1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_GetProperties + 93 7CA83283 78 Bytes [ 00, 74, 04, 33, C0, EB, 2C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_SetProperties + 43 7CA83AB2 46 Bytes [ 00, 75, 07, A1, 44, B1, BD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_SetProperties + 72 7CA83AE1 11 Bytes [ FF, 8B, F0, 85, F6, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_SetProperties + 7E 7CA83AED 10 Bytes [ 00, 00, 00, 8B, 4D, 0C, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_SetProperties + 8C 7CA83AFB 62 Bytes [ 40, 8B, 46, 10, A8, 01, 74, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_SetProperties + CB 7CA83B3A 22 Bytes [ 8B, 46, 40, 83, F8, FF, 74, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_OpenProperties + FB 7CA84068 31 Bytes [ DD, 9D, 7C, FF, 15, 2C, 14, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_OpenProperties + 11B 7CA84088 38 Bytes [ 15, 14, 1C, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_OpenProperties + 143 7CA840B0 34 Bytes [ C9, C3, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_OpenProperties + 166 7CA840D3 11 Bytes [ 51, 8D, 8D, EC, FB, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!PifMgr_OpenProperties + 172 7CA840DF 18 Bytes [ 00, 53, 33, FF, 89, 45, FC, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheRemoveQuotesW + 6 7CA8BF81 81 Bytes [ 4D, B8, 8B, 40, 04, C1, E9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheRemoveQuotesA + 1C 7CA8BFD3 9 Bytes [ 75, B0, 89, 75, B4, FF, D3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheRemoveQuotesA + 26 7CA8BFDD 84 Bytes [ 21, 8B, 45, AC, 8B, 48, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheRemoveQuotesA + 7B 7CA8C032 96 Bytes [ 89, 48, 22, 8D, 45, B4, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathW + 25 7CA8C093 35 Bytes [ 75, B0, C7, 45, B4, 40, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathW + 49 7CA8C0B7 27 Bytes [ 83, 60, 02, 00, 6A, 04, 5E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathW + 65 7CA8C0D3 7 Bytes [ 75, B4, FF, D3, 85, C0, 75 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathW + 6D 7CA8C0DB 28 Bytes [ 8B, 45, AC, 8B, 40, 04, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathW + 8A 7CA8C0F8 143 Bytes [ B0, 89, 75, B4, FF, D3, 85, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathA + 3B 7CA8C25C 61 Bytes [ 75, B4, FF, D6, 83, 65, AC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathA + 79 7CA8C29A 135 Bytes [ 75, B4, FF, D6, 01, 5D, A8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathA + 101 7CA8C322 7 Bytes [ D6, 8B, 47, 04, 0F, B7, 48 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathA + 109 7CA8C32A 22 Bytes [ 0F, B7, 40, 10, 53, C1, E1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheShortenPathA + 120 7CA8C341 2 Bytes [ 75, B4 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheConvertPathW + 16 7CA8C5EC 17 Bytes [ 00, 80, 80, 80, 00, 8B, 42, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheConvertPathW + 28 7CA8C5FE 128 Bytes [ 8B, 42, 04, C7, 80, B4, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheConvertPathW + A9 7CA8C67F 9 Bytes [ EC, 20, FF, 75, 0C, 8D, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheConvertPathW + B4 7CA8C68A 2 Bytes [ 14, 17 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SheConvertPathW + B9 7CA8C68F 61 Bytes [ 45, 08, 83, 65, F0, 00, 83, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLL 7CA8E029 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLL + 4 7CA8E02D 28 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLL + 21 7CA8E04A 9 Bytes [ 74, 6C, 83, F8, FC, 74, 0E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLL + 2B 7CA8E054 20 Bytes [ 74, 37, 83, F8, FE, 0F, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLL + 40 7CA8E069 28 Bytes [ 15, 9C, 1A, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLLW + 2 7CA8E0E5 70 Bytes [ 15, E0, 1D, 9C, 7C, EB, 0E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLLW + 49 7CA8E12C 20 Bytes [ 76, 10, FF, 15, 68, 1D, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLLW + 5E 7CA8E141 93 Bytes [ BB, 09, 35, 00, 00, 74, 1C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLLW + BC 7CA8E19F 1 Byte [ 55 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!OpenAs_RunDLLW + BE 7CA8E1A1 46 Bytes [ EC, 83, EC, 30, 53, 56, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Activate_RunDLL + 1B 7CA8F0AF 29 Bytes [ FF, 07, 00, 00, 00, E8, 21, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Activate_RunDLL + 39 7CA8F0CD 39 Bytes [ 15, 28, F2, BB, 7C, 8B, 4D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Activate_RunDLL + 61 7CA8F0F5 6 Bytes [ 5D, 08, 56, 8B, 75, 10 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Activate_RunDLL + 68 7CA8F0FC 2 Bytes [ 89, 45 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Activate_RunDLL + 6B 7CA8F0FF 10 Bytes CALL 7C9F07DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CA9217E 75 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHIsFileAvailableOffline + 9A 7CA921CA 32 Bytes CALL 7C9EB8E6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHIsFileAvailableOffline + BB 7CA921EB 26 Bytes [ FC, FF, FF, 6A, 00, 56, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHIsFileAvailableOffline + D6 7CA92206 16 Bytes CALL 7CA91E32 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHIsFileAvailableOffline + E7 7CA92217 147 Bytes [ 15, 34, 16, 9C, 7C, 33, C0, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 2F 7CA92549 83 Bytes CALL 7CA92486 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 83 7CA9259D 62 Bytes [ 00, 00, 00, B6, 63, A9, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C3 7CA925DD 6 Bytes [ 75, 08, E8, A4, 06, F8 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEnumerateUnreadMailAccountsW + CA 7CA925E4 49 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEnumerateUnreadMailAccountsW + FC 7CA92616 41 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetAttributesFromDataObject + C8 7CA92A59 63 Bytes [ 74, 0C, FF, B5, B0, FB, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetAttributesFromDataObject + 109 7CA92A9A 24 Bytes [ 18, FF, 75, 14, FF, 75, 10, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetAttributesFromDataObject + 122 7CA92AB3 23 Bytes [ 74, 07, 6A, 00, FF, 75, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetAttributesFromDataObject + 13A 7CA92ACB 52 Bytes [ 55, 8B, EC, 56, FF, 75, 1C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetAttributesFromDataObject + 16F 7CA92B00 61 Bytes [ 8B, D8, 0F, B7, 05, C0, F9, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteA + B4 7CA94AA0 17 Bytes CALL 7C9F9E2C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteA + C8 7CA94AB4 40 Bytes [ 05, BF, 00, 00, 40, 00, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteA + F1 7CA94ADD 11 Bytes [ 3B, C6, 8B, 5D, 10, 89, 03, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteA + FD 7CA94AE9 89 Bytes [ 00, 6A, 13, 56, 56, 56, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPathPrepareForWriteA + 157 7CA94B43 49 Bytes [ FF, D6, 85, C0, 74, 4F, 68, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetUnreadMailCountW + 2 7CA94D0A 56 Bytes CALL 7CA2D8CA C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetUnreadMailCountW + 3B 7CA94D43 4 Bytes [ FF, BE, 00, 04 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetUnreadMailCountW + 41 7CA94D49 2 Bytes [ 0F, 84 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetUnreadMailCountW + 44 7CA94D4C 82 Bytes [ 01, 00, 00, 85, C0, 75, 03, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetUnreadMailCountW + 97 7CA94D9F 6 Bytes [ 45, BC, 50, 6A, 12, 56 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetUnreadMailCountW + 2C 7CA94F48 32 Bytes [ 8B, 0F, 80, E1, 01, F6, D9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetUnreadMailCountW + 4D 7CA94F69 6 Bytes [ 68, 74, 96, 9C, 7C, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetUnreadMailCountW + 54 7CA94F70 53 Bytes [ D6, 8B, 07, 83, E0, 10, C1, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetUnreadMailCountW + 8B 7CA94FA7 93 Bytes [ FF, 75, FC, FF, D6, 8B, 07, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHSetUnreadMailCountW + E9 7CA95005 99 Bytes [ 75, FC, FF, D6, 8B, 07, 25, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetShellStyleHInstance + 1 7CA953A5 49 Bytes [ 85, F0, FD, FF, FF, 5F, 5E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetShellStyleHInstance + 33 7CA953D7 42 Bytes [ 8B, 45, 14, 53, 8B, 5D, 10, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetShellStyleHInstance + 5E 7CA95402 2 Bytes [ FF, 15 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetShellStyleHInstance + 61 7CA95405 15 Bytes [ 1C, 9C, 7C, 33, FF, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetShellStyleHInstance + 71 7CA95415 21 Bytes [ 85, EC, FD, FF, FF, 89, BD, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFormatDrive + 27 7CA982DC 2 Bytes [ 76, 30 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFormatDrive + 2A 7CA982DF 24 Bytes [ D7, 50, FF, D3, 6A, 01, 6A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFormatDrive + 43 7CA982F8 23 Bytes [ 00, FF, 76, 30, FF, D7, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFormatDrive + 5B 7CA98310 20 Bytes [ 5E, 5B, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFormatDrive + 70 7CA98325 3 Bytes [ 00, A1, 48 ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!AppCompat_RunDLLW + 2 7CA98A01 7 Bytes [ FF, 50, 53, 68, 43, 01, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!AppCompat_RunDLLW + A 7CA98A09 35 Bytes [ FF, B5, DC, FD, FF, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!AppCompat_RunDLLW + 2F 7CA98A2E 1 Byte [ FC ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!AppCompat_RunDLLW + 34 7CA98A33 11 Bytes [ 7C, 13, FF, B5, D4, FD, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!AppCompat_RunDLLW + 42 7CA98A41 7 Bytes CALL 7CA919D7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CDefFolderMenu_Create2 + 37 7CA9A228 23 Bytes [ 55, 8B, EC, 51, 51, 53, 56, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CDefFolderMenu_Create2 + 4F 7CA9A240 5 Bytes [ 1D, 94, 1D, 9C, 7C ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CDefFolderMenu_Create2 + 55 7CA9A246 86 Bytes [ FF, D3, 8B, CE, 89, 45, F8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CDefFolderMenu_Create2 + AC 7CA9A29D 79 Bytes CALL 7CA92AC7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CDefFolderMenu_Create2 + FC 7CA9A2ED 33 Bytes [ F0, 85, F6, 7C, 14, 8B, 45, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_AutoScroll + 17 7CAA54DD 29 Bytes [ 85, C0, 74, 14, 81, 78, 04, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_AutoScroll + 35 7CAA54FB 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_AutoScroll + 3C 7CAA5502 30 Bytes [ 55, 8B, EC, 53, 56, 8B, 35, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_AutoScroll + 5B 7CAA5521 142 Bytes [ 00, 57, FF, D6, 53, 68, 2E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_AutoScroll + EA 7CAA55B0 66 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_DragEnterEx + 3 7CAAE9AB 122 Bytes [ F8, D1, F8, 03, D1, 3B, D3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_DragMove + 25 7CAAEA26 68 Bytes [ 03, 57, 57, 57, 57, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_SetDragImage + 2A 7CAAEA6B 52 Bytes [ 75, F8, FF, 75, 0C, FF, D3, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_SetDragImage + 5F 7CAAEAA0 24 Bytes CALL 7CA760A4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_SetDragImage + 78 7CAAEAB9 11 Bytes [ 75, F4, FF, 15, 58, 12, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_SetDragImage + 84 7CAAEAC5 64 Bytes [ 15, 54, 12, 9C, 7C, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_DragLeave + 2A 7CAAEB06 21 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_DragLeave + 40 7CAAEB1C 13 Bytes CALL 7CAAE92A C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DAD_DragLeave + 4E 7CAAEB2A 146 Bytes [ FF, 75, 10, FF, 76, 50, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDoDragDrop + 80 7CAAEBBD 77 Bytes [ EB, 4B, 39, 44, BB, 58, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDoDragDrop + CE 7CAAEC0B 20 Bytes [ 44, BB, 58, 5F, 5B, 5D, C2, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDoDragDrop + E3 7CAAEC20 85 Bytes [ 14, 83, 65, EC, 00, 56, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDoDragDrop + 139 7CAAEC76 53 Bytes [ D6, 8B, C7, 5F, 5E, C9, C2, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDoDragDrop + 16F 7CAAECAC 10 Bytes [ 89, 5D, FC, 75, 6A, 57, E8, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllInstall + 46 7CAB1B72 48 Bytes [ 50, FF, D6, 83, C4, 10, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllInstall + 77 7CAB1BA3 13 Bytes [ 15, 10, 10, 9C, 7C, 8B, F8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllInstall + 86 7CAB1BB2 47 Bytes [ FF, FF, B5, B8, FE, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllInstall + B6 7CAB1BE2 27 Bytes [ 90, 90, 40, 00, 78, 00, 70, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!DllInstall + D2 7CAB1BFE 97 Bytes [ 2C, 00, 2D, 00, 25, 00, 64, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconA + 1D 7CAB4BF3 27 Bytes [ 00, 50, 8D, 46, 38, 50, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconA + 39 7CAB4C0F 28 Bytes [ 85, C0, 74, 07, 8B, CF, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconA + 56 7CAB4C2C 43 Bytes [ 5F, 83, 7D, 0C, 05, 75, 0B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconA + 82 7CAB4C58 18 Bytes CALL 7C9EB04B C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHDefExtractIconA + 95 7CAB4C6B 118 Bytes [ 75, 1A, FF, 75, 14, C7, 46, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHValidateUNC + 3C 7CAB51DC 6 Bytes [ FF, 74, 0D, 81, F9, 38 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHValidateUNC + 43 7CAB51E3 1 Byte [ FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHValidateUNC + 45 7CAB51E5 12 Bytes JMP 7CAB52E3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHValidateUNC + 52 7CAB51F2 21 Bytes [ 85, C0, 0F, 85, EB, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHValidateUNC + 69 7CAB5209 63 Bytes CALL 7CAB3974 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SignalFileOpen + C 7CAB595C 30 Bytes [ 55, 8B, EC, 81, EC, AC, 03, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SignalFileOpen + 2B 7CAB597B 74 Bytes [ 15, 5C, 1C, 9C, 7C, 8B, F0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SignalFileOpen + 76 7CAB59C6 3 Bytes [ 50, FC, 9D ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SignalFileOpen + 7A 7CAB59CA 37 Bytes [ 8D, 85, 5C, FC, FF, FF, 50, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SignalFileOpen + A0 7CAB59F0 11 Bytes [ 10, 9C, 7C, 89, 9D, 58, FC, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteExW + 75 7CAB5B56 10 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteExW + 80 7CAB5B61 15 Bytes [ C0, 7C, 4F, 8D, 85, 54, FC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteExW + 90 7CAB5B71 11 Bytes [ 50, 6A, 00, 6A, 02, 6A, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteExW + 9C 7CAB5B7D 23 Bytes [ FF, 50, 53, FF, 15, 70, 1B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteA + B 7CAB5B95 11 Bytes [ 50, FF, 15, 28, 1C, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteA + 17 7CAB5BA1 17 Bytes [ B6, 4C, FB, 9D, 7C, 8D, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteA + 29 7CAB5BB3 11 Bytes [ 83, C6, 08, 83, FE, 50, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!RealShellExecuteW + 2 7CAB5BBF 145 Bytes CALL 7CA03717 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteW + 61 7CAB5C51 115 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteW + D5 7CAB5CC5 205 Bytes [ 89, 45, 10, 75, 61, 6A, 20, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteW + 1A3 7CAB5D93 28 Bytes [ 75, 0C, FF, 15, 3C, 1C, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteW + 1C0 7CAB5DB0 26 Bytes [ A1, 48, F5, BC, 7C, 56, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExecuteW + 1DB 7CAB5DCB 18 Bytes CALL 7CA04965 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!GetFileNameFromBrowse + 18 7CAB72BB 5 Bytes [ 89, 9D, 0C, F1, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!GetFileNameFromBrowse + 1E 7CAB72C1 5 Bytes [ 89, B5, D8, F0, FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!GetFileNameFromBrowse + 24 7CAB72C7 86 Bytes [ 89, 9D, DC, F0, FF, FF, 89, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!GetFileNameFromBrowse + 7C 7CAB731F 26 Bytes [ 8B, 08, 50, FF, 51, 0C, 68, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!GetFileNameFromBrowse + 97 7CAB733A 22 Bytes [ 5A, 17, 00, 00, 50, FF, 35, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILAppendID + 12 7CAB7693 35 Bytes [ FF, FF, 15, 40, 19, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILAppendID + 37 7CAB76B8 100 Bytes [ 0F, 84, 78, 04, 00, 00, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILAppendID + 9C 7CAB771D 10 Bytes CALL 7CAB6E74 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILAppendID + A7 7CAB7728 91 Bytes [ FF, 50, 8D, 85, EC, FB, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILAppendID + 103 7CAB7784 4 Bytes [ 15, 54, 1D, 9C ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPathA + 2 7CAB78E2 29 Bytes [ FF, C7, 04, 07, 80, 75, 5F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPathA + 20 7CAB7900 3 Bytes [ B5, 58, F1 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPathA + 24 7CAB7904 24 Bytes [ FF, 01, 85, 4C, F1, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPathA + 3D 7CAB791D 12 Bytes [ 8B, 01, FF, B5, 4C, F1, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ILCreateFromPathA + 4A 7CAB792A 55 Bytes [ 85, 44, F1, FF, FF, 8B, 08, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirA + 6B 7CAB9A8F 26 Bytes [ 8B, 45, E4, 2B, 45, EC, 33, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirA + 86 7CAB9AAA 78 Bytes [ 08, 8B, 45, D8, 33, D2, 39, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirA + D5 7CAB9AF9 4 Bytes [ 00, FF, 76, 18 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirA + DA 7CAB9AFE 60 Bytes [ 15, 34, 1E, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetFolderPathAndSubDirA + 117 7CAB9B3B 27 Bytes [ D3, 8B, 3D, A4, 1D, 9C, 7C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHHandleUpdateImage + 2 7CABAD48 27 Bytes CALL 7CABAD48 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHHandleUpdateImage + 1E 7CABAD64 2 Bytes [ FF, 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHHandleUpdateImage + 22 7CABAD68 2 Bytes [ 30, 16 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHHandleUpdateImage + 26 7CABAD6C 32 Bytes [ 8D, 44, 00, 02, 50, 8D, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHHandleUpdateImage + 47 7CABAD8D 35 Bytes [ B5, E4, FB, FF, FF, FF, 15, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifySuspendResume + 2 7CABB30F 61 Bytes CALL 7CABA7E1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifySuspendResume + 40 7CABB34D 24 Bytes [ 39, 8D, 85, EC, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifySuspendResume + 59 7CABB366 12 Bytes [ B5, EC, FD, FF, FF, E8, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHChangeNotifySuspendResume + 66 7CABB373 164 Bytes [ 76, 08, FF, B5, F0, FD, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageW + 2A 7CABB418 19 Bytes [ 8D, 47, F0, 50, 6A, 00, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageW + 3E 7CABB42C 18 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageW + 51 7CABB43F 14 Bytes [ 75, 10, 68, 7C, 01, 9E, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageW + 60 7CABB44E 63 Bytes [ 75, 10, FF, 77, F8, 53, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageW + A0 7CABB48E 28 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageA + 3F 7CABB56C 112 Bytes [ 3D, 68, 1C, 9C, 7C, BE, 98, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageA + B0 7CABB5DD 110 Bytes [ 00, 00, FF, B5, EC, FD, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageA + 11F 7CABB64C 83 Bytes [ FF, 85, C0, 75, 13, FF, B5, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageA + 174 7CABB6A1 21 Bytes [ 00, 00, 83, C6, 1C, 83, BD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHUpdateImageA + 18A 7CABB6B7 2 Bytes [ 4D, FC ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListA + 2 7CAC23E2 18 Bytes [ 36, FF, 15, A4, F6, 9E, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListA + 16 7CAC23F6 85 Bytes [ EB, C4, C7, 45, FC, 0E, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListA + 6C 7CAC244C 148 Bytes [ 75, 08, FF, 75, FC, E8, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListA + 101 7CAC24E1 6 Bytes [ 00, 00, 8B, C3, 83, E8 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetDataFromIDListA + 108 7CAC24E8 62 Bytes [ 74, 08, 2B, C1, 0F, 85, 0F, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfo + 79 7CAC26D8 23 Bytes [ 51, 0C, 8B, D8, 3B, DE, 0F, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfo + 91 7CAC26F0 107 Bytes [ 75, 0C, FF, 15, 3C, 1A, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfo + FD 7CAC275C 6 Bytes JMP 7CAC2852 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfo + 104 7CAC2763 61 Bytes [ 34, 8D, 60, F0, A5, 7C, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetNewLinkInfo + 142 7CAC27A1 8 Bytes [ F9, 0A, 0F, 8C, A9, 00, 00, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHOpenFolderAndSelectItems + 7B 7CAC2A99 28 Bytes [ 7C, 0E, 8B, 4D, FC, F7, D9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellItem 7CAC2AB6 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellItem + 8 7CAC2ABE 29 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellItem + 26 7CAC2ADC 2 Bytes [ 4D, FC ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellItem + 29 7CAC2ADF 44 Bytes [ D9, 1B, C9, 83, E1, FE, 41, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellItem + 56 7CAC2B0C 47 Bytes [ 75, 08, 6A, 77, 6A, 06, E8, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateFileExtractIconW + 9 7CAC2C2B 18 Bytes [ 59, 8B, 55, 14, 89, 0A, C9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateFileExtractIconW + 1C 7CAC2C3E 74 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateFileExtractIconW + 67 7CAC2C89 66 Bytes [ 75, 0C, FF, 75, 08, 6A, 02, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateFileExtractIconW + AA 7CAC2CCC 79 Bytes [ 75, 08, 6A, 02, 6A, 0A, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateFileExtractIconW + FA 7CAC2D1C 63 Bytes [ 4D, FC, F7, D9, 1B, C9, 83, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAppBarMessage + 87 7CAC3EE6 4 Bytes [ 8D, 85, 4C, FB ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAppBarMessage + 8C 7CAC3EEB 36 Bytes [ FF, 50, FF, 15, 78, 15, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAppBarMessage + B1 7CAC3F10 82 Bytes [ FF, 5F, 5E, 8B, 4D, FC, 5B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAppBarMessage + 104 7CAC3F63 42 Bytes [ FF, 89, B5, C4, F9, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHAppBarMessage + 12F 7CAC3F8E 31 Bytes [ 50, FF, 15, 4C, 1A, 9C, 7C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHEnableServiceObject + 2 7CAC3FD1 100 Bytes [ D6, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetInstanceExplorer + 30 7CAC4036 16 Bytes [ FF, 50, FF, 15, 14, 1B, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetInstanceExplorer + 41 7CAC4047 24 Bytes [ 0F, 84, 33, 01, 00, 00, 66, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetInstanceExplorer + 5A 7CAC4060 12 Bytes [ FF, 50, FF, B5, CC, F9, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetInstanceExplorer + 67 7CAC406D 50 Bytes [ FF, 50, FF, D3, FF, B5, D0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetInstanceExplorer + 9B 7CAC40A1 15 Bytes CALL 7CA0431E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolderW + 17 7CAC6FB8 94 Bytes [ C1, C7, 00, D4, 67, 9D, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolderW + 76 7CAC7017 12 Bytes [ 50, 68, 00, 80, 00, 00, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolderW + 83 7CAC7024 78 Bytes [ B5, F0, FD, FF, FF, E8, 23, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolderW + D3 7CAC7074 4 Bytes [ 08, 50, FF, 51 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolderW + D8 7CAC7079 142 Bytes [ 8B, 4D, FC, 33, C0, 85, F6, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolder + 6D 7CAC7108 11 Bytes CALL 7C9FF573 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolder + 79 7CAC7114 18 Bytes [ 1D, 5C, 1D, 9C, 7C, 89, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolder + 8C 7CAC7127 12 Bytes [ 50, 68, 44, 37, 00, 00, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolder + 99 7CAC7134 25 Bytes [ 15, 6C, 1D, 9C, 7C, 83, 66, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHBrowseForFolder + B3 7CAC714E 143 Bytes [ 15, E0, 1D, 9C, 7C, FF, 37, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WOWShellExecute + 29 7CAC8601 66 Bytes [ 8B, F0, EB, 02, 33, F6, 3B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WOWShellExecute + 6C 7CAC8644 89 Bytes [ 8D, 55, EC, 52, 50, FF, 51, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WOWShellExecute + C7 7CAC869F 60 Bytes [ 68, 28, B2, 9D, 7C, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WOWShellExecute + 104 7CAC86DC 17 Bytes [ 75, 14, 6A, 00, 57, 50, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!WOWShellExecute + 116 7CAC86EE 51 Bytes [ 75, 05, BE, 05, 40, 00, 80, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExec_RunDLLW + 2 7CAC87D6 19 Bytes CALL 7CA9B2AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExec_RunDLLW + 16 7CAC87EA 28 Bytes [ EC, 56, 8D, 45, 08, 50, 6A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExec_RunDLLW + 33 7CAC8807 9 Bytes [ 75, 10, 8B, 08, 6A, 01, 6A, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExec_RunDLLW + 3D 7CAC8811 10 Bytes [ 51, 20, 8B, F0, 8B, 45, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellExec_RunDLLW + 48 7CAC881C 26 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateProcessAsUserW + C 7CAC93A0 26 Bytes [ 19, 9C, 7C, F7, D8, 1B, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateProcessAsUserW + 28 7CAC93BC 18 Bytes [ 68, E0, 03, 00, 00, 6A, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateProcessAsUserW + 3B 7CAC93CF 71 Bytes [ 75, 08, FF, 15, EC, 1D, 9C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateProcessAsUserW + 83 7CAC9417 5 Bytes [ 15, 68, 1C, 9C, 7C ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateProcessAsUserW + 89 7CAC941D 16 Bytes [ F8, 3B, FE, 74, 4F, 66, 39, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHShellFolderView_Message + 2 7CACAA6E 5 Bytes [ FF, 04, 00, 00, 00 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHShellFolderView_Message + 8 7CACAA74 18 Bytes [ 15, 30, 1C, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHShellFolderView_Message + 1B 7CACAA87 7 Bytes [ FF, 6A, 01, FF, B5, F4, F7 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHShellFolderView_Message + 23 7CACAA8F 84 Bytes CALL 7CA13719 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHShellFolderView_Message + 78 7CACAAE4 68 Bytes [ FF, 15, 00, 10, 9C, 7C, 5F, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderViewEx + 2 7CACAF07 1 Byte [ 50 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderViewEx + 4 7CACAF09 102 Bytes CALL 7C9EBEF9 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderViewEx + 6B 7CACAF70 35 Bytes [ 50, 8D, 85, FC, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderViewEx + 8F 7CACAF94 18 Bytes CALL 7CA136AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateShellFolderViewEx + A2 7CACAFA7 24 Bytes [ 50, FF, 35, A4, F5, BC, 7C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFind_InitMenuPopup + 55 7CACCCA3 32 Bytes [ 50, 30, 5F, 2B, D8, 5E, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFind_InitMenuPopup + 76 7CACCCC4 14 Bytes [ 08, 33, F6, 51, FF, 50, 64, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFind_InitMenuPopup + 86 7CACCCD4 30 Bytes CALL 7C9EC114 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFind_InitMenuPopup + A5 7CACCCF3 14 Bytes [ 8B, EC, 53, 56, 57, 6A, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFind_InitMenuPopup + B4 7CACCD02 16 Bytes [ 15, 70, 19, 9F, 7C, 85, C0, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFindFiles + 2 7CACE248 46 Bytes [ 75, 10, 83, C0, 0C, 50, E8, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFindFiles + 31 7CACE277 168 Bytes [ 55, 8B, EC, 51, 51, 83, 7D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFindFiles + DE 7CACE324 31 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFindFiles + FE 7CACE344 1 Byte [ FF ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHFindFiles + 100 7CACE346 23 Bytes [ 46, 10, 57, 8B, 7E, 0C, 8B, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHStartNetConnectionDialogW + 2 7CAD197F 48 Bytes [ 7C, 6B, 8B, 46, 14, 8B, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHStartNetConnectionDialogW + 33 7CAD19B0 94 Bytes [ B6, 34, 02, 00, 00, FF, 33, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHStartNetConnectionDialogW + 92 7CAD1A0F 10 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHStartNetConnectionDialogW + 9D 7CAD1A1A 29 Bytes [ 55, 8B, EC, 81, EC, B8, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHStartNetConnectionDialogW + BB 7CAD1A38 125 Bytes [ FF, FF, 89, 45, FC, 8B, 43, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexW + 2A 7CAD3909 60 Bytes [ 55, 8B, EC, 8B, 4D, 08, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexW + 69 7CAD3948 76 Bytes [ 0D, 66, 83, 38, 00, 74, 07, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexW + B6 7CAD3995 24 Bytes [ 39, 5D, 14, 74, 0B, 6A, 02, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexW + CF 7CAD39AE 43 Bytes CALL 7C9EBDF3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexA + 23 7CAD39DA 54 Bytes [ 89, 1F, 89, 1E, B8, 05, 40, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexA + 5A 7CAD3A11 65 Bytes [ F0, 85, F6, 7C, 1A, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexA + 9C 7CAD3A53 96 Bytes [ 7D, 0C, 89, 45, FC, 8D, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexA + FD 7CAD3AB4 38 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHGetIconOverlayIndexA + 125 7CAD3ADC 106 Bytes [ 8B, 4D, 18, A1, 48, F5, BC, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgCreate + 14 7CAD4522 31 Bytes [ 08, FF, 75, FC, 50, FF, 51, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgCreate + 34 7CAD4542 102 Bytes [ FF, 55, 8B, EC, 8B, 45, 18, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgCreate + 9C 7CAD45AA 24 Bytes [ 00, A1, 48, F5, BC, 7C, 53, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgCreate + B5 7CAD45C3 12 Bytes [ FF, 05, 40, 00, 80, 33, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgCreate + C2 7CAD45D0 44 Bytes [ 55, 0C, 39, 11, 74, 0B, 40, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgWriteMultiple + 2 7CAD5170 53 Bytes [ FF, 50, FF, D6, 53, 8D, 85, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgWriteMultiple + 38 7CAD51A6 54 Bytes CALL 7CA25909 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgWriteMultiple + 6F 7CAD51DD 11 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgWriteMultiple + 7B 7CAD51E9 38 Bytes CALL 7CA0C0B3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHPropStgWriteMultiple + A2 7CAD5210 15 Bytes [ FF, FF, D6, 85, C0, 0F, 84, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLimitInputEdit + 3B 7CAD5E7D 27 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLimitInputEdit + 57 7CAD5E99 51 Bytes [ 85, C0, 74, 21, 33, F6, F6, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLimitInputEdit + 8B 7CAD5ECD 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 14, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLimitInputEdit + 96 7CAD5ED8 43 Bytes [ 57, FF, 75, 10, BF, 05, 40, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLimitInputEdit + C2 7CAD5F04 31 Bytes [ EC, 56, 8B, 75, 14, 83, 26, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMultiFileProperties + B 7CAD62F3 30 Bytes [ 15, 30, 13, 9C, 7C, 33, C0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMultiFileProperties + 2A 7CAD6312 33 Bytes [ 8B, 46, 10, A9, 00, 00, 01, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMultiFileProperties + 4C 7CAD6334 14 Bytes [ F9, 30, 72, 06, 66, 83, F9, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMultiFileProperties + 5B 7CAD6343 112 Bytes [ 74, 0C, 66, 83, F9, 41, 72, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHMultiFileProperties + CC 7CAD63B4 10 Bytes [ 8B, F1, FF, 15, BC, 14, 9C, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2E 7CAD6ABD 1 Byte [ 55 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 30 7CAD6ABF 2 Bytes [ EC, 56 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 33 7CAD6AC2 94 Bytes [ 8B, 7D, 08, 57, 8B, F1, FF, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 92 7CAD6B21 174 Bytes [ 75, 09, 09, 46, 10, 83, 4E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 141 7CAD6BD0 149 Bytes [ 00, FF, FF, 75, 0F, 83, 7E, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExeDlgProc + 10 7CAF5D63 49 Bytes [ 14, 8B, F8, 85, FF, 7C, 11, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExeDlgProc + 42 7CAF5D95 4 Bytes [ EC, 51, 53, 57 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExeDlgProc + 47 7CAF5D9A 76 Bytes [ 7D, 08, 8D, 4F, DC, E8, FE, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExeDlgProc + 94 7CAF5DE7 21 Bytes [ 11, 8B, 35, D4, 19, 9C, 7C, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!FindExeDlgProc + AA 7CAF5DFD 19 Bytes [ D6, 85, C0, 7C, 06, 8B, 45, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CallCPLEntry16 + 16 7CB26310 2 Bytes [ 45, 18 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CallCPLEntry16 + 19 7CB26313 111 Bytes [ 08, 6A, FF, 50, FF, 91, A4, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CallCPLEntry16 + 89 7CB26383 9 Bytes [ 15, F4, 1F, 9C, 7C, 39, 5D, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CallCPLEntry16 + 93 7CB2638D 36 Bytes CALL 7CB26916 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!CallCPLEntry16 + B8 7CB263B2 39 Bytes [ 45, FC, 8B, C1, 6A, 08, 8D, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Options_RunDLL + 8 7CB5C586 302 Bytes [ FF, AB, AB, AB, 8D, 85, D0, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Options_RunDLLW + 10B 7CB5C6B5 2 Bytes [ 0F, D8 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Options_RunDLLW + 10F 7CB5C6B9 30 Bytes [ 8B, F0, 85, F6, 75, 31, 57, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Options_RunDLLW + 12E 7CB5C6D8 2 Bytes CALL E6B5C6E0
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Options_RunDLLW + 132 7CB5C6DC 62 Bytes [ 6A, 0A, 56, FF, 15, 18, 1E, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!Options_RunDLLW + 171 7CB5C71B 64 Bytes [ 75, D8, FF, 75, 08, FF, 15, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateLocalServerRunDll + 1 7CB5E4F6 374 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateLocalServerRunDll + 178 7CB5E66D 39 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateLocalServerRunDll + 1A0 7CB5E695 59 Bytes [ FF, 85, C0, 8B, 75, 1C, 74, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateLocalServerRunDll + 1DC 7CB5E6D1 8 Bytes [ 83, 65, 08, 00, F6, 06, 03, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!SHCreateLocalServerRunDll + 1E5 7CB5E6DA 88 Bytes [ 5B, 66, 89, 45, D4, 89, 5D, ... ]
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!ShellMessageBoxW + 1 7CB9C972 10 Bytes [ 75, FC, 68, 31, 04, 00, 00, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrChrA + 1 7CB9C97D 10 Bytes [ D6, 50, FF, 75, FC, 68, 30, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrChrIA + 1 7CB9C988 32 Bytes [ 77, 08, FF, D6, 53, FF, 75, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrCmpNA + 1 7CB9C9A9 10 Bytes [ 45, FC, 8B, 45, FC, 3B, 45, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrCmpNIA + 1 7CB9C9B4 25 Bytes [ 77, 08, 8D, 4F, 48, E8, 83, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrCmpNW + 6 7CB9C9CF 5 Bytes [ 50, 50, FF, 77, 08 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrRChrA + 1 7CB9C9D5 4 Bytes [ 15, A8, F4, BB ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrRChrA + 6 7CB9C9DA 47 Bytes [ FF, 75, 08, 8B, CF, E8, 19, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrRStrIW 7CB9CA0B 61 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + 1F 7CB9CA4B 52 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + 56 7CB9CA82 57 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + 90 7CB9CABC 4 Bytes [ 76, 50, FF, 15 ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + 95 7CB9CAC1 27 Bytes [ 1D, 9C, 7C, 39, BD, DC, FD, ... ]
.text C:\Program Files\Messenger\msmsgs.exe[408] SHELL32.dll!StrStrW + B1 7CB9CADD 21 Bytes CALL 7CB819DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

Device \Driver\usb80233 \Device\usb80233 F1B3658A

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:58 AM

Posted 30 December 2008 - 06:07 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 30 December 2008 - 08:32 PM

Buckeye Sam, I am confused by your last post. So are you instructing me to run Combo fix? The bold red lettering seems to say the opposite. Please advise.

Thanks

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:58 AM

Posted 31 December 2008 - 09:22 AM

Yes I am instructing you to download and run Combofix. Just follow the directions in my post.


What the red lettering indicates is that I would not advise anyone reading this thread trying to fix their problems on their own to run Combofix. It is an extremely powerful program. If you use it without the proper guidance there is the potential for serious issues. You should never run Combofix unless being assisted and supported by a malware removal expert like those here at Bleeping Computer.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 31 December 2008 - 02:01 PM

Per your request, the C:\Combofix.txt log. The hijacking to IE continues after the scan however:

========
ComboFix 08-12-30.02 - User 2008-12-31 10:42:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.234 [GMT -8:00]
Running from: C:\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\User\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\User\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\User\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\tn3
c:\windows\system32\bxhllmle.dll
c:\windows\system32\cfjaffsc.dll
c:\windows\system32\cfrkldlg.dll
c:\windows\system32\cmeimhgu.dll
c:\windows\system32\csffajfc.ini
c:\windows\system32\cudqfv.dll
c:\windows\system32\eggakkak.dll
c:\windows\system32\elodeksm.dll
c:\windows\system32\fyplvrwe.dll
c:\windows\system32\hkmVDJjl.ini
c:\windows\system32\hkmVDJjl.ini2
c:\windows\system32\hnpcvqtt.ini
c:\windows\system32\ifmrdrlo.ini
c:\windows\system32\isxcksss.dll
c:\windows\system32\jekpqm.dll
c:\windows\system32\jrkrdngo.ini
c:\windows\system32\kakkagge.ini
c:\windows\System32\ljJDVmkh.dll
c:\windows\system32\lulkrm.dll
c:\windows\system32\mjyfxqpx.dll
c:\windows\system32\mskedole.ini
c:\windows\system32\ndytle.dll
c:\windows\system32\ogndrkrj.dll
c:\windows\system32\olrdrmfi.dll
c:\windows\system32\olwyglfw.ini
c:\windows\system32\rcqsjpos.ini
c:\windows\system32\rtdnxf.dll
c:\windows\system32\sopjsqcr.dll
c:\windows\system32\spannctj.dll
c:\windows\system32\ttqvcpnh.dll
c:\windows\system32\uglmhmmu.dll
c:\windows\system32\vtdamy.dll
c:\windows\system32\wflgywlo.dll
c:\windows\system32\xklwhq.dll
c:\windows\system32\zlpstu.dll
c:\windows\VXNlcg\
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-31 10:48 . 2008-12-31 10:48 <DIR> d-------- c:\temp\tn3
2008-12-31 10:30 . 2008-12-31 10:30 2,888,154 -ra------ C:\ComboFix.exe
2008-12-30 20:43 . 2006-12-29 00:31 19,569 --a------ c:\windows\000004_.tmp
2008-12-30 20:05 . 2006-12-29 00:31 19,569 --a------ c:\windows\000003_.tmp
2008-12-30 16:01 . 2008-12-30 16:02 <DIR> d-------- c:\program files\Crawler
2008-12-30 16:01 . 2008-12-30 16:01 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-30 16:00 . 2008-12-31 10:24 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-30 16:00 . 2008-12-31 10:24 <DIR> d-------- c:\documents and settings\User\Application Data\Spyware Terminator
2008-12-30 16:00 . 2008-12-30 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-30 15:57 . 2008-12-30 15:57 646,528 --a------ C:\SpywareTerminatorSetup.exe
2008-12-30 15:33 . 2006-12-29 00:31 19,569 --a------ c:\windows\000002_.tmp
2008-12-30 11:08 . 2008-12-30 11:08 <DIR> d-------- C:\TPgmer
2008-12-30 10:53 . 2008-12-30 10:53 <DIR> d-------- C:\gmer
2008-12-30 10:22 . 2008-12-30 11:09 345 --a------ c:\windows\gmer.ini
2008-12-30 10:20 . 2008-12-30 10:20 747,873 --a------ C:\gmer.zip
2008-12-30 09:45 . 2008-12-30 09:45 369,663 --a------ C:\dds.scr
2008-12-24 15:41 . 2008-12-24 15:42 22 --a------ c:\windows\system32\byXPIxyV.zip
2008-12-24 12:48 . 2008-12-30 19:02 498 --a------ c:\windows\wininit.ini
2008-12-24 12:16 . 2008-12-31 10:34 <DIR> d-------- C:\Spybot - Search & Destroy
2008-12-24 11:50 . 2008-12-24 12:02 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-24 11:50 . 2008-12-24 12:02 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-24 11:50 . 2008-12-24 11:50 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-24 11:50 . 2008-12-24 11:50 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-24 09:57 . 2008-04-14 05:42 189,440 --a------ c:\windows\system32\dllcache\smtpadm.dll
2008-12-24 09:57 . 2008-04-14 05:42 10,752 --a------ c:\windows\system32\smtpapi.dll
2008-12-24 09:57 . 2008-04-14 05:42 9,728 --a------ c:\windows\system32\rwnh.dll
2008-12-24 09:54 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp
2008-12-24 09:23 . 2008-12-24 09:27 <DIR> d-------- C:\b3ad047fa5d9c77153e255b1
2008-12-23 21:30 . 2008-12-29 15:29 <DIR> d-------- C:\Hijackthis
2008-12-23 21:10 . 2008-12-23 21:10 <DIR> d-------- C:\backups
2008-12-23 19:59 . 2008-12-23 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-23 19:58 . 2008-12-23 19:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-23 19:54 . 2008-12-23 19:57 23,804,784 --a------ C:\aaw2008.exe
2008-12-23 17:03 . 2008-12-23 17:03 <DIR> d-------- c:\windows\system32\scripting
2008-12-23 16:58 . 2008-12-23 16:58 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-23 16:50 . 2006-12-29 00:31 19,569 --a------ c:\windows\002689_.tmp
2008-12-23 16:45 . 2008-12-30 20:42 <DIR> d-------- c:\windows\EHome
2008-12-23 15:48 . 2008-12-23 16:30 331,805,736 --a------ C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-12-23 15:13 . 2008-12-23 15:13 7,518,240 --a------ C:\Firefox Setup 3.0.5.exe
2008-12-23 15:04 . 2008-12-30 20:56 2,206 --a------ c:\windows\system32\wpa.dbl
2008-12-23 14:10 . 2003-09-18 13:47 235,744 --a------ c:\windows\system32\drivers\SAVRT.SYS
2008-12-23 14:10 . 2003-09-18 13:47 35,552 --a------ c:\windows\system32\drivers\SAVRTPEL.SYS
2008-12-23 14:10 . 2003-12-01 23:33 7,133 --a------ c:\windows\system32\drivers\SAVRTPEL.CAT
2008-12-23 14:10 . 2003-12-01 23:33 7,127 --a------ c:\windows\system32\drivers\SAVRT.CAT
2008-12-23 14:10 . 2003-12-02 14:00 632 --a------ c:\windows\system32\drivers\SAVRTPEL.INF
2008-12-23 14:10 . 2003-12-02 14:00 616 --a------ c:\windows\system32\drivers\SAVRT.INF
2008-12-23 10:07 . 2002-08-15 19:59 123,619 --a------ c:\windows\system32\SYMEVNT.386
2008-12-23 10:07 . 2002-08-15 19:59 83,672 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-23 10:07 . 2002-08-15 19:59 73,224 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-23 10:07 . 2008-12-23 10:07 32 --ahs---- c:\windows\system32\{D2028518-0DF9-4849-AC1F-7CBB16795D2D}.dat
2008-12-23 10:07 . 2008-12-23 10:07 32 --ahs---- c:\windows\{AD5973C4-236C-4C39-8B3D-98AB0624C539}.dat
2008-12-23 10:07 . 2008-12-23 10:07 14 --a------ c:\windows\system32\SR2.dat
2008-12-23 10:06 . 2008-12-23 10:07 <DIR> d-------- c:\program files\Symantec
2008-12-23 10:06 . 2008-12-24 15:38 <DIR> d-------- c:\program files\Norton AntiVirus
2008-12-23 10:06 . 2008-12-31 10:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-23 10:06 . 2008-12-23 10:06 <DIR> d-------- c:\documents and settings\User\Application Data\Symantec
2008-12-23 10:06 . 2008-12-23 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-22 01:09 . 2008-12-22 01:09 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-22 01:07 . 2008-12-22 01:08 <DIR> d-------- c:\windows\ShellNew
2008-12-22 01:07 . 2008-12-22 01:07 <DIR> d-------- c:\program files\Common Files\L&H
2008-12-22 00:55 . 2008-12-22 00:55 <DIR> d-------- c:\windows\uwru
2008-12-22 00:55 . 2008-12-22 01:26 <DIR> d-------- c:\program files\Common Files\uwru
2008-12-22 00:47 . 2008-12-22 00:47 <DIR> d-------- c:\documents and settings\User\Application Data\TrojanHunter
2008-12-21 16:54 . 2008-12-24 10:12 <DIR> d-------- c:\documents and settings\User\Application Data\Twain
2008-12-21 16:49 . 2008-12-23 15:29 <DIR> d-------- c:\program files\Webtools
2008-12-20 15:17 . 2008-12-23 18:10 <DIR> d-------- c:\windows\system32\cap2
2008-12-20 15:17 . 2008-12-20 15:18 <DIR> d-------- c:\windows\system32\ain
2008-12-20 15:17 . 2008-12-20 15:17 <DIR> d-------- c:\temp\REX81
2008-12-20 15:17 . 2008-12-31 10:48 <DIR> d-------- C:\Temp
2008-12-20 15:17 . 2008-12-20 15:17 86,272 --------- c:\windows\system32\drivers\usb80233.sys
2008-12-20 15:17 . 2008-12-31 10:47 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-08 18:02 . 2008-11-08 18:02 <DIR> d-------- C:\Building a Successful Remote Call Center Agent Program_2_files
2008-11-08 18:02 . 2008-11-08 18:02 10,314 --a------ C:\Building a Successful Remote Call Center Agent Program_2.htm
2008-11-08 17:56 . 2008-11-08 17:56 354,738 --a------ C:\building-a-new-ip-mindset.pdf
2008-11-08 11:59 . 2008-11-08 12:00 93,370 --a------ C:\showMessage.htm
2008-11-06 09:03 . 2008-11-06 09:03 41,856 --a------ C:\latin_men_preview_354.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 22:55 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-24 05:04 424 ----a-w c:\program files\Shortcut to HiJackThis.lnk
2008-12-24 04:32 --------- d-----w c:\program files\Lavasoft
2008-12-24 04:32 --------- d-----w c:\documents and settings\User\Application Data\Lavasoft
2008-12-21 05:21 --------- d-----w c:\program files\Common Files\Adobe
2008-12-21 05:20 --------- d-----w c:\program files\Citrix
2008-12-21 05:19 --------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone DEMO
2008-11-03 18:37 --------- d-----w c:\documents and settings\User\Application Data\AdobeUM
2006-12-20 18:48 32,440 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-24 94208]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-16 32835]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 204800]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-29 315392]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-20 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 c:\windows\system32\S3Tray2.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 c:\windows\system32\irprops.cpl]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-10-16 2295]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2006-10-16 15360]
R1 usb80233;usb80233;c:\windows\system32\drivers\usb80233.sys [2008-12-20 86272]
S3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2008-10-24 67424]
.
Contents of the 'Scheduled Tasks' folder

2006-10-17 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-01-17 00:32]

2008-12-23 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-12-31 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]

2008-12-31 c:\windows\Tasks\uuatrdgs.job
- c:\windows\system32\rundll32.exe [2008-04-14 05:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0b30ee8f-2b3a-4485-b189-27ddddba9704} - c:\windows\System32\khpjgm.dll
BHO-{31CAD83D-F0D3-47E9-80EA-443D8C4BBB79} - (no file)
BHO-{5FD2B4F7-0DE1-4C27-B7E4-DB5995C9E5E9} - c:\windows\System32\awttrRij.dll
BHO-{928DE05E-4D7B-431D-9777-DE8BE8CD97C3} - (no file)
BHO-{B825F7AE-B757-4E31-944C-4D3193FAB1D0} - c:\windows\System32\ljJDVmkh.dll
BHO-{DA68C7C1-0ED4-4D81-937E-7DD6CAD4A650} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-tgcmd - (no file)
HKLM-Run-UC_SMB - (no file)
Notify-byXPIxyV - byXPIxyV.dll


.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: vpn.osi-systems.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zds632gq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 10:48:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3657979338-2177214203-875580018-1004
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3657979338-2177214203-875580018-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-3657979338-2177214203-875580018-1004
@Allowed: (Full) (S-1-5-21-3657979338-2177214203-875580018-1004)
@Allowed: (Full) (S-1-5-21-3657979338-2177214203-875580018-1004)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3657979338-2177214203-875580018-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3657979338-2177214203-875580018-1004
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\COMRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2008-12-31 10:51:56 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-12-31 18:51:52

Pre-Run: 25,863,495,680 bytes free
Post-Run: 25,792,425,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

304

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:58 AM

Posted 31 December 2008 - 03:48 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\windows\uwru
c:\program files\Common Files\uwru
c:\documents and settings\User\Application Data\TrojanHunter
c:\documents and settings\User\Application Data\Twain
c:\program files\Webtools
2c:\windows\system32\cap2
c:\windows\system32\ain
c:\temp\REX81

Driver::
usb80233

File::
c:\windows\Tasks\uuatrdgs.job
c:\windows\system32\drivers\usb80233.sys
c:\windows\system32\drivers\core.cache.dsk
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 31 December 2008 - 07:40 PM

Here you go:
======
ComboFix 08-12-30.02 - User 2008-12-31 16:27:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.156 [GMT -8:00]
Running from: C:\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\usb80233.sys
c:\windows\Tasks\uuatrdgs.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\TrojanHunter
c:\documents and settings\User\Application Data\TrojanHunter\TreeState.dat
c:\documents and settings\User\Application Data\Twain
c:\program files\Common Files\uwru
c:\program files\Common Files\uwru\uwrua.lck
c:\program files\Common Files\uwru\uwrud\class-barrel
c:\program files\Common Files\uwru\uwrud\vocabulary
c:\program files\Common Files\uwru\uwrul.lck
c:\program files\Common Files\uwru\uwrum.lck
c:\program files\Webtools
c:\temp\tn3
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\usb80233.sys
c:\windows\Tasks\uuatrdgs.job
c:\windows\uwru
c:\windows\uwru\uwru.dat
c:\windows\uwru\wu

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USB80233
-------\Service_usb80233


((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-31 12:10 . 2006-12-29 00:31 19,569 --a------ c:\windows\000005_.tmp
2008-12-31 11:06 . 2008-12-31 11:07 15,083,520 --a------ C:\spybotsd160.exe
2008-12-31 10:30 . 2008-12-31 10:30 2,888,154 -ra------ C:\ComboFix.exe
2008-12-30 20:43 . 2006-12-29 00:31 19,569 --a------ c:\windows\000004_.tmp
2008-12-30 20:05 . 2006-12-29 00:31 19,569 --a------ c:\windows\000003_.tmp
2008-12-30 16:01 . 2008-12-30 16:02 <DIR> d-------- c:\program files\Crawler
2008-12-30 16:01 . 2008-12-30 16:01 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-30 16:00 . 2008-12-31 11:57 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-30 16:00 . 2008-12-31 11:37 <DIR> d-------- c:\documents and settings\User\Application Data\Spyware Terminator
2008-12-30 16:00 . 2008-12-31 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-30 15:57 . 2008-12-30 15:57 646,528 --a------ C:\SpywareTerminatorSetup.exe
2008-12-30 15:33 . 2006-12-29 00:31 19,569 --a------ c:\windows\000002_.tmp
2008-12-30 11:08 . 2008-12-30 11:08 <DIR> d-------- C:\TPgmer
2008-12-30 10:53 . 2008-12-30 10:53 <DIR> d-------- C:\gmer
2008-12-30 10:22 . 2008-12-30 11:09 345 --a------ c:\windows\gmer.ini
2008-12-30 10:20 . 2008-12-30 10:20 747,873 --a------ C:\gmer.zip
2008-12-30 09:45 . 2008-12-30 09:45 369,663 --a------ C:\dds.scr
2008-12-24 15:41 . 2008-12-24 15:42 22 --a------ c:\windows\system32\byXPIxyV.zip
2008-12-24 12:48 . 2008-12-31 11:37 562 --a------ c:\windows\wininit.ini
2008-12-24 12:16 . 2008-12-31 11:11 <DIR> d-------- C:\Spybot - Search & Destroy
2008-12-24 11:50 . 2008-12-24 12:02 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-24 11:50 . 2008-12-24 12:02 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-24 11:50 . 2008-12-24 11:50 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-24 11:50 . 2008-12-24 11:50 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-24 09:57 . 2008-04-14 05:42 189,440 --a------ c:\windows\system32\dllcache\smtpadm.dll
2008-12-24 09:57 . 2008-04-14 05:42 10,752 --a------ c:\windows\system32\smtpapi.dll
2008-12-24 09:57 . 2008-04-14 05:42 9,728 --a------ c:\windows\system32\rwnh.dll
2008-12-24 09:54 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp
2008-12-24 09:23 . 2008-12-24 09:27 <DIR> d-------- C:\b3ad047fa5d9c77153e255b1
2008-12-23 21:30 . 2008-12-29 15:29 <DIR> d-------- C:\Hijackthis
2008-12-23 21:10 . 2008-12-23 21:10 <DIR> d-------- C:\backups
2008-12-23 19:59 . 2008-12-23 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-23 19:58 . 2008-12-23 19:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-23 19:54 . 2008-12-23 19:57 23,804,784 --a------ C:\aaw2008.exe
2008-12-23 17:03 . 2008-12-23 17:03 <DIR> d-------- c:\windows\system32\scripting
2008-12-23 16:58 . 2008-12-23 16:58 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-23 16:50 . 2006-12-29 00:31 19,569 --a------ c:\windows\002689_.tmp
2008-12-23 16:45 . 2008-12-31 12:09 <DIR> d-------- c:\windows\EHome
2008-12-23 15:48 . 2008-12-23 16:30 331,805,736 --a------ C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-12-23 15:13 . 2008-12-23 15:13 7,518,240 --a------ C:\Firefox Setup 3.0.5.exe
2008-12-23 15:04 . 2008-12-31 12:17 2,206 --a------ c:\windows\system32\wpa.dbl
2008-12-23 14:10 . 2003-09-18 13:47 235,744 --a------ c:\windows\system32\drivers\SAVRT.SYS
2008-12-23 14:10 . 2003-09-18 13:47 35,552 --a------ c:\windows\system32\drivers\SAVRTPEL.SYS
2008-12-23 14:10 . 2003-12-01 23:33 7,133 --a------ c:\windows\system32\drivers\SAVRTPEL.CAT
2008-12-23 14:10 . 2003-12-01 23:33 7,127 --a------ c:\windows\system32\drivers\SAVRT.CAT
2008-12-23 14:10 . 2003-12-02 14:00 632 --a------ c:\windows\system32\drivers\SAVRTPEL.INF
2008-12-23 14:10 . 2003-12-02 14:00 616 --a------ c:\windows\system32\drivers\SAVRT.INF
2008-12-23 10:07 . 2002-08-15 19:59 123,619 --a------ c:\windows\system32\SYMEVNT.386
2008-12-23 10:07 . 2002-08-15 19:59 83,672 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-23 10:07 . 2002-08-15 19:59 73,224 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-23 10:07 . 2008-12-23 10:07 32 --ahs---- c:\windows\system32\{D2028518-0DF9-4849-AC1F-7CBB16795D2D}.dat
2008-12-23 10:07 . 2008-12-23 10:07 32 --ahs---- c:\windows\{AD5973C4-236C-4C39-8B3D-98AB0624C539}.dat
2008-12-23 10:07 . 2008-12-23 10:07 14 --a------ c:\windows\system32\SR2.dat
2008-12-23 10:06 . 2008-12-23 10:07 <DIR> d-------- c:\program files\Symantec
2008-12-23 10:06 . 2008-12-24 15:38 <DIR> d-------- c:\program files\Norton AntiVirus
2008-12-23 10:06 . 2008-12-31 16:31 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-23 10:06 . 2008-12-23 10:06 <DIR> d-------- c:\documents and settings\User\Application Data\Symantec
2008-12-23 10:06 . 2008-12-23 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-22 01:09 . 2008-12-22 01:09 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-22 01:07 . 2008-12-22 01:08 <DIR> d-------- c:\windows\ShellNew
2008-12-22 01:07 . 2008-12-22 01:07 <DIR> d-------- c:\program files\Common Files\L&H
2008-12-20 15:17 . 2008-12-23 18:10 <DIR> d-------- c:\windows\system32\cap2
2008-12-20 15:17 . 2008-12-20 15:18 <DIR> d-------- c:\windows\system32\ain
2008-12-20 15:17 . 2008-12-20 15:17 <DIR> d-------- c:\temp\REX81
2008-12-20 15:17 . 2008-12-31 16:28 <DIR> d-------- C:\Temp
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\program files\Adobe Media Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 22:55 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-24 05:04 424 ----a-w c:\program files\Shortcut to HiJackThis.lnk
2008-12-24 04:32 --------- d-----w c:\program files\Lavasoft
2008-12-24 04:32 --------- d-----w c:\documents and settings\User\Application Data\Lavasoft
2008-12-21 05:21 --------- d-----w c:\program files\Common Files\Adobe
2008-12-21 05:20 --------- d-----w c:\program files\Citrix
2008-12-21 05:19 --------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone DEMO
2008-11-03 18:37 --------- d-----w c:\documents and settings\User\Application Data\AdobeUM
2006-12-20 18:48 32,440 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_10.50.40.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-31 04:56:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-31 20:17:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-31 04:56:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-31 20:17:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-31 20:17:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008123120090101\index.dat
- 2008-12-31 04:56:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-31 20:17:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 08:01:34 36,352 ----a-w c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\intelppm.sys
+ 2008-04-14 13:42:48 1,724,416 ----a-w c:\windows\WinSxS\InstallTemp\8538984\GdiPlus.dll
+ 2008-04-14 13:42:52 1,054,208 ----a-w c:\windows\WinSxS\InstallTemp\8544299\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\spybot - search & destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-24 94208]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-16 32835]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 204800]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-29 315392]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-20 185896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 c:\windows\system32\S3Tray2.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 c:\windows\system32\irprops.cpl]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-10-16 2295]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2006-10-16 15360]
S3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2008-10-24 67424]
.
Contents of the 'Scheduled Tasks' folder

2006-10-17 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-01-17 00:32]

2008-12-23 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2009-01-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: vpn.osi-systems.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zds632gq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 16:31:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [1632] 0x82B0BB28

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3657979338-2177214203-875580018-1004
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3657979338-2177214203-875580018-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-3657979338-2177214203-875580018-1004
@Allowed: (Full) (S-1-5-21-3657979338-2177214203-875580018-1004)
@Allowed: (Full) (S-1-5-21-3657979338-2177214203-875580018-1004)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3657979338-2177214203-875580018-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3657979338-2177214203-875580018-1004
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
.
**************************************************************************
.
Completion time: 2008-12-31 16:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 00:34:43
ComboFix2.txt 2008-12-31 18:51:57

Pre-Run: 25,581,420,544 bytes free
Post-Run: 25,566,171,136 bytes free

264

#12 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 01 January 2009 - 12:05 PM

Wow!! Buckeye_Sam, that seemed to do the trick. My computer is back to normal after much pain. Thank you so much. :thumbsup:

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:58 AM

Posted 02 January 2009 - 10:02 AM

Just a few last things and you should be good to go! :)


Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Angelino

Angelino
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:05:58 AM

Posted 02 January 2009 - 04:48 PM

Done!! Thanks so much...

You guys do GREAT work. How do I make a donation to the cause?

All the best and Happy New Year!!

:thumbsup:

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:58 AM

Posted 03 January 2009 - 02:29 PM

Glad I could help. There's a link below in my signature that will allow you make a donation.

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·