Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Program Running in Background/FF problems


  • This topic is locked This topic is locked
17 replies to this topic

#1 Natchflux

Natchflux

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 27 January 2009 - 01:13 AM

My second post (I apologise for the previous post, wasn't reading correctly).

Basically there's this weird program running and I can't seem to kill the process. I downloaded a keylogger INTENTIONALLY, and I can't find a way to remove it. It hasn't caused any damage so far (hopefully), so I would like to have some assistance in removing the program.

I found a process running as denoted by the DDS log (was waiting for malware scan to finish), and it definitely looks out of place as I don't recall having installed that program (C:\Program Files\Vzumqeatmyqcw\hjniaes.exe). Trying to locate the program by the directory did not work, as it did not exist.

Also, Firefox seems to crash for no apparent reason (showing the technical problem dumprep from windows) or whenever I tend to visit a website or search for Spy ware Doctor (intentionally spaced just in case I cant visit this thread again). Could it be that I need to update Firefox? Technical report states an error with msvcr80.dll.

Here is the log :


DDS (Ver_09-01-19.01) - NTFSx86
Run by user at 13:57:52.75 on Tue 01/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.564 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vzumqeatmyqcw\hjniaes.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Vzumqeatmyqcw\hjniaes.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [svcmon] c:\windows\system32\svcmon\svcmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E43C2D05-B380-418a-A8E2-C83122DC61A7} - c:\casino\miami beach casino\casino.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215505712796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215508945421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\tbv94nn0.default\
FF - component: c:\documents and settings\user\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 26824]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-25 24720]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 76040]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\user\locals~1\temp\WWG32.tmp [2009-1-11 12048]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-9 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-9 8320]

=============== Created Last 30 ================

2009-01-27 13:15 <DIR> --d----- c:\program files\Thoosje Vista Sidebar
2009-01-27 12:05 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-01-27 12:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-27 12:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 12:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-26 22:41 <DIR> --d----- c:\program files\Trend Micro
2009-01-26 11:05 218,624 a------- c:\windows\system32\uxtheme.backup
2009-01-19 18:03 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-19 18:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-09 16:47 <DIR> --d----- c:\program files\Bonjour
2009-01-01 22:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Keronsoft
2009-01-01 22:08 <DIR> --d----- c:\program files\Keronsoft
2009-01-01 19:58 <DIR> --d----- c:\program files\Xilisoft
2008-12-31 01:55 <DIR> --d----- c:\program files\common files\xing shared
2008-12-31 01:54 <DIR> --d----- c:\program files\common files\Real

==================== Find3M ====================

2009-01-02 14:37 183,112 a------- c:\windows\system32\PnkBstrB.exe
2008-12-31 01:54 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-25 18:46 7,452 a------- c:\windows\unins000.dat
2008-12-25 18:46 673,546 a------- c:\windows\unins000.exe
2008-12-25 02:34 233,472 a------- c:\windows\system32\REX Shared Library.dll
2008-12-25 02:34 368,640 a------- c:\windows\system32\ReWire.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-01 16:45 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-11-24 13:47 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 13:58:11.09 ===============


Thanks for any support!Attached File  Attach.txt   6.21KB   8 downloads

Edited by Natchflux, 27 January 2009 - 03:06 AM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 06 February 2009 - 03:47 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

Please tell me what program you installed.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

#3 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 06 February 2009 - 11:49 PM

Hello PP,

The name of the program was Home Keylogger or Personal Inspector.

I have not made much changes to my computer.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-07 12:29:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF74C1818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF74C17D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF74B5A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74B62A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF74C1910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF74C1794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74B62C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF74C1866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74C10B0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF1849F20]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + FFF99EE5 77F61820 4 Bytes [ 00, 00, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + FFF99EED 77F61828 2 Bytes [ 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + FFF99EF1 77F6182C 1 Byte [ 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + FFF99EF5 77F61830 2 Bytes [ 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + FFF99EF9 77F61834 2 Bytes [ 00, 00 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathBuildRootW + 95 77F640D3 218 Bytes [ 50, 61, 74, 68, 47, 65, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathBuildRootW + 170 77F641AE 130 Bytes [ 50, 61, 74, 68, 49, 73, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathBuildRootW + 1F3 77F64231 6 Bytes [ 69, 76, 65, 41, 00, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathBuildRootW + 1FA 77F64238 383 Bytes [ 74, 68, 49, 73, 52, 65, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueW + 99 77F643B8 53 Bytes [ 50, 61, 74, 68, 51, 75, 6F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueW + CF 77F643EE 19 Bytes [ 50, 61, 74, 68, 52, 65, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueW + E3 77F64402 15 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueW + F3 77F64412 175 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueW + 1A3 77F644C2 63 Bytes [ 50, 61, 74, 68, 52, 65, 6E, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueW + 55 77F645DC 82 Bytes [ 50, 61, 74, 68, 55, 6E, 64, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueW + A8 77F6462F 135 Bytes [ 50, 61, 74, 68, 55, 6E, 71, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueW + 130 77F646B7 9 Bytes [ 53, 48, 43, 72, 65, 61, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueW + 13A 77F646C1 115 Bytes [ 72, 65, 61, 6D, 4F, 6E, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueW + 1AE 77F64735 80 Bytes [ 53, 48, 44, 65, 6C, 65, 74, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderW + 26 77F64AAD 84 Bytes [ 53, 48, 52, 65, 67, 53, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderW + 7B 77F64B02 99 Bytes [ 67, 57, 72, 69, 74, 65, 55, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderW + DF 77F64B66 87 Bytes [ 53, 48, 53, 6B, 69, 70, 4A, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderW + 137 77F64BBE 11 Bytes [ 53, 74, 72, 43, 61, 74, 42, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderW + 143 77F64BCA 11 Bytes [ 53, 74, 72, 43, 61, 74, 42, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrW + D 77F665AA 30 Bytes [ A1, 60, D6, FC, 77, 85, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrW + 30 77F665CD 54 Bytes [ 8B, FF, 55, 8B, EC, 8B, 4D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrW + 67 77F66604 36 Bytes [ C6, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrW + 8C 77F66629 18 Bytes [ 3D, 4C, D6, FC, 77, 00, E9, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupW + 2A 77F6667C 19 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupW + 3E 77F66690 253 Bytes [ 68, F8, 56, F6, 77, E8, 31, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindExtensionW + 55 77F6678E 7 Bytes [ 72, 00, 65, 00, 58, 00, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindExtensionW + 5D 77F66796 23 Bytes [ 53, 00, 50, 00, 32, 00, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindExtensionW + 75 77F667AE 13 Bytes [ 6F, 00, 63, 00, 6F, 00, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindExtensionW + 83 77F667BC 17 Bytes [ 61, 00, 76, 00, 69, 00, 6F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindExtensionW + 95 77F667CE 13 Bytes [ 52, 00, 69, 00, 73, 00, 6B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionW + 9 77F667DC 13 Bytes [ 65, 00, 54, 00, 79, 00, 70, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionW + 17 77F667EA 5 Bytes [ 90, 90, 4D, 00, 6F ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionW + 1D 77F667F0 3 Bytes [ 64, 00, 52 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionW + 21 77F667F4 67 Bytes [ 69, 00, 73, 00, 6B, 00, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpCW + 3F 77F66838 2 Bytes [ 06, 18 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpCW + 43 77F6683C 29 Bytes [ 08, 18, 00, 00, 44, 00, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpCW + 61 77F6685A 31 Bytes [ 70, 00, 65, 00, 52, 00, 69, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpCW + 81 77F6687A 5 Bytes [ 6E, 00, 66, 00, 6F ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpCW + 87 77F66880 5 Bytes [ 4F, 00, 6E, 00, 50 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpIW + 1A 77F66988 292 Bytes [ 65, 00, 72, 00, 00, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCatBuffW + 7D 77F66AAD 14 Bytes [ F5, CF, 00, 00, 85, C0, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetDriveNumberW + 27 77F66AE1 19 Bytes [ 85, C0, 8D, 85, F4, FD, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetDriveNumberW + 3B 77F66AF5 62 Bytes [ 8B, F0, F7, DE, 1B, F6, 81, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetDriveNumberW + 7A 77F66B34 186 Bytes [ 85, F0, FD, FF, FF, 18, 73, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHStrDupW + AC 77F66BEF 35 Bytes [ 68, 60, 5C, F6, 77, 57, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBufW + 4 77F66C13 75 Bytes [ 4D, F8, 89, 0D, 80, D6, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBufW + 50 77F66C5F 81 Bytes [ 90, 43, 68, 61, 6E, 67, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBufW + A2 77F66CB1 231 Bytes [ 65, 75, 65, 00, 8B, 35, 68, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrW + AD 77F66D99 74 Bytes [ 45, F0, 01, 00, 00, 00, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrW + F8 77F66DE4 15 Bytes [ C7, C1, E0, 02, 50, 6A, 40, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrW + 109 77F66DF5 16 Bytes [ D0, 74, 2C, 83, 65, E8, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrW + 11A 77F66E06 277 Bytes [ EC, 29, 5D, EC, EB, 2A, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrW + 230 77F66F1C 8 Bytes [ CE, 87, 02, 00, FF, 45, E8, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathBuildRootA + 29 77F67038 26 Bytes [ A1, 38, D7, FC, 77, A8, 10, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRootW + 12 77F67053 5 Bytes [ A1, 38, D7, FC, 77 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRootW + 18 77F67059 77 Bytes [ C4, 01, 0F, 84, D3, 03, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBackslashW + 11 77F670A8 49 Bytes CALL 77F81495 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBackslashW + 66 77F670FD 161 Bytes [ 8A, 0D, 3A, D7, FC, 77, 80, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCommonPrefixW + 9D 77F6719F 33 Bytes [ 83, F8, 04, 0F, 87, 83, 02, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCommonPrefixW + BF 77F671C1 19 Bytes [ 00, 83, F8, 04, 0F, 85, 69, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCommonPrefixW + D3 77F671D5 28 Bytes [ 81, 3D, AC, D6, FC, 77, CE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IntlStrEqWorkerW + D 77F671F2 56 Bytes [ 0B, 83, F9, 5A, 0F, 83, 2F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCW + 15 77F6722B 86 Bytes [ 3B, C2, 0F, 87, F8, 01, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashW + 4E 77F67282 57 Bytes [ 00, A0, 3A, D7, FC, 77, 3C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashW + 88 77F672BC 42 Bytes [ FF, A0, 3A, D7, FC, 77, 3C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryValueExW + 33 77F67308 225 Bytes [ 00, 3C, 02, 0F, 85, 23, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpICA + 57 77F673EB 149 Bytes [ FF, D6, 85, C0, 0F, 84, C1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameW + 66 77F67481 29 Bytes [ CB, 56, 83, EC, 10, 8B, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameW + 84 77F6749F 36 Bytes CALL 77D1EC8C
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameW + A9 77F674C4 31 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameW + C9 77F674E4 22 Bytes [ 03, 8B, 45, 1C, A5, 89, 43, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameW + E0 77F674FB 192 Bytes [ 15, 00, 14, F6, 77, 89, 43, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeW + 53 77F67687 32 Bytes [ FF, 5E, 8B, C7, 5F, 5D, C2, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeW + 74 77F676A8 4 Bytes [ FE, 5D, C2, 08 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeW + 79 77F676AD 17 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeW + 8B 77F676BF 49 Bytes [ 8B, 01, 66, 85, C0, 74, 18, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeW + BD 77F676F1 89 Bytes [ 75, 08, FF, 75, 0C, E8, E4, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineW + 33 77F677AF 44 Bytes [ F7, 45, 08, 00, 01, 00, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineW + 60 77F677DC 13 Bytes [ 74, 12, FF, 75, 08, E8, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineW + 6E 77F677EA 5 Bytes [ 74, 04, 66, 83, 20 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineW + 74 77F677F0 401 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAppendW + 102 77F67982 19 Bytes [ FF, FF, 5D, C2, 08, 00, F6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAppendW + 116 77F67996 13 Bytes [ 0F, 85, 91, D8, FF, FF, 6A, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAppendW + 124 77F679A4 48 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAppendW + 155 77F679D5 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAppendW + 15D 77F679DD 45 Bytes [ EC, 83, 7D, 14, 00, 56, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveFileSpecW + 1 77F67A0B 98 Bytes [ 01, 00, 66, 83, 7C, 4E, FE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveFileSpecW + 67 77F67A71 63 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveFileSpecW + A7 77F67AB1 129 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveFileSpecW + 129 77F67B33 4 Bytes [ C7, 07, 01, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsNetworkPathW + 4 77F67B7B 1 Byte [ C8 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsNetworkPathW + 6 77F67B7D 58 Bytes [ E1, 03, F3, A4, 33, C0, 5F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsNetworkPathW + 41 77F67BB8 20 Bytes [ 75, 49, 8D, 04, 49, 8D, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ChrCmpIW + F 77F67BCD 10 Bytes [ 00, 89, 06, EB, 31, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ChrCmpIW + 1A 77F67BD8 23 Bytes [ FF, 55, 8B, EC, 8B, 55, 10, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ChrCmpIW + 32 77F67BF0 58 Bytes [ 8B, 5D, 08, 3B, 1F, 74, B6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrIW + 37 77F67C2B 14 Bytes [ 8B, 7E, 04, 3B, FB, 0F, 84, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIW + A 77F67C3A 6 Bytes [ FF, 75, 10, E8, F1, F9 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIW + 11 77F67C41 5 Bytes [ FF, 57, E8, 5F, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIW + 17 77F67C47 40 Bytes [ FF, C7, 06, 02, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIW + 40 77F67C70 37 Bytes [ 09, 39, 75, 08, 0F, 85, 44, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIW + 66 77F67C96 86 Bytes [ 0F, 84, 7A, A5, 02, 00, 5F, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpW + 8 77F67DE2 106 Bytes [ 55, 8B, EC, 83, EC, 2C, A1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpW + 74 77F67E4E 17 Bytes [ 6A, 2D, 6A, 04, 8D, 45, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpW + 86 77F67E60 41 Bytes [ C0, 0F, 84, DE, 63, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCServerW + 4 77F67E8A 144 Bytes [ 45, 0C, 53, 57, 33, DB, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCServerShareW + 6F 77F67F1B 27 Bytes [ 85, C0, 0F, 84, 29, 63, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfA + 12 77F67F37 10 Bytes [ FF, 85, C0, 0F, 84, 0C, 63, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfA + 1D 77F67F42 49 Bytes [ 0C, 53, 88, 46, 0D, 57, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfA + 51 77F67F76 4 Bytes [ 84, D1, 62, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfA + 56 77F67F7B 31 Bytes [ 8A, 45, 0C, 88, 46, 0F, 33, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfA + 76 77F67F9B 36 Bytes [ A1, 48, D2, FC, 77, 53, 8B, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfA + 4F 77F681EE 88 Bytes [ 45, 08, FF, 75, 10, F7, D8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfA + A8 77F68247 83 Bytes [ 15, EC, 13, F6, 77, 8B, D8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfA + FC 77F6829B 1 Byte [ 55 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfA + FE 77F6829D 69 Bytes [ 56, 8B, 75, 10, 83, 7D, 14, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfA + 144 77F682E3 10 Bytes [ 68, FF, FF, 00, 00, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootW + 16 77F6832F 85 Bytes [ 10, FF, 75, 0C, FF, 75, 10, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootW + 6C 77F68385 15 Bytes [ 83, C0, 20, EB, DD, 83, C1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootW + 7C 77F68395 4 Bytes [ FF, 55, 8B, EC ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootW + 81 77F6839A 134 Bytes [ 55, 0C, 56, 8B, 75, 08, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpLogicalW + 46 77F68421 30 Bytes [ 55, 08, 85, D2, 8B, C2, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpLogicalW + 65 77F68440 7 Bytes [ F9, 2F, 74, 0F, 42, 42, 66 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpLogicalW + 6D 77F68448 111 Bytes [ 0A, 66, 85, C9, 75, E4, 5E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpLogicalW + DD 77F684B8 47 Bytes [ D3, 8B, D9, 8B, C8, 8B, C6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpLogicalW + 10D 77F684E8 56 Bytes [ 0C, 57, 8B, 7D, 08, 0F, 84, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntW + 1 77F68A21 4 Bytes [ CA, 74, 17, 66 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntW + 6 77F68A26 15 Bytes [ 30, 66, 83, FE, 5C, 74, 37, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntW + 17 77F68A37 42 Bytes JMP AAF815A2
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntW + 42 77F68A62 15 Bytes [ 04, 00, 8B, C8, EB, CB, 33, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnquoteSpacesW + 7 77F68A72 33 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnquoteSpacesW + 29 77F68A94 9 Bytes [ 55, 10, 3B, D0, 74, 04, 2B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnquoteSpacesW + 33 77F68A9E 48 Bytes [ 5E, 5D, C2, 0C, 00, B8, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBlanksW + 7 77F68ACF 93 Bytes [ 45, 0C, 2B, F0, 56, 8D, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRChrW + 37 77F68B41 118 Bytes [ EC, 53, 33, DB, 39, 5D, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathParseIconLocationW + 70 77F68BB9 53 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyW + 23 77F68BEF 36 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyW + 49 77F68C15 4 Bytes [ 0C, 50, E8, A2 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyW + 4E 77F68C1A 22 Bytes [ FF, FF, 85, C0, 74, 04, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyW + 65 77F68C31 81 Bytes [ FF, 55, 8B, EC, 83, 7D, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfW + 40 77F68C83 111 Bytes [ EB, F7, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfW + B0 77F68CF3 5 Bytes [ C7, 40, 08, 01, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfW + B6 77F68CF9 135 Bytes [ 00, C7, 00, 30, 7D, F6, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfW + 19E 77F68DE1 45 Bytes [ FF, 75, 0C, 6A, FF, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wvnsprintfW + 1CC 77F68E0F 91 Bytes [ 75, 0C, 57, 33, FF, 85, F6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfW + 32 77F68E6B 24 Bytes [ 15, 54, 11, F6, 77, 8B, 4D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfW + 4D 77F68E86 5 Bytes [ 8B, FF, 55, 8B, EC ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfW + 53 77F68E8C 49 Bytes [ 4D, 08, 85, C9, 74, 0F, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfW + 85 77F68EBE 23 Bytes [ FF, 85, C0, 0F, 85, 29, 9D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!wnsprintfW + 9D 77F68ED6 25 Bytes [ EC, 81, EC, 18, 02, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueW + B 77F690C2 17 Bytes [ 89, 45, D4, 83, FE, 03, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueW + 1D 77F690D4 3 Bytes [ 45, D0, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueW + 21 77F690D8 36 Bytes [ 75, C0, 89, 7D, BC, 53, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueW + 46 77F690FD 115 Bytes CALL F57A5F2D
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueW + BB 77F69172 208 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocCreate + 117 77F69AAC 29 Bytes [ 0F, 84, 3B, A7, 00, 00, A1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocCreate + 135 77F69ACA 160 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocCreate + 1D6 77F69B6B 58 Bytes [ FF, 3B, C3, 74, 43, 66, 39, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocCreate + 211 77F69BA6 103 Bytes [ 66, 83, 20, 00, 56, E8, 70, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocCreate + 279 77F69C0E 22 Bytes [ F0, 85, F6, 7C, 1A, FF, 75, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyW + 4 77F6AAA2 49 Bytes [ F0, 33, D2, F3, A7, 0F, 84, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyW + 57 77F6AAF5 26 Bytes [ 10, 8B, 03, FF, 75, 0C, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyW + 72 77F6AB10 21 Bytes [ DD, D0, 16, 90, 41, 7C, CC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLoadIndirectString + 14 77F6AB26 60 Bytes [ FF, 55, 8B, EC, 53, 56, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLoadIndirectString + 51 77F6AB63 30 Bytes [ 75, 10, 8B, CE, FF, 75, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLoadIndirectString + 70 77F6AB82 107 Bytes [ D8, 8B, 06, 56, FF, 50, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLoadIndirectString + F6 77F6AC08 43 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLoadIndirectString + 122 77F6AC34 63 Bytes [ 3C, 9C, F6, 77, 04, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegCloseUSKey + 1 77F6ACD2 112 Bytes [ D8, 8B, C1, C1, F8, 04, C1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyA + 1 77F6AD43 143 Bytes [ C7, 5F, 5E, 5B, 5D, C2, 14, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyA + 91 77F6ADD3 73 Bytes [ 1B, 4C, 01, 00, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyA + DB 77F6AE1D 4 Bytes [ 00, 00, 02, 56 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyA + E0 77F6AE22 29 Bytes [ 75, 0C, FF, 75, 08, E8, C6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyA + FE 77F6AE40 74 Bytes [ F6, C1, 08, 0F, 84, D9, 5B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyW + 8 77F6AE8B 8 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyW + 12 77F6AE95 51 Bytes [ F1, 8D, 86, 98, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegOpenUSKeyW + 46 77F6AEC9 10 Bytes [ C0, 59, 0F, 84, F3, 5B, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueW + 4E 77F6AF39 9 Bytes [ 51, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueW + 58 77F6AF43 1 Byte [ 77 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueW + 5A 77F6AF45 55 Bytes [ 89, 85, EC, FE, FF, FF, C7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueW + 92 77F6AF7D 76 Bytes [ 0F, 84, 5A, B1, 02, 00, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueW + DF 77F6AFCA 8 Bytes [ 00, 00, 0F, 01, 0F, 84, 19, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueW 77F6B06E 21 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueW + 16 77F6B084 12 Bytes [ 08, 50, FF, 51, 04, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueW + 24 77F6B092 71 Bytes [ 00, 80, EB, F5, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueW + 6C 77F6B0DA 8 Bytes [ 00, 00, 8B, C7, C7, 85, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueW + 76 77F6B0E4 27 Bytes [ 00, 00, 00, 80, 3B, DE, 8D, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueW + 2 77F6B18F 7 Bytes [ 75, 0C, FF, 75, 08, E8, 07 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueW + B 77F6B198 35 Bytes [ 00, 5D, C3, 90, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueW + 2F 77F6B1BC 60 Bytes [ 75, 10, 8D, 70, FF, 56, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueW + 6C 77F6B1F9 9 Bytes [ FF, 68, 2C, 01, 00, 00, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueW + 77 77F6B204 7 Bytes [ FF, 83, C4, 14, E9, 02, FF ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHUnlockShared + 16 77F6B96C 13 Bytes [ 6C, 00, 2E, 00, 53, 00, 68, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHFreeShared + 9 77F6B97A 49 Bytes [ 2E, 00, 38, 00, 00, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHFreeShared + 3B 77F6B9AC 12 Bytes [ 75, 0C, FF, 75, 08, E8, 3C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHFreeShared + 48 77F6B9B9 51 Bytes [ 85, 5C, 77, 01, 00, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHFreeShared + 7C 77F6B9ED 23 Bytes [ FF, 75, 1C, FF, 75, 18, 6A, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHFreeShared + 95 77F6BA06 3 Bytes [ 8B, FF, 55 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAllocShared + 1 77F6BA0A 32 Bytes [ EC, 8B, 45, 08, 83, 78, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAllocShared + 25 77F6BA2E 11 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAllocShared + 31 77F6BA3A 69 Bytes [ C0, 68, 00, 00, 00, 02, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAllocShared + 77 77F6BA80 51 Bytes [ 83, 26, 00, B8, FF, FF, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAllocShared + AB 77F6BAB4 12 Bytes [ BE, C0, 97, F6, 77, A5, A5, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2A + 16 77F6BC17 52 Bytes [ 8B, 5D, 10, 3B, DE, 74, 5E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2A + 4B 77F6BC4C 114 Bytes [ 33, C9, 3B, F8, 0F, 94, C1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2A + BE 77F6BCBF 252 Bytes [ C3, 43, 00, 4C, 00, 53, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamA + B 77F6BDBC 18 Bytes [ 80, 3E, 00, 89, 45, FC, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamA + 63 77F6BE14 28 Bytes [ 08, 8D, 43, 10, 68, 00, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamA + 81 77F6BE32 22 Bytes [ 39, 7D, 18, 0F, 85, 38, B1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamA + 98 77F6BE49 29 Bytes [ 75, 0C, 8D, 43, 10, FF, B3, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamA + B6 77F6BE67 155 Bytes [ 45, F4, 89, 38, 39, 7D, 10, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileW + 34 77F6C1FD 5 Bytes [ 1F, 83, BD, F0, FD ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileW + 3A 77F6C203 44 Bytes [ FF, 03, 74, 09, 83, BD, F0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileW + 67 77F6C230 20 Bytes [ 53, 00, 00, 00, 8D, 85, F4, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileW + 7C 77F6C245 6 Bytes [ 85, C0, 0F, 84, A5, 78 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileW + 83 77F6C24C 87 Bytes [ 00, 8D, 85, F4, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToW + 9C 77F6C504 73 Bytes [ 11, 8B, F0, 85, F6, 0F, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToW + E6 77F6C54E 6 Bytes [ 75, 0C, 50, FF, 51, 10 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToW + ED 77F6C555 17 Bytes [ F0, 8B, 45, 10, 8B, 08, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToW + FF 77F6C567 47 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToW + 12F 77F6C597 50 Bytes [ 75, 08, FF, 15, EC, 11, F6, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocGetPerceivedType + 48 77F6C861 5 Bytes [ 0F, 84, 19, 79, 02 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocGetPerceivedType + 4E 77F6C867 38 Bytes [ 83, 3D, 4C, D2, FC, 77, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocGetPerceivedType + 75 77F6C88E 17 Bytes [ 00, 8B, 4D, FC, 5F, 8B, C6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocGetPerceivedType + 95 77F6C8AE 15 Bytes [ 56, 8B, F1, 8B, 06, 8D, 4E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocGetPerceivedType + A5 77F6C8BE 53 Bytes [ 83, 26, 00, 5E, C3, 90, 90, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameA 77F6CF47 11 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameA + C 77F6CF53 73 Bytes [ 56, 10, 33, DB, 3B, D3, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameA + 56 77F6CF9D 27 Bytes [ 4F, FF, FF, FF, 53, 56, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameA + 72 77F6CFB9 10 Bytes [ FF, FF, 90, E6, FE, FB, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindFileNameA + 7D 77F6CFC4 26 Bytes [ 44, C0, F6, 77, 2A, C2, F8, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsURLW + 2 77F6D4BB 32 Bytes [ FF, 56, 53, 8D, 85, EC, FB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsURLW + 23 77F6D4DC 31 Bytes [ F6, 45, 18, 10, 0F, 84, EA, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsURLW + 43 77F6D4FC 154 Bytes [ C8, 85, C9, 89, 8D, E4, FB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsURLW + DE 77F6D597 5 Bytes [ B5, E8, FB, FF, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsURLW + E4 77F6D59D 2 Bytes [ 0E, B5 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsW + 3C 77F6D610 17 Bytes [ 06, 00, 00, 00, 01, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsW + 4E 77F6D622 1 Byte [ 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsW + 50 77F6D624 1 Byte [ 01 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsW + 52 77F6D626 1 Byte [ 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsW + 54 77F6D628 1 Byte [ 05 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetPartW + 4A 77F6E1B9 28 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetPartW + 9A 77F6E209 20 Bytes [ BB, 50, D3, FC, 77, 53, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetPartW + AF 77F6E21E 6 Bytes [ FF, 83, C6, 0C, 83, 3E ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetPartW + B6 77F6E225 70 Bytes [ 0F, 85, 4C, 5B, 02, 00, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetPartW + 10A 77F6E279 54 Bytes [ 55, 8B, EC, 33, C0, F6, 45, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathW + 1 77F6EAFB 112 Bytes [ 86, 84, 00, 00, 00, 85, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathW + 72 77F6EB6C 1 Byte [ 55 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathW + 74 77F6EB6E 15 Bytes [ EC, 51, 51, 83, 65, FC, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathW + 84 77F6EB7E 109 Bytes [ 00, 8B, D8, 39, 5D, 08, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryW + 51 77F6EC03 1 Byte [ 8B ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryW + 53 77F6EC05 100 Bytes [ 10, 85, C0, 74, 0D, 8B, CE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryW + B8 77F6EC6A 8 Bytes [ 83, F9, 03, 0F, 85, E2, 67, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryW + C1 77F6EC73 54 Bytes [ 33, DB, 83, F8, 09, 0F, 94, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryW + F8 77F6ECAA 25 Bytes [ 5E, 5D, C2, 08, 00, 90, 90, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLockShared + 45 77F71F6C 33 Bytes [ 53, 65, 74, 47, 61, 64, 67, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLockShared + 67 77F71F8E 41 Bytes [ 90, 90, 53, 65, 74, 47, 61, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHLockShared + 91 77F71FB8 51 Bytes [ 53, 65, 74, 47, 61, 64, 67, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteValueW + B 77F71FEC 80 Bytes [ 4D, 61, 70, 47, 61, 64, 67, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteValueW + 5C 77F7203D 187 Bytes [ 90, 90, 90, 47, 65, 74, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteValueW + 118 77F720F9 27 Bytes [ 90, 90, 90, 46, 69, 6E, 64, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteValueW + 134 77F72115 153 Bytes [ 68, 57, 6E, 64, 50, 72, 6F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteValueW + 1CF 77F721B0 327 Bytes [ 41, 74, 74, 61, 63, 68, 57, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringW 77F723AC 225 Bytes [ 44, 6E, 73, 51, 75, 65, 72, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueA + 1E 77F7248E 53 Bytes [ FC, 77, F8, 14, F7, 77, AD, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueA + 54 77F724C4 98 Bytes [ 43, 72, 65, 64, 55, 49, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueA + B7 77F72527 103 Bytes [ 90, 43, 72, 65, 64, 55, 49, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueA + 11F 77F7258F 175 Bytes [ 77, 0C, 16, F7, 77, 70, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetUSValueA + 1CF 77F7263F 9 Bytes [ 4E, 61, 6D, 65, 41, 00, 90, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryW + 4E 77F726D3 62 Bytes [ 00, AD, 18, F7, 77, 16, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryW + 8D 77F72712 41 Bytes [ 00, 00, 70, 74, FC, 77, 7B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryW + B7 77F7273C 109 Bytes [ AD, 18, F7, 77, 81, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryW + 126 77F727AB 16 Bytes [ 00, AD, 18, F7, 77, 24, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryW + 137 77F727BC 5 Bytes [ DB, 6C, FC, 77, 29 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsFileSpecW + A6 77F72B4C 116 Bytes [ 57, 5A, 43, 44, 65, 6C, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsFileSpecW + 11D 77F72BC3 30 Bytes [ 90, 90, 83, 6C, 24, 04, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsFileSpecW + 13C 77F72BE2 56 Bytes [ EC, FF, 75, 10, FF, 75, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsFileSpecW + 175 77F72C1B 18 Bytes [ 55, 8B, EC, 81, EC, 18, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsFileSpecW + 188 77F72C2E 37 Bytes [ 8B, 75, 14, 57, 8B, 7D, 08, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueA + 15 77F72CB0 40 Bytes [ 00, 07, 80, 89, 9D, F8, FE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueA + 3E 77F72CD9 11 Bytes [ 85, F8, FE, FF, FF, 5F, 5E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetValueA + 4A 77F72CE5 94 Bytes [ FF, C9, C2, 10, 00, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueA + 11 77F72D44 7 Bytes [ 55, 8B, EC, 51, 51, 8B, 45 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueA + 19 77F72D4C 32 Bytes [ 56, 8B, 75, 1C, 57, 8B, 7D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueA + 3A 77F72D6D 163 Bytes [ 18, FF, 75, 10, 50, E8, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueA + DE 77F72E11 36 Bytes [ FF, 33, D2, 39, 55, D4, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetValueA + 103 77F72E36 58 Bytes [ 01, 00, 39, 75, D4, 0F, 85, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueA + 39 77F738EB 78 Bytes [ 00, 0F, 84, E1, D6, 01, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueA + 88 77F7393A 26 Bytes [ 00, 00, 85, C0, FF, 75, 10, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueA + A3 77F73955 15 Bytes [ 56, FF, 15, 74, 15, F6, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueA + B3 77F73965 5 Bytes [ FF, C9, C2, 0C, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetBoolUSValueA + BA 77F7396C 61 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumValueW + 3B 77F739B0 28 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumValueW + 58 77F739CD 57 Bytes [ 45, FC, 8B, 45, 14, 89, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumValueW + 92 77F73A07 27 Bytes [ 03, FF, 75, 10, FF, 75, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumValueW + AE 77F73A23 61 Bytes [ DF, EB, B8, 90, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAutoComplete 77F73A63 36 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAutoComplete + 26 77F73A89 2 Bytes [ 93, E5 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAutoComplete + 2A 77F73A8D 143 Bytes [ 56, FF, 15, D0, 15, F6, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAutoComplete + BA 77F73B1D 46 Bytes [ 00, A1, 48, D2, FC, 77, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHAutoComplete + EA 77F73B4D 3 Bytes [ 90, 90, 90 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMatchSpecW + 47 77F74108 69 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMatchSpecW + 8D 77F7414E 75 Bytes [ D1, FC, 77, EB, D7, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMatchSpecW + D9 77F7419A 118 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMatchSpecW + 150 77F74211 22 Bytes [ 83, 7D, F8, 03, 0F, 84, 5F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMatchSpecW + 16A 77F7422B 166 Bytes [ 90, 8B, FF, 55, 8B, EC, A1, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimW + 26 77F746C5 157 Bytes [ 4C, 4F, 2E, 45, 58, 45, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimW + C4 77F74763 14 Bytes [ 73, 69, 68, 80, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimW + D3 77F74772 2 Bytes [ FF, 15 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimW + D6 77F74775 4 Bytes [ 11, F6, 77, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimW + DB 77F7477A 1 Byte [ 15 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocIsDangerous + 1 77F74FFC 105 Bytes [ 06, 66, 85, C0, 74, 3B, 66, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocIsDangerous + 6B 77F75066 10 Bytes [ 0F, 84, 4D, 16, 00, 00, 66, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocIsDangerous + 76 77F75071 6 Bytes [ C0, 0F, 84, 41, 16, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocIsDangerous + 7D 77F75078 19 Bytes [ 66, 3D, 3B, 00, 0F, 84, 37, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocIsDangerous + 91 77F7508C 31 Bytes [ FF, FF, 83, F8, 3F, 0F, 84, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsW + 4D 77F755C0 77 Bytes [ FF, 55, 8B, EC, 81, 7D, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsW + 9B 77F7560E 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsW + A1 77F75614 18 Bytes [ FF, 55, 8B, EC, 6A, 02, 68, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsW + B4 77F75627 58 Bytes [ 85, C0, 74, 19, 6A, 04, 68, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsW + EF 77F75662 19 Bytes [ 75, 08, 66, 83, 26, 00, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsPrefixW + 2 77F75676 109 Bytes [ FF, FF, 8B, F8, 85, FF, 7C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsPrefixW + 93 77F75707 35 Bytes [ 3B, DF, 0F, 87, BF, AB, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsPrefixW + B8 77F7572C 33 Bytes [ 8B, F8, 85, FF, 7C, 0B, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsPrefixW + 10D 77F75781 6 Bytes [ 00, 57, 8D, 85, F0, FD ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsPrefixW + 114 77F75788 101 Bytes [ FF, 50, 6A, 00, 53, 56, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2W + 3F 77F757EE 35 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2W + 63 77F75812 20 Bytes [ FF, 8B, 45, 10, 56, 57, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2W + 7D 77F7582C 10 Bytes [ FF, 89, 85, F0, FD, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2W + 88 77F75837 22 Bytes [ 50, 8D, 8D, F4, FD, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStream2W + E1 77F75890 24 Bytes [ 83, BD, E0, FD, FF, FF, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNA + 35 77F7599A 4 Bytes [ 8D, 46, 02, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNA + 3B 77F759A0 2 Bytes [ CD, 82 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNA + 6F 77F759D4 203 Bytes [ 55, 8B, EC, 81, EC, 0C, 02, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNA + 13B 77F75AA0 1 Byte [ FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNA + 13D 77F75AA2 64 Bytes [ F8, 8B, 4D, FC, 8B, C7, 5F, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyW + 21 77F75B8D 25 Bytes [ 00, 90, 90, 2E, 00, 74, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyW + 3C 77F75BA8 8 Bytes [ 2E, 00, 73, 00, 68, 00, 62, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyW + 45 77F75BB1 4 Bytes [ 00, 90, 90, 2E ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyW + 4A 77F75BB6 25 Bytes [ 73, 00, 63, 00, 74, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyW + 64 77F75BD0 39 Bytes [ 63, 00, 66, 00, 00, 00, 90, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrA + 1C 77F75C46 5 Bytes [ 6D, 00, 73, 00, 69 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrA + 22 77F75C4C 13 Bytes [ 00, 00, 90, 90, 2E, 00, 6D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrA + 30 77F75C5A 5 Bytes [ 90, 90, 2E, 00, 6D ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrA + 36 77F75C60 47 Bytes [ 64, 00, 7A, 00, 00, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrA + 66 77F75C90 112 Bytes [ 64, 00, 62, 00, 00, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashA + 32 77F75D02 12 Bytes [ 90, 90, 2E, 00, 6D, 00, 61, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashA + 40 77F75D10 9 Bytes [ 2E, 00, 6D, 00, 61, 00, 66, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashA + 4A 77F75D1A 17 Bytes [ 90, 90, 2E, 00, 6D, 00, 61, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashA + 5C 77F75D2C 9 Bytes [ 6E, 00, 6B, 00, 00, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddBackslashA + 66 77F75D36 67 Bytes [ 6B, 00, 73, 00, 68, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryValueExA + 12 77F75E30 5 Bytes [ 64, 00, 70, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryValueExA + 18 77F75E36 11 Bytes [ 90, 90, E4, 4F, F7, 77, D8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryValueExA + 24 77F75E42 35 Bytes [ 00, 00, D0, 4F, F7, 77, C4, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryValueExA + 48 77F75E66 47 Bytes [ 00, 00, 94, 4F, F7, 77, 88, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRChrA + 18 77F75E96 72 Bytes [ 00, 00, 44, 4F, F7, 77, 38, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNIA + 1F 77F75EDF 52 Bytes [ 00, 2E, 00, 70, 00, 64, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNIA + 54 77F75F14 1 Byte [ 6C ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNIA + 56 77F75F16 13 Bytes [ 74, 00, 00, 00, 90, 90, 2E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNIA + 64 77F75F24 47 Bytes [ 2E, 00, 70, 00, 70, 00, 73, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpNIA + 94 77F75F54 42 Bytes [ 00, 00, 90, 90, 2E, 64, 6F, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 24 77F76061 18 Bytes [ 0F, 85, D0, 00, 00, 00, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 37 77F76074 69 Bytes [ FF, 08, 02, 00, 00, 75, 30, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 7D 77F760BA 13 Bytes [ 85, E4, FB, FF, FF, FF, 34, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyW + 2A 77F76116 2 Bytes [ 54, 18 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyW + 2E 77F7611A 172 Bytes [ 8B, F0, F7, DE, 1B, F6, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyW + E4 77F761D0 21 Bytes [ 51, 8D, 45, FC, 50, 8D, 45, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyW + FA 77F761E6 22 Bytes [ 00, 00, 85, C0, 8B, 45, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyW + 111 77F761FD 6 Bytes [ 55, 8B, EC, FF, 75, 10 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIW + 6 77F767FB 22 Bytes [ 6A, FF, 50, 56, 56, FF, D7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIW + 1D 77F76812 36 Bytes [ 39, B5, F0, FD, FF, FF, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIW + 42 77F76837 23 Bytes [ FE, FF, FF, 89, 85, F0, FD, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIW + 5B 77F76850 35 Bytes CALL 60F76852
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIW + 7F 77F76874 161 Bytes [ 8B, 07, 57, FF, 50, 08, 33, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeW + 6D 77F77355 10 Bytes [ 0C, 53, 8B, 5D, 08, 89, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeW + 78 77F77360 35 Bytes [ 89, 8D, D4, FE, FF, FF, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeW + 9C 77F77384 16 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeW + AD 77F77395 14 Bytes [ EC, FD, FF, FF, 50, 8D, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeW + BC 77F773A4 11 Bytes [ 00, FF, B5, F0, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineW + 2B 77F7741B 35 Bytes [ 5D, 18, 56, 8B, 75, 08, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineW + 4F 77F7743F 37 Bytes [ 8D, 85, 68, FD, FF, FF, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineW + 76 77F77466 3 Bytes [ F6, 85, 68 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineW + 7C 77F7746C 6 Bytes [ 10, 0F, 85, F0, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineW + 8A 77F7747A 5 Bytes [ C0, 0F, 85, E2, 00 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrA + 4A 77F77892 21 Bytes [ FF, 39, 7D, 14, 75, 65, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrA + 60 77F778A8 81 Bytes CALL 412B677E
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrA + B2 77F778FA 7 Bytes [ 00, EB, DD, 81, 7D, 14, EA ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrA + BC 77F77904 51 Bytes [ 75, DE, EB, E4, 57, 53, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrA + F0 77F77938 12 Bytes [ 00, 33, C9, 89, 70, 04, 89, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceW + 10 77F77C05 7 Bytes [ C0, 0F, 85, E4, 54, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceW + 22 77F77C17 23 Bytes [ A0, 02, 00, 00, 6A, 01, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceW + 3A 77F77C2F 26 Bytes [ 8B, 46, 20, 8B, CE, 89, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceW + 81 77F77C76 11 Bytes [ 00, C7, 47, 04, 14, D4, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceW + 8D 77F77C82 9 Bytes [ 83, 66, 2C, 00, 8B, CF, E8, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationA + 1C 77F78227 5 Bytes [ 66, 83, 3B, 3A, 0F ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationA + 22 77F7822D 14 Bytes [ B6, FB, FF, FF, 21, 45, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationA + 31 77F7823C 95 Bytes [ 83, 7D, 0C, 00, 8B, F8, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationA + DA 77F782E5 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationA + DE 77F782E9 2 Bytes [ FF, 55 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationW 77F788DF 9 Bytes [ 90, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationW + A 77F788E9 4 Bytes [ 00, 01, 01, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationW + F 77F788EE 21 Bytes [ 02, 02, 03, 03, 03, 03, 03, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationW + 25 77F78904 71 Bytes [ 08, 09, 0A, 0B, 0C, 03, 0D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetLocationW + 6D 77F7894C 38 Bytes [ 30, 31, 32, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCmpCA + 6 77F7919C 173 Bytes [ C3, 5B, 5D, C2, 08, 00, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCServerA + 4A 77F7924A 146 Bytes [ 85, C0, 74, 31, 8D, 4D, E4, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCServerA + DD 77F792DD 51 Bytes [ 5C, FF, FF, 90, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlA + 4 77F79311 52 Bytes [ 75, 0C, 57, 6A, 0A, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlA + 39 77F79346 41 Bytes [ 56, 8D, 45, 08, 50, E8, 20, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlA + 64 77F79371 144 Bytes [ 56, 8D, 45, 08, 50, E8, DA, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlA + F5 77F79402 7 Bytes [ 85, FF, 74, 92, 83, 65, 08 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlA + FD 77F7940A 11 Bytes [ 8B, FE, 33, DB, FF, 75, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeW + 5D 77F79496 57 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeW + 97 77F794D0 150 Bytes [ 75, 08, 0F, 85, 10, 16, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeW + 12F 77F79568 42 Bytes [ 6A, 02, 59, 2B, C1, 0F, 84, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsOpaqueW + 8 77F795BF 5 Bytes [ 8D, 85, 70, FF, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsOpaqueW + F 77F795C6 9 Bytes [ B5, 2C, FD, FF, FF, 50, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsOpaqueW + 19 77F795D0 6 Bytes [ FF, 50, 53, E8, A4, 62 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsOpaqueW + 20 77F795D7 6 Bytes [ FF, 8B, D8, 8D, 8D, 70 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsOpaqueW + 3A 77F795F1 4 Bytes [ 55, 8B, EC, 81 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!HashData + 82 77F79BFD 309 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareW + 2E 77F79D33 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareW + 39 77F79D3E 60 Bytes [ 75, 0C, 68, 85, 8D, F7, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareW + 76 77F79D7B 135 Bytes [ 25, 5C, 14, F6, 77, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareW + FE 77F79E03 44 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareW + 12B 77F79E30 5 Bytes [ 0F, 84, 3C, B4, 01 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCatW + 3A 77F7A9A6 109 Bytes [ 08, 85, C9, 74, 12, 8B, 09, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCatW + A8 77F7AA14 120 Bytes [ 8B, F8, 85, FF, 7C, 1D, A1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrIA + 33 77F7AAAE 52 Bytes [ B5, E0, FE, FF, FF, 8D, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIA + 39 77F7AB05 2 Bytes [ E7, 42 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrIA + 3F 77F7AB0B 62 Bytes [ 0F, 85, 30, 9E, 01, 00, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlW + 20 77F7AB4A 31 Bytes [ 8B, 85, E0, FE, FF, FF, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlW + 40 77F7AB6A 37 Bytes [ F9, 0F, 85, 34, B1, 01, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlW + 66 77F7AB90 5 Bytes [ 75, 10, FF, 75, 0C ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlW + 85 77F7ABAF 194 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCreateFromUrlW + 148 77F7AC72 207 Bytes [ 32, 22, AF, C3, 64, 63, 1A, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeW 77F7AE5F 8 Bytes [ 90, 6E, 00, 65, 00, 77, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeW + B 77F7AE6A 56 Bytes [ 90, 90, 66, 00, 69, 00, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeW + 44 77F7AEA3 2 Bytes [ 75, 08 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeW + 47 77F7AEA6 102 Bytes [ 15, EC, 13, F6, 77, 8B, D8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeW + AF 77F7AF0E 11 Bytes [ 04, 41, 66, 85, C0, 74, 13, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeW + 44 77F7B1F6 20 Bytes [ FF, 83, 7B, 38, 00, 74, AE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeW + 59 77F7B20B 13 Bytes [ 15, 00, 11, F6, 77, EB, CE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeW + 67 77F7B219 8 Bytes [ 55, 8B, EC, 83, EC, 10, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeW + 70 77F7B222 41 Bytes [ 75, 08, 33, DB, 39, 5D, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeW + 9A 77F7B24C 38 Bytes [ 4D, 0C, 47, 66, 83, 3C, 7E, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSystemFolderA + B9 77F7B9E1 58 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSystemFolderA + F4 77F7BA1C 55 Bytes [ 15, 78, 15, F6, 77, 8B, 4D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSystemFolderA + 12C 77F7BA54 97 Bytes [ 8B, 45, 0C, 66, 89, 45, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSystemFolderA + 18E 77F7BAB6 117 Bytes [ 15, 38, 17, F6, 77, 8B, F0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSystemFolderA + 204 77F7BB2C 5 Bytes [ 55, 8B, EC, 81, EC ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineA + 46 77F7BB79 9 Bytes [ 7C, 10, 56, 53, 8D, 85, 70, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineA + 82 77F7BBB5 35 Bytes [ 55, 8B, EC, 81, EC, BC, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineA + D9 77F7BC0C 4 Bytes [ 89, 95, 6C, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineA + DF 77F7BC12 8 Bytes [ F3, AB, 0F, 84, 6B, 97, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCombineA + E8 77F7BC1B 3 Bytes [ 85, 44, FF ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeA + 36 77F7BD1D 13 Bytes [ 8B, D8, 85, DB, 7C, 4B, 83, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeA + 5C 77F7BD43 3 Bytes [ 8B, 87, 84 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeA + 60 77F7BD47 10 Bytes [ 00, 00, 6A, 01, 6A, 5C, 6A, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCanonicalizeA + 6B 77F7BD52 88 Bytes [ 00, 00, F6, 46, 03, 10, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueA + 43 77F7BDAB 104 Bytes [ 66, 83, F9, 23, 0F, 84, 1E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueA + AC 77F7BE14 28 Bytes [ 28, 00, 00, 00, 85, C0, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueA + C9 77F7BE31 40 Bytes [ 8B, 45, FC, 5F, 5E, 5B, C9, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueA + F2 77F7BE5A 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetValueA + 14E 77F7BEB6 32 Bytes [ 7C, 1B, FF, 75, 14, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntA + 4F 77F7BF51 75 Bytes [ 56, 8B, F1, FF, 76, 04, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntA + 9B 77F7BF9D 64 Bytes [ FF, 8B, D8, 66, 8B, 03, 66, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateW + 3D 77F7BFDF 83 Bytes [ 20, 6A, 2F, 8B, CF, E8, 02, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateW + 91 77F7C033 25 Bytes [ FF, 6A, 2F, 8B, CF, E8, AE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateW + AB 77F7C04D 25 Bytes [ FF, 89, 46, 04, EB, BB, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateW + C6 77F7C068 61 Bytes [ 8B, 4D, 10, 6A, 01, 8D, 45, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateW + 104 77F7C0A6 9 Bytes [ 55, 8B, EC, 81, EC, 1C, 02, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupA 77F7C111 38 Bytes [ 90, 83, 3D, 24, D9, FC, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupA + 27 77F7C138 2 Bytes [ 5A, 59 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupA + 2A 77F7C13B 16 Bytes [ E0, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupA + 3B 77F7C14C 73 Bytes [ A1, 48, D2, FC, 77, 53, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrDupA + C2 77F7C1D3 8 Bytes [ FF, 89, 45, FC, E8, FD, 28, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindExtensionA + 43 77F7D774 13 Bytes [ 53, 65, 74, 55, 72, 6C, 43, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyW + C 77F7D782 7 Bytes [ 72, 79, 47, 72, 6F, 75, 70 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyW + 14 77F7D78A 166 Bytes [ 00, 90, 53, 65, 74, 55, 72, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrPBrkW + 54 77F7D831 76 Bytes [ 90, 90, 90, 52, 65, 61, 64, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrPBrkW + A1 77F7D87E 1 Byte [ 48 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrPBrkW + A3 77F7D880 6 Bytes [ 73, 74, 49, 6E, 50, 72 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrPBrkW + AA 77F7D887 88 Bytes [ 78, 79, 42, 79, 70, 61, 73, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrPBrkW + 103 77F7D8E0 17 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrNCatW + E 77F7D8F2 156 Bytes [ 65, 6D, 54, 69, 6D, 65, 41, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrNCatW + AB 77F7D98F 134 Bytes [ 65, 72, 6E, 65, 74, 53, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrNCatW + 132 77F7DA16 118 Bytes [ 90, 90, 49, 6E, 74, 65, 72, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrNCatW + 1A9 77F7DA8D 117 Bytes [ 00, 90, 90, 49, 6E, 74, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueW + E 77F7DB03 127 Bytes [ 65, 72, 6E, 65, 74, 47, 6F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueW + 8E 77F7DB83 150 Bytes [ 43, 6F, 6E, 6E, 65, 63, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegEnumUSKeyW + 40 77F7DC1A 111 Bytes [ 90, 90, 49, 6E, 74, 65, 72, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumKeyExW + 19 77F7DC8A 213 Bytes [ 00, 90, 49, 6E, 74, 65, 72, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumKeyExW + EF 77F7DD60 2 Bytes [ 49, 6E ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumKeyExW + F2 77F7DD63 2 Bytes [ 65, 72 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHEnumKeyExW + F5 77F7DD66 146 Bytes [ 65, 74, 43, 68, 65, 63, 6B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueA + 34 77F7DDF9 68 Bytes [ 90, 90, 90, 49, 6E, 74, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueA + 79 77F7DE3E 39 Bytes [ 74, 70, 53, 65, 6E, 64, 52, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueA + A1 77F7DE66 31 Bytes [ 74, 70, 51, 75, 65, 72, 79, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueA + C1 77F7DE86 34 Bytes [ 74, 70, 4F, 70, 65, 6E, 52, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryUSValueA + E4 77F7DEA9 47 Bytes [ 90, 90, 90, 48, 74, 74, 70, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatKBSizeW + 3A 77F7E5A7 77 Bytes [ 51, 08, C7, 06, 78, D4, F7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatKBSizeW + 88 77F7E5F5 141 Bytes [ C0, 39, 5D, 0C, F3, AB, 76, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatKBSizeW + 116 77F7E683 26 Bytes [ FF, 8B, D8, 85, DB, 7C, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatKBSizeW + 133 77F7E6A0 6 Bytes [ 0C, 02, FC, 77, E2, 1F ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatKBSizeW + 13B 77F7E6A8 79 Bytes [ A1, D4, F7, 77, E5, D5, F7, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrW + 2C 77F7EE87 44 Bytes [ 8B, 4D, FC, 89, 08, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrW + 59 77F7EEB4 5 Bytes [ 01, E9, 8A, A1, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrW + 5F 77F7EEBA 6 Bytes [ 33, C0, E9, B7, C6, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrW + 66 77F7EEC1 20 Bytes [ 90, 90, 90, 90, 90, B8, E4, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrW + 7B 77F7EED6 6 Bytes [ 25, 00, 73, 00, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetThreadRef + 1 77F7EEDD 37 Bytes [ 4E, 0C, C1, E1, 03, 8B, D1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetThreadRef + 27 77F7EF03 21 Bytes [ 74, 08, 8B, 55, 10, 83, 3A, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetThreadRef + 3D 77F7EF19 92 Bytes [ 43, 10, 6A, 00, 03, C6, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetThreadRef + 9A 77F7EF76 1 Byte [ 4D ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetThreadRef + 9C 77F7EF78 63 Bytes [ 8B, 55, 10, 53, 8B, 5D, 14, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyW 77F7F630 66 Bytes CALL D652F635
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyW + 43 77F7F673 47 Bytes [ FF, 90, 90, 90, 90, 90, B8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyW + 73 77F7F6A3 30 Bytes [ 25, 10, D2, FC, 77, FF, B6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyW + 92 77F7F6C2 5 Bytes JMP 77F93D15 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyW + 9B 77F7F6CB 55 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetMenuPosFromID 77F7FA31 58 Bytes [ 90, 8B, FF, 55, 8B, EC, A1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetMenuPosFromID + 3B 77F7FA6C 34 Bytes JMP 906877F7
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetMenuPosFromID + 5E 77F7FA8F 35 Bytes [ F5, 61, 64, 76, 61, 70, 69, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetMenuPosFromID + 82 77F7FAB3 108 Bytes JMP 77F8D13A C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnW + 45 77F7FB20 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnW + 4C 77F7FB27 9 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnW + 56 77F7FB31 124 Bytes [ 0F, CE, 00, 00, C7, 06, D0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnW + D3 77F7FBAE 40 Bytes [ FF, 8B, F8, 8B, F7, F7, DE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnW + FC 77F7FBD7 16 Bytes [ 00, 00, 8B, F0, 85, F6, 7C, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThread + 1 77F7FE5F 16 Bytes [ EC, 8B, 45, 08, 8B, 08, 33, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThread + 12 77F7FE70 1 Byte [ 4D ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThread + 14 77F7FE72 65 Bytes [ 56, 8B, 70, 04, 89, 31, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThread + 56 77F7FEB4 14 Bytes [ 15, FC, D0, FC, 77, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThread + 65 77F7FEC3 30 Bytes [ D1, FC, 77, 8B, F0, 8D, 45, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegCreateUSKeyA + B 77F801B2 56 Bytes [ 61, 00, 72, 00, 65, 00, 5C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegCreateUSKeyA + 44 77F801EB 18 Bytes [ 11, 8B, F0, 85, F6, 7C, 19, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegCreateUSKeyA + 57 77F801FE 19 Bytes [ 51, 14, 8B, F0, 8B, 45, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegCreateUSKeyA + 6B 77F80212 57 Bytes [ 90, 90, 60, 4F, D8, 37, CB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegCreateUSKeyA + A5 77F8024C 10 Bytes [ 75, 0C, FF, 75, 08, E8, 2F, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetThreadRef + 2 77F80740 3 Bytes CALL 05F80742
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetThreadRef + 6 77F80744 8 Bytes [ FF, 8D, 85, F0, FD, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetThreadRef + F 77F8074D 37 Bytes CALL 77F8074F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSetThreadRef + 35 77F80773 6 Bytes [ 0F, 84, AE, E7, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThreadRef + 2 77F8077A 6 Bytes [ B5, DC, FD, FF, FF, 53 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThreadRef + 9 77F80781 3 Bytes [ 46, FF, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThreadRef + D 77F80785 103 Bytes [ 89, 85, E0, FD, FF, FF, 5F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThreadRef + 75 77F807ED 6 Bytes JMP 77F8C1A2 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateThreadRef + 7C 77F807F4 95 Bytes [ 17, 0F, 8F, 61, B9, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyA + 131 77F810FA 36 Bytes [ 8B, 45, FC, 89, 45, 08, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyA + 156 77F8111F 126 Bytes [ 15, 04, 14, F6, 77, 83, 27, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteKeyA + 1D5 77F8119E 132 Bytes [ C9, C2, 14, 00, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetUSValueW + 47 77F81223 6 Bytes [ 0F, 85, 3A, 06, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorRGBToHLS + 2 77F8122A 39 Bytes [ B5, F4, FE, FF, FF, 8D, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorRGBToHLS + 2A 77F81252 45 Bytes [ D8, 85, DB, 8B, 85, EC, FE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorRGBToHLS + 58 77F81280 39 Bytes [ 8B, 45, 0C, 89, 83, 10, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorRGBToHLS + 80 77F812A8 19 Bytes [ 00, 8D, 43, 04, FF, B5, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorRGBToHLS + 94 77F812BC 169 Bytes [ 85, F8, FE, FF, FF, 0F, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorHLSToRGB + 93 77F81366 21 Bytes [ 7C, 4D, 56, FF, 75, 0C, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorHLSToRGB + B4 77F81387 21 Bytes [ 7C, 39, 8B, 45, 0C, 8D, 4C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorHLSToRGB + CA 77F8139D 24 Bytes [ 09, 0F, B7, D2, 03, C2, 3B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorHLSToRGB + E3 77F813B6 17 Bytes [ C7, 5F, 5B, 5D, C2, 08, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorHLSToRGB + F5 77F813C8 181 Bytes JMP 07000EBF
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCA + 21 77F816A6 7 Bytes [ F8, 8B, 45, 08, 8B, 08, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCA + 29 77F816AE 31 Bytes JMP 77F8C2E9 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCA + 49 77F816CE 54 Bytes [ F8, 85, FF, 0F, 84, 6F, 29, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCA + 80 77F81705 27 Bytes [ 00, 50, FF, 75, 10, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsUNCA + 9C 77F81721 24 Bytes [ 90, 90, 90, 90, 90, 83, 3D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeA 77F8173B 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeA + 4 77F8173F 26 Bytes [ FF, 55, 8B, EC, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeA + 1F 77F8175A 56 Bytes [ 7F, 05, 05, 40, 00, 80, 5D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeA + 59 77F81794 52 Bytes [ 00, 85, C0, 8B, 4D, 0C, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCanonicalizeA + 8E 77F817C9 19 Bytes [ 8B, 45, 08, 89, 46, 04, C7, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAppendA + 27 77F81874 30 Bytes [ 57, 8D, 85, FC, FE, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineA + 2 77F81893 42 Bytes [ FF, 68, 00, 01, 00, 00, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineA + 2D 77F818BE 28 Bytes [ 3B, C7, 0F, 85, C4, DB, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineA + 4B 77F818DC 5 Bytes [ 80, 0F, 85, CC, DB ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineA + 52 77F818E3 49 Bytes [ 8B, 03, 3B, C7, 74, 2D, F6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCombineA + 85 77F81916 226 Bytes [ F6, 45, 18, 03, 0F, 85, 59, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRelativeA + 49 77F819FB 6 Bytes [ 90, 90, 8B, FF, 55, 8B ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRelativeA + 50 77F81A02 3 Bytes [ 81, EC, 98 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRelativeA + 54 77F81A06 10 Bytes [ 00, 00, A1, 48, D2, FC, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRelativeA + 5F 77F81A11 17 Bytes [ 6A, 24, 59, 33, C0, 8D, BD, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsRelativeA + 71 77F81A23 12 Bytes [ FF, 50, C7, 85, 68, FF, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindOnPathW + 44 77F81AC3 1 Byte [ 10 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindOnPathW + 6B 77F81AEA 5 Bytes [ 0F, 86, A2, 42, FE ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindOnPathW + 7D 77F81AFC 10 Bytes [ 55, 8B, EC, 83, 7D, 10, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindOnPathW + 88 77F81B07 60 Bytes [ 6A, 00, FF, 15, 20, 17, F6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindOnPathW + 15C 77F81BDB 111 Bytes [ D6, 3B, C3, A3, 74, D8, FC, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddExtensionW + 35 77F82125 49 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddExtensionW + 67 77F82157 55 Bytes [ C0, EB, F7, 90, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddExtensionW + A0 77F82190 31 Bytes [ 06, 3B, D8, 0F, 8C, 43, C7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddExtensionW + C0 77F821B0 20 Bytes [ C3, 5F, 5E, 5B, 5D, C2, 0C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddExtensionW + D5 77F821C5 7 Bytes [ 51, 0C, 8B, F0, 8B, 45, 08 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSkipJunction + 5 77F821E1 112 Bytes [ 56, FF, 75, 1C, 8D, 45, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSkipJunction + 76 77F82252 91 Bytes [ C2, 3B, C6, 0F, 8F, E8, C3, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSkipJunction + D2 77F822AE 48 Bytes [ 4D, 0C, 66, 89, 01, 8B, 45, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSkipJunction + 103 77F822DF 15 Bytes [ 0F, 85, 44, C4, 00, 00, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHSkipJunction + 113 77F822EF 46 Bytes [ 99, B9, F0, 00, 00, 00, F7, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetInverseCMAP + 10 77F8239B 47 Bytes [ 80, 74, 2C, 8B, 08, 8D, 55, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetInverseCMAP + 40 77F823CB 136 Bytes [ 8B, C6, 5E, 5D, C2, 0C, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetInverseCMAP + C9 77F82454 129 Bytes [ 6A, 00, 57, 68, 08, 02, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetInverseCMAP + 14B 77F824D6 148 Bytes [ 1C, 47, 2B, F0, 89, 5D, F8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetInverseCMAP + 1E0 77F8256B 59 Bytes [ 53, 56, 33, DB, F7, 45, 20, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesW + C5 77F8ABD7 575 Bytes [ 75, 94, 94, 94, 94, 94, 94, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesW + 305 77F8AE17 308 Bytes [ 6A, 8F, 8F, 8F, 8F, 8F, 8F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetViewStatePropertyBag + 52 77F8AF4C 438 Bytes [ 53, 53, 53, 53, 53, 53, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetViewStatePropertyBag + 209 77F8B103 59 Bytes [ 1B, F3, F4, F4, F4, FB, FB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetViewStatePropertyBag + 245 77F8B13F 597 Bytes [ C3, C3, C3, C3, C3, F4, F4, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHGetViewStatePropertyBag + 49B 77F8B395 238 Bytes [ 75, 75, 75, 94, 94, 94, 94, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeW + 69 77F8B484 124 Bytes [ BD, DE, DE, DE, 38, 38, 38, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeW + E6 77F8B501 142 Bytes [ C3, C3, 1B, F4, F4, F4, F5, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeW + 175 77F8B590 33 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeW + 197 77F8B5B2 16 Bytes [ 0F, 84, C2, 6A, 00, 00, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeW + 1A8 77F8B5C3 104 Bytes CALL 0370ABDD
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntExW + 1 77F8B848 235 Bytes [ 35, A8, 17, F6, 77, 53, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExW + C0 77F8B934 5 Bytes [ 00, 89, 85, CC, FE ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExW + C7 77F8B93B 10 Bytes [ 89, 85, F4, FE, FF, FF, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExW + D2 77F8B946 53 Bytes [ FF, 50, 8D, 85, FC, FE, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExW + 108 77F8B97C 1 Byte [ 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExW + 10A 77F8B97E 53 Bytes [ 15, BC, 15, F6, 77, 66, 3B, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileEx + 86 77F8C33A 64 Bytes [ 7D, 0C, 8B, CA, 8B, D9, C1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileEx + C7 77F8C37B 27 Bytes [ 68, 24, AD, F8, 77, 6A, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileEx + E3 77F8C397 156 Bytes [ 08, 50, FF, 51, 10, 5E, 5D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileEx + 180 77F8C434 2 Bytes [ 85, 64 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileEx + 183 77F8C437 6 Bytes [ FF, FF, 0F, 84, 2E, 01 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateShellPalette + 23 77F8C8A1 22 Bytes [ 66, 3D, 09, 00, 0F, 84, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateShellPalette + 3A 77F8C8B8 7 Bytes [ 75, 0E, 33, D2, 66, 3D, 2B ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateShellPalette + 42 77F8C8C0 68 Bytes [ 0F, 95, C2, 46, 46, 89, 55, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateShellPalette + 87 77F8C905 105 Bytes [ 46, 8B, D1, 8B, C8, 46, EB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateShellPalette + F1 77F8C96F 89 Bytes [ FF, 55, 8B, EC, 56, FF, 75, ... ]


2nd part:

.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripPathW + A 77F8CA76 8 Bytes [ C0, 0F, 84, 71, F5, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripPathW + 13 77F8CA7F 8 Bytes [ 75, 0C, C7, 41, 3C, 01, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripPathW + 1C 77F8CA88 35 Bytes [ FF, 75, 08, 6A, 05, FF, 71, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripPathW + 40 77F8CAAC 6 Bytes [ 00, 83, 3D, 4C, D2, FC ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripPathW + 47 77F8CAB3 21 Bytes [ 00, A1, 48, D2, FC, 77, 89, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorAdjustLuma + 5B 77FA11EF 87 Bytes [ 90, 43, 65, 72, 74, 43, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorAdjustLuma + B4 77FA1248 43 Bytes [ 40, 01, 00, 00, 41, 74, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorAdjustLuma + E0 77FA1274 35 Bytes [ 70, 74, FC, 77, 49, 01, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorAdjustLuma + 104 77FA1298 223 Bytes [ 51, 01, 00, 00, 70, 74, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!ColorAdjustLuma + 1E4 77FA1378 305 Bytes [ 50, 72, 6F, 70, 65, 72, 74, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCopyKeyA + 10 77FA1514 151 Bytes [ F7, 74, FC, 77, DC, 07, FA, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCopyKeyA + A8 77FA15AC 445 Bytes [ F7, 74, FC, 77, 54, 06, FA, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCopyKeyW 77FA176A 22 Bytes [ 90, 90, 43, 41, 45, 6E, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCopyKeyW + 17 77FA1781 144 Bytes [ 6D, 43, 65, 72, 74, 54, 79, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteEmptyKeyW + 1D 77FA1812 17 Bytes [ 00, 00, F7, 74, FC, 77, DB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteEmptyKeyW + 2F 77FA1824 7 Bytes [ A5, 77, FC, 77, 48, 08, FA ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHDeleteEmptyKeyW + 37 77FA182C 282 Bytes [ 38, 75, FC, 77, 38, 08, FA, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyA + 9D 77FA1947 92 Bytes [ 77, 44, 0A, FA, 77, 70, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHQueryInfoKeyA + FA 77FA19A4 53 Bytes [ 53, 64, 62, 52, 65, 61, 64, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteUSValueA + 33 77FA19DA 35 Bytes [ 70, 49, 6E, 66, 6F, 72, 6D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteUSValueA + 57 77FA19FE 15 Bytes [ 69, 6F, 6E, 00, 90, 90, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteUSValueA + 67 77FA1A0E 90 Bytes [ 61, 62, 61, 73, 65, 00, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteUSValueW + 19 77FA1A69 45 Bytes [ 65, 63, 6B, 53, 68, 65, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteUSValueW + 47 77FA1A97 66 Bytes [ 77, 52, 75, 6E, 53, 65, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 27 77FA1ADA 12 Bytes [ FA, 77, 0C, 82, FC, 77, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 34 77FA1AE7 95 Bytes [ 77, F0, 0F, FA, 77, 70, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 94 77FA1B47 304 Bytes [ 77, 08, 0F, FA, 77, 89, 7B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegEnumUSValueA + 31 77FA1C78 66 Bytes [ 50, 6F, 6C, 69, 63, 79, 49, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegEnumUSValueA + 74 77FA1CBB 170 Bytes [ 90, 53, 61, 66, 65, 72, 47, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegEnumUSValueW + 7F 77FA1D66 122 Bytes [ 65, 45, 78, 57, 00, 90, 52, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 5A 77FA1DE1 42 Bytes [ 65, 72, 79, 49, 6E, 66, 6F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 85 77FA1E0C 13 Bytes [ 52, 65, 67, 4F, 70, 65, 6E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetPathW + A 77FA1E1A 79 Bytes [ 90, 90, 52, 65, 67, 4F, 70, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetPathW + 5A 77FA1E6A 48 Bytes [ 90, 90, 52, 65, 67, 44, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetPathW + 8C 77FA1E9C 46 Bytes [ 52, 65, 67, 43, 72, 65, 61, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetPathA + 2D 77FA1ECB 214 Bytes [ 90, 4F, 70, 65, 6E, 54, 68, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueA + 25 77FA1FA2 288 Bytes [ 72, 63, 65, 00, 90, 90, 43, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueA + 146 77FA20C3 27 Bytes [ 00, C0, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueA + 164 77FA20E1 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueA + 17C 77FA20F9 1 Byte [ 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegWriteUSValueA + 17F 77FA20FC 63 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetPathA + 13 77FA21F7 72 Bytes [ 99, F7, F9, 50, EB, 25, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetPathW + 2F 77FA2240 13 Bytes [ 75, 08, FF, 35, 20, D4, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetPathW + 3D 77FA224E 37 Bytes [ 5D, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetPathW + 63 77FA2274 12 Bytes [ 07, 80, EB, 30, 56, 57, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetPathW + 70 77FA2281 123 Bytes [ 75, 10, 8D, 70, FF, 56, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegGetPathW + EC 77FA22FD 22 Bytes [ 15, 04, 14, F6, 77, 85, C0, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetUSValueA + 37 77FA2666 102 Bytes [ FF, 6A, 40, FF, 15, 00, 14, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetUSValueA + 9E 77FA26CD 7 Bytes [ FF, 15, A8, 17, F6, 77, 8B ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetUSValueA + A6 77FA26D5 9 Bytes [ 3B, F3, 75, 49, FF, B5, EC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetUSValueA + B0 77FA26DF 5 Bytes [ 8D, 85, F8, FE, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegSetUSValueA + B6 77FA26E5 4 Bytes [ FF, B5, E8, FD ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRChrIA + B 77FA43E2 8 Bytes [ 8D, 85, F0, FA, FF, FF, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRChrIA + 14 77FA43EB 37 Bytes [ F8, FA, FF, FF, 50, FF, 15, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRChrIA + 3A 77FA4411 61 Bytes [ 41, 18, 33, D2, F7, 71, 1C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrPBrkA + 13 77FA444F 112 Bytes [ E2, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExA + 34 77FA44C0 6 Bytes [ FA, FF, FF, 50, 0F, B7 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExA + 3B 77FA44C7 11 Bytes [ E6, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToInt64ExA + 47 77FA44D3 57 Bytes [ 50, 0F, B7, 85, E0, FA, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntExA + 2 77FA450D 9 Bytes [ 50, FF, B5, F4, FA, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrToIntExA + C 77FA4517 49 Bytes [ B5, F4, FA, FF, FF, FF, 15, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrSpnA + 11 77FA4549 274 Bytes [ 11, F6, 77, 6A, 0D, 58, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnIA + 16 77FA465C 47 Bytes [ 6C, 75, 2C, 25, 6C, 75, 09, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCSpnIA + 46 77FA468C 62 Bytes [ 5C, 73, 68, 70, 65, 72, 66, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIA + 4C 77FA46DC 27 Bytes [ 81, A5, F4, FE, FF, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIA + 68 77FA46F8 22 Bytes [ FF, A1, 74, D3, FC, 77, 39, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRStrIA + 7F 77FA470F 96 Bytes [ CB, 23, 08, 66, F7, C1, 49, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNW + 4C 77FA4770 11 Bytes [ FF, FF, 89, 06, 8B, 45, 1C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNW + 58 77FA477C 7 Bytes [ 15, 20, 11, F6, 77, 84, DB ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNW + 60 77FA4784 29 Bytes [ BD, F0, FE, FF, FF, 89, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IntlStrEqWorkerA + D 77FA47A2 70 Bytes [ 51, FF, B5, F0, FE, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IntlStrEqWorkerA + 54 77FA47E9 5 Bytes [ 57, FF, B5, F8, FE ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IntlStrEqWorkerA + 5A 77FA47EF 4 Bytes [ FF, FF, 70, 60 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IntlStrEqWorkerA + 5F 77FA47F4 40 Bytes [ D1, A1, 74, D3, FC, 77, 83, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IntlStrEqWorkerA + 88 77FA481D 108 Bytes [ 15, 57, FF, B5, F8, FE, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimA + 2 77FA488A 40 Bytes [ 08, 00, 00, 00, A1, 74, D3, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimA + 2B 77FA48B3 61 Bytes [ 4D, FC, 8B, 85, EC, FE, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimA + 69 77FA48F1 40 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrTrimA + 92 77FA491A 83 Bytes [ 56, 56, 68, 00, 01, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBSTR + 2D 77FA496E 15 Bytes [ FF, 55, 8B, EC, 5D, E9, 25, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBSTR + 3D 77FA497E 57 Bytes [ FF, 55, 8B, EC, 81, EC, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBSTR + 77 77FA49B8 6 Bytes [ 75, 1C, 8D, 85, FC, FE ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBSTR + 7E 77FA49BF 4 Bytes [ FF, FF, 75, 18 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBSTR + 83 77FA49C4 9 Bytes [ 75, 14, FF, 75, 10, 50, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBufA + 15 77FA4A0E 1 Byte [ 48 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBufA + 17 77FA4A10 56 Bytes [ 47, 48, 0F, 85, 60, 01, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToBufA + 50 77FA4A49 111 Bytes [ 15, 40, 17, F6, 77, A3, 88, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHStrDupA + 41 77FA4AB9 28 Bytes [ 83, C4, 10, 33, DB, 53, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrCatChainW + 2 77FA4AD6 105 Bytes [ FF, A1, 74, D3, FC, 77, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrChrNIW + 1D 77FA4B40 73 Bytes [ 15, E4, 13, F6, 77, 85, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRChrIW + 23 77FA4B8A 120 Bytes [ 00, 90, 53, 68, 65, 6C, 6C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNIW + E 77FA4C03 39 Bytes [ 06, 83, 7D, 14, 08, 75, 32, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNIW + 36 77FA4C2B 62 Bytes [ 53, 53, 6A, 03, 6A, 01, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNIW + 75 77FA4C6A 69 Bytes [ 41, 20, EB, 0D, 33, D2, F7, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNIW + BB 77FA4CB0 6 Bytes [ 53, 61, 6D, 65, 25, 73 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrStrNIW + C2 77FA4CB7 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSize64A + 4 77FA4E7B 69 Bytes [ 80, A4, 00, 00, 00, 89, 58, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeA + 4 77FA4EC1 9 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 55, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeA + E 77FA4ECB 42 Bytes [ C9, C2, 04, 00, 90, 25, 73, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeA + 39 77FA4EF6 4 Bytes [ 45, 08, 8B, 0D ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeA + 3E 77FA4EFB 24 Bytes [ D3, FC, 77, 89, 41, 24, 5D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFormatByteSizeA + 57 77FA4F14 50 Bytes [ 00, A1, 48, D2, FC, 77, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrA + 2F 77FA4F48 8 Bytes [ 75, 07, 6A, 01, E8, 88, EE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrA + 38 77FA4F51 80 Bytes [ 56, FF, 75, 28, 68, 02, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrA + 89 77FA4FA2 28 Bytes [ 00, 00, 6A, 27, 8D, 45, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrA + A6 77FA4FBF 47 Bytes [ C0, 74, 12, 6A, 13, 57, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrRetToStrA + DE 77FA4FF7 1 Byte [ 57 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFromTimeIntervalA + 46 77FA519E 88 Bytes [ EB, FF, FF, 8B, F8, E8, A1, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFromTimeIntervalW + 34 77FA51F7 158 Bytes [ 12, 56, 57, 6A, 42, 6A, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFromTimeIntervalW + E5 77FA52A8 38 Bytes [ 8D, 85, 24, FF, FF, FF, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFromTimeIntervalW + 119 77FA52DC 1 Byte [ 6A ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFromTimeIntervalW + 11B 77FA52DE 32 Bytes [ 6A, 03, 6A, 03, 8D, 85, 4C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!StrFromTimeIntervalW + 13C 77FA52FF 2 Bytes [ 90, 41 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceA + 4B 77FA5FD0 3 Bytes [ 85, 7C, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceA + 4F 77FA5FD4 6 Bytes [ FF, 56, 50, E8, 8C, FC ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceA + 56 77FA5FDB 5 Bytes [ FF, 8D, 85, 7C, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceA + 5C 77FA5FE1 62 Bytes [ FF, 50, FF, 75, 0C, 57, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!IsCharSpaceA + 9B 77FA6020 15 Bytes [ FF, 6A, 01, 8D, 45, 14, 50, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsA + 2 77FA6F20 19 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsA + 16 77FA6F34 5 Bytes [ 00, 00, 00, C0, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsA + 1C 77FA6F3A 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsA + 30 77FA6F4E 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveArgsA + 34 77FA6F52 136 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindSuffixArrayA + 19 77FA6FDC 98 Bytes [ 0C, 8D, 45, FC, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindSuffixArrayA + 7C 77FA703F 70 Bytes [ 8B, DE, 57, FF, 15, 04, 14, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionA + 21 77FA7087 3 Bytes [ 8B, FF, 55 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionA + 25 77FA708B 4 Bytes [ EC, 51, 51, 53 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveExtensionA + 2A 77FA7090 203 Bytes [ 5D, 14, 56, 57, 8B, 7D, 18, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCommonPrefixA + AD 77FA715C 117 Bytes [ 14, F6, 77, 3B, C3, 89, 07, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsPrefixA + 1E 77FA71D2 82 Bytes [ 15, F4, 13, F6, 77, 3B, C6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveFileSpecA + 11 77FA7225 114 Bytes [ 56, 68, 50, D3, FC, 77, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsFileSpecA + 6 77FA7298 117 Bytes [ 00, 89, 45, E4, 53, FF, 15, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetDriveNumberA + 2 77FA730E 5 Bytes [ 75, D0, FF, D6, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetDriveNumberA + 8 77FA7314 113 Bytes [ D4, FF, D6, FF, 75, B4, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyA + 2 77FA7386 31 Bytes [ 75, B4, FF, 75, B0, FF, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyA + 23 77FA73A7 38 Bytes CALL 4E62A9AB
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyA + 4A 77FA73CE 7 Bytes [ F8, 89, 44, 0D, D8, FF, D6 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyA + 53 77FA73D7 1 Byte [ F4 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSearchAndQualifyA + 55 77FA73D9 168 Bytes [ D6, 83, 45, FC, 04, 83, 7D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryA + 2 77FA7482 34 Bytes [ FF, 66, 8C, 85, BC, FD, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryA + 25 77FA74A5 12 Bytes [ 01, 00, 01, 00, 8B, 45, 04, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryA + 32 77FA74B2 19 Bytes [ 8D, 45, 04, 89, 85, EC, FD, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryA + 46 77FA74C6 19 Bytes [ FF, 6A, 14, 59, 33, C0, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryA + 5A 77FA74DA 41 Bytes [ 09, 04, 00, C0, 8B, 45, 04, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnquoteSpacesA + 1D 77FA75B3 22 Bytes [ 57, 8B, F0, FF, 15, 68, 17, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnquoteSpacesA + 34 77FA75CA 4 Bytes [ 81, E6, FF, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnquoteSpacesA + 39 77FA75CF 11 Bytes [ 00, 81, CE, 00, 00, 07, 80, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathQuoteSpacesA + 39 77FA760D 33 Bytes [ 75, 0C, FF, 75, 08, E8, 1C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindNextComponentA + 7 77FA762F 24 Bytes [ D8, 85, DB, 74, 2A, 8D, 45, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindNextComponentA + 20 77FA7648 3 Bytes [ 8B, F0, 85 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindNextComponentA + 24 77FA764C 16 Bytes [ 75, 07, 8B, 45, 14, 89, 18, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindNextComponentA + 35 77FA765D 20 Bytes [ 03, 6A, 0E, 5E, 85, F6, 7E, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindNextComponentA + 4A 77FA7672 70 Bytes [ C6, 5E, 5B, C9, C2, 10, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMatchSpecA + 2 77FA77A2 95 Bytes [ 75, 0C, FF, 75, 08, 57, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSkipRootA + 60 77FA7850 19 Bytes [ 00, 53, 6A, 40, 89, 5D, F4, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSameRootA + F 77FA7864 10 Bytes [ 39, 7D, FC, 74, 1B, 8B, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSameRootA + 1A 77FA786F 53 Bytes [ 8B, F8, 8B, C1, C1, E9, 02, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsURLA + 8 77FA78A5 50 Bytes [ 3B, 08, 75, 13, 6A, 00, 53, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeA + 4 77FA78D8 16 Bytes [ FB, 8B, 5D, F4, 89, 45, FC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeA + 15 77FA78E9 13 Bytes [ 20, 85, FF, 74, 51, 8D, 45, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeA + 23 77FA78F7 3 Bytes [ 8E, FE, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeA + 27 77FA78FB 41 Bytes [ 39, 5D, 18, 89, 45, 20, 76, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsContentTypeA + 52 77FA7926 23 Bytes [ 75, 08, 39, 4D, 14, 75, 03, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetCharTypeA + C 77FA7960 158 Bytes [ F3, 74, 6B, 8B, 45, 0C, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetCharTypeA + AC 77FA7A00 160 Bytes [ 14, 53, 8B, 5D, 18, 56, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetCharTypeA + 14D 77FA7AA1 17 Bytes [ 85, B4, FE, FF, FF, 0F, 84, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetCharTypeA + 15F 77FA7AB3 40 Bytes [ FF, 8D, 85, BC, FE, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathGetCharTypeA + 189 77FA7ADD 1 Byte [ B0 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnmakeSystemFolderA + 1C 77FA7B5F 13 Bytes [ B5, B4, FE, FF, FF, E8, A0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnmakeSystemFolderA + 2A 77FA7B6D 170 Bytes [ 68, AC, 6C, FA, 77, 56, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateA + 18 77FA7C18 78 Bytes CALL 77FA767D C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateA + 67 77FA7C67 287 Bytes [ 15, 04, 14, F6, 77, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateA + 187 77FA7D87 6 Bytes [ 07, 80, 74, 41, 3B, FB ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateA + 18E 77FA7D8E 52 Bytes [ 0C, 3B, D3, 75, 05, 39, 5D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUndecorateA + 1C3 77FA7DC3 9 Bytes JMP 77FA7EC7 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyA + 1 77FA7F66 78 Bytes [ 35, 54, 11, F6, 77, 57, 6A, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyA + 50 77FA7FB5 7 Bytes [ 5D, C2, 08, 00, 33, C0, 40 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyA + 63 77FA7FC8 1 Byte [ 83 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyA + 65 77FA7FCA 51 Bytes [ 0C, 53, 56, 33, F6, 39, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakePrettyA + 99 77FA7FFE 60 Bytes [ D7, 8B, 75, F8, 3B, F0, 7C, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBlanksA + 33 77FA8133 25 Bytes [ D8, 8B, CB, 2B, 4D, 0C, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBlanksA + 4D 77FA814D 84 Bytes [ 85, C0, 74, 16, 80, 3F, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBackslashA + 45 77FA81A2 14 Bytes [ 10, 00, 5F, EB, 02, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRemoveBackslashA + 57 77FA81B4 9 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootA + 9 77FA81BE 9 Bytes [ 74, 27, 39, 45, 0C, 74, 22, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootA + 13 77FA81C8 5 Bytes [ 75, 08, FF, 75, 0C ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootA + 19 77FA81CE 2 Bytes [ DD, FE ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripToRootA + 1D 77FA81D2 45 Bytes [ FF, 75, 08, 8B, F0, FF, 15, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsNetworkPathA + 19 77FA8200 3 Bytes [ 7A, EC, FC ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsNetworkPathA + 1D 77FA8204 33 Bytes [ 85, C0, 75, 03, 8B, 45, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathStripPathA + 7 77FA8226 76 Bytes [ C7, 8B, F7, 74, 29, 8A, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyA + 27 77FA8273 32 Bytes [ 38, 46, 01, 74, 0F, 88, 46, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyA + 48 77FA8294 27 Bytes [ 55, 8B, EC, 8B, 45, 08, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyA + 64 77FA82B0 91 Bytes [ 15, 38, 17, F6, 77, 8A, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyA + C0 77FA830C 82 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathA + 4A 77FA835F 2 Bytes [ 55, 8B ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathA + 4D 77FA8362 34 Bytes [ 8B, 45, 08, EB, 0F, 80, 38, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathA + 70 77FA8385 25 Bytes [ FF, 55, 8B, EC, 56, 33, F6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathA + 8A 77FA839F 24 Bytes [ 74, 4D, 68, F8, 73, FA, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathA + A3 77FA83B8 29 Bytes [ 6A, 00, FF, 75, 08, 6A, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathA + 12 77FA85DB 1 Byte [ 75 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathA + 14 77FA85DD 33 Bytes [ 85, F6, 74, 3D, 6A, 20, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathA + 36 77FA85FF 112 Bytes [ 00, 7D, 1B, 57, 8D, 46, 01, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathA + A7 77FA8670 201 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderA + 24 77FA873A 80 Bytes [ C0, 74, F4, 3C, 3B, 74, F0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderA + 75 77FA878B 30 Bytes [ 85, C0, 75, A2, 57, FF, D3, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderA + 94 77FA87AA 37 Bytes [ F6, 74, 37, 83, 7D, 08, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderA + BA 77FA87D0 2 Bytes [ 15, 38 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathMakeSystemFolderA + BD 77FA87D3 77 Bytes [ F6, 77, 8B, F0, 8A, 06, 84, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathAddExtensionA + 1 77FA8E08 143 Bytes [ CA, 83, E1, 03, 83, 7D, 14, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToA + B 77FA8E99 47 Bytes [ 23, F0, 03, F0, 83, 3D, 4C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToA + 3B 77FA8EC9 72 Bytes [ 00, 8D, 85, F8, FE, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToA + 84 77FA8F12 2 Bytes [ 75, 08 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToA + 87 77FA8F15 2 Bytes [ 5F, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRelativePathToA + 8B 77FA8F19 56 Bytes [ F7, D8, 1B, C0, 23, 45, 08, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExA + 2 77FA8FFF 46 Bytes [ FF, 15, 50, 11, F6, 77, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExA + 31 77FA902E 71 Bytes [ FF, F3, AB, 8D, 85, F0, FE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExA + 79 77FA9076 22 Bytes [ 84, 09, 02, 00, 3B, C7, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExA + 90 77FA908D 23 Bytes [ FF, FF, 15, 54, 11, F6, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExA + A8 77FA90A5 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsA + 6 77FA937D 5 Bytes [ B5, EC, FE, FF, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsA + C 77FA9383 8 Bytes [ D7, 8B, 45, 10, 39, 85, E0, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsA + 15 77FA938C 3 Bytes [ FF, 0F, 86 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsA + 3A 77FA93B1 7 Bytes [ 53, BB, 04, 01, 00, 00, 53 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsA + 42 77FA93B9 112 Bytes [ B5, F0, FE, FF, FF, 8D, 85, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringA + 29 77FAFD46 17 Bytes [ B5, 80, F3, FF, FF, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringA + 3B 77FAFD58 5 Bytes [ B5, 78, F3, FF, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringA + 41 77FAFD5E 8 Bytes [ B5, C4, F9, FF, FF, FF, B5, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringA + 4B 77FAFD68 17 Bytes [ FF, FF, 15, D0, 12, F6, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringA + 5D 77FAFD7A 36 Bytes [ 73, 04, 8B, F3, 8D, BD, 30, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyA + B 77FAFE63 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyA + 52 77FAFEAA 4 Bytes [ B5, EC, FD, FF ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyA + 57 77FAFEAF 8 Bytes [ 56, FF, 15, F4, D1, FC, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyA + 60 77FAFEB8 2 Bytes CALL 03FAFEBA
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryStringByKeyA + 64 77FAFEBC 5 Bytes [ 8B, F0, E8, D2, A4 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyA + 2 77FAFF6F 30 Bytes [ 75, 14, 56, 57, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyA + 21 77FAFF8E 18 Bytes [ 8B, 45, F8, 68, EC, 03, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyA + 3F 77FAFFAC 11 Bytes [ 74, 16, 85, F6, 74, 12, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyA + 4B 77FAFFB8 21 Bytes CALL 77FAA600 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!AssocQueryKeyA + 61 77FAFFCE 23 Bytes [ FF, 8B, 4D, FC, 8B, C7, 5F, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathFindSuffixArrayW + 2F 77FB0F0C 23 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathQuoteSpacesW + 7 77FB0F6E 52 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSkipRootW + 13 77FB0FD5 94 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSameRootW + 15 77FB1034 47 Bytes [ BF, 04, 01, 00, 00, 57, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsSameRootW + 45 77FB1064 184 Bytes [ 00, 8B, 86, 84, 00, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnmakeSystemFolderW + 11 77FB1137 25 Bytes [ 90, 25, 00, 25, 00, 25, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnmakeSystemFolderW + 2B 77FB1151 3 Bytes [ 55, 8B, EC ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnmakeSystemFolderW + 30 77FB1156 73 Bytes [ 39, 05, 20, DA, FC, 77, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsLFNFileSpecW + 6 77FB11A0 1 Byte [ 45 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsLFNFileSpecW + 8 77FB11A2 9 Bytes [ 57, 8B, 7D, 0C, 8D, 8D, 70, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsLFNFileSpecW + 12 77FB11AC 69 Bytes [ 89, 85, 6C, FF, FF, FF, 89, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsLFNFileSpecW + 58 77FB11F2 22 Bytes [ 13, F6, 77, 75, 0D, 8B, F8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsLFNFileSpecW + F6 77FB1290 7 Bytes [ 75, 11, 6A, FF, FF, B5, 68 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathRenameExtensionW + 2E 77FB1340 192 Bytes [ 8D, 70, FF, FF, FF, E8, AB, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyW + 97 77FB1401 21 Bytes [ D3, 8D, 44, 00, 02, 50, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyW + AD 77FB1417 5 Bytes [ FF, E8, 9A, 8C, FB ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathIsDirectoryEmptyW + B3 77FB141D 44 Bytes [ 6A, 00, 8D, 85, F0, FD, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathW + 15 77FB144A 116 Bytes [ F4, FD, FF, FF, 50, FF, B5, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathW + 8C 77FB14C1 22 Bytes [ 89, 85, E0, FD, FF, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathW + A3 77FB14D8 16 Bytes [ FF, 83, 85, E4, FD, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathW + B4 77FB14E9 10 Bytes [ 5E, 5B, 8B, 4D, FC, 8B, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathW + D0 77FB1505 46 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathW + 21 77FB170A 9 Bytes [ FF, 68, 04, 01, 00, 00, 33, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathW + 2B 77FB1714 1 Byte [ BD ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathW + 3D 77FB1726 22 Bytes [ FF, 50, 8D, 85, F0, FD, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathW + 80 77FB1769 8 Bytes [ 85, C0, 74, 0A, C7, 85, EC, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathSetDlgItemPathW + 89 77FB1772 2 Bytes [ FF, FF ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExW + 34 77FB1A26 79 Bytes [ EB, 03, 33, DB, 43, 8B, 4D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExW + 120 77FB1B12 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExW + 130 77FB1B22 62 Bytes [ A1, 48, D2, FC, 77, 53, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExW + 16F 77FB1B61 60 Bytes [ 83, 04, 07, 80, 83, E3, 40, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathCompactPathExW + 1AF 77FB1BA1 25 Bytes [ 8B, 85, E4, FD, FF, FF, 8B, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsW + 5F 77FB1DC8 7 Bytes [ 55, 8B, EC, 81, EC, 0C, 02 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsW + 67 77FB1DD0 59 Bytes [ 00, A1, 48, D2, FC, 77, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsW + A3 77FB1E0C 11 Bytes [ 8B, F8, 85, FF, 74, 3A, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsW + AF 77FB1E18 26 Bytes [ 15, EC, 13, F6, 77, 8D, 44, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!PathUnExpandEnvStringsW + CA 77FB1E33 13 Bytes [ 0D, 68, 18, 5F, F9, 77, 6A, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegisterValidateTemplate + 3B 77FB6048 64 Bytes [ 85, C0, 74, 4D, 83, 7D, 10, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegisterValidateTemplate + 7C 77FB6089 11 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegisterValidateTemplate + 88 77FB6095 30 Bytes [ 50, 14, 8B, D8, 5F, 8B, C3, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegisterValidateTemplate + A7 77FB60B4 21 Bytes [ 39, 7D, 14, 75, 0A, B8, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHRegisterValidateTemplate + BD 77FB60CA 12 Bytes [ 08, F6, 86, 18, 02, 00, 00, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHReleaseThreadRef + 40 77FB6D98 10 Bytes [ 15, EC, 12, F6, 77, 8B, 4D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHReleaseThreadRef + 4B 77FB6DA3 2 Bytes [ 79, E2 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHReleaseThreadRef + 4F 77FB6DA7 1 Byte [ C9 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHReleaseThreadRef + 51 77FB6DA9 1 Byte [ 08 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHReleaseThreadRef + 54 77FB6DAC 75 Bytes [ 41, 64, 64, 49, 6E, 74, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHIsLowMemoryMachine + 3F 77FB6DF8 4 Bytes [ 56, 68, 02, 00 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHIsLowMemoryMachine + 60 77FB6E19 1 Byte [ 56 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHIsLowMemoryMachine + 7C 77FB6E35 7 Bytes [ FF, 55, 8B, EC, 56, 6A, 04 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHIsLowMemoryMachine + 84 77FB6E3D 36 Bytes [ 75, 0C, BE, F0, 5F, F9, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHIsLowMemoryMachine + A9 77FB6E62 1 Byte [ 56 ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesA + 41 77FBDD22 1 Byte [ 10 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesA + 43 77FBDD24 2 Bytes [ 4B, 01 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesA + 46 77FBDD27 74 Bytes [ 00, 57, FF, 15, 10, 17, F6, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesA + D3 77FBDDB4 37 Bytes [ FF, 75, 14, FF, 75, 10, 50, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!GetAcceptLanguagesA + FA 77FBDDDB 107 Bytes [ 10, FF, 35, 38, DC, FC, 77, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareA + 2 77FBEC57 47 Bytes [ FF, 8D, 85, 58, FF, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareA + 33 77FBEC88 90 Bytes [ 57, 8B, F0, FF, 15, 04, 14, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareA + 8E 77FBECE3 21 Bytes JMP 77F8BB91 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareA + A4 77FBECF9 39 Bytes [ F9, 77, FF, 75, 08, 68, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCompareA + CC 77FBED21 27 Bytes [ 75, 08, 68, 00, 00, 00, 80, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlHashA + E 77FBED78 43 Bytes [ FF, 15, EC, 13, F6, 77, 8D, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlHashW 77FBEDA5 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlHashW + 4 77FBEDA9 37 Bytes [ FF, 55, 8B, EC, 56, 8B, 35, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlHashW + 2A 77FBEDCF 45 Bytes [ 75, 08, 68, FC, DD, FB, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlHashW + 58 77FBEDFD 48 Bytes [ 49, 4D, 45, 5C, 44, 61, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlHashW + 89 77FBEE2E 9 Bytes [ 65, 6E, 74, 20, 54, 79, 70, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeA + B 77FBF630 47 Bytes [ 09, 01, 83, 7B, 14, 00, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeA + 3B 77FBF660 110 Bytes [ 21, 8B, 7D, 0C, 89, 41, 20, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlEscapeA + AA 77FBF6CF 307 Bytes [ 85, C0, 74, 07, 6A, 0A, 59, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlGetPartA + F1 77FBF803 43 Bytes [ EC, 8B, 45, 08, 40, 66, 0F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeA + 17 77FBF82F 12 Bytes [ FF, 55, 8B, EC, 51, 83, 65, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeA + 24 77FBF83C 38 Bytes [ 08, 80, 3E, 00, 57, 8B, FE, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlUnescapeA + 4B 77FBF863 132 Bytes [ 98, FF, FF, FF, 84, C0, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathA + 3E 77FBF8E8 3 Bytes [ 8D, DC, FB ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathA + 42 77FBF8EC 21 Bytes [ FF, 51, 40, 50, 33, FF, 57, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathA + 59 77FBF903 26 Bytes [ FF, 15, 14, 18, F6, 77, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathA + 74 77FBF91E 15 Bytes [ 89, B5, E0, FB, FF, FF, E8, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlCreateFromPathA + 84 77FBF92E 12 Bytes [ FF, 8D, 85, E0, FB, FF, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeA + 28 77FBF9BF 22 Bytes [ E0, FB, FF, FF, 50, 8D, 85, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeA + 3F 77FBF9D6 4 Bytes [ FB, FF, FF, 50 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeA + 44 77FBF9DB 3 Bytes [ 85, F8, FE ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeA + 49 77FBF9E0 11 Bytes [ 50, FF, B5, D8, FB, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeA + 55 77FBF9EC 25 Bytes [ FF, FF, B5, DC, FB, FF, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeW + 44 77FBFAB6 37 Bytes [ 55, 8B, EC, 81, EC, 14, 02, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeW + 6A 77FBFADC 3 Bytes [ 85, F0, FD ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeW + 6E 77FBFAE0 33 Bytes [ FF, 50, 8D, 85, F4, FD, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeW + 90 77FBFB02 3 Bytes [ E5, C3, FA ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlApplySchemeW + 94 77FBFB06 13 Bytes [ 85, C0, 75, 2A, 53, E8, 93, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryA + 1C 77FBFEEA 36 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryA + 41 77FBFF0F 1 Byte [ 6A ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryA + 43 77FBFF11 1 Byte [ 6A ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryA + 45 77FBFF13 6 Bytes [ 6A, 2F, 53, FF, 76, 04 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!UrlIsNoHistoryA + BE 77FBFF8C 40 Bytes [ 83, EF, 08, 75, 2E, 68, 20, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileA + 1D 77FC0136 72 Bytes [ 4C, 4D, BC, 66, 85, C9, 74, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileA + 66 77FC017F 12 Bytes [ A8, EF, FF, FF, 01, 00, 00, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileA + 73 77FC018C 75 Bytes [ FF, 8B, 8D, A0, EF, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileA + BF 77FC01D8 18 Bytes [ FF, 83, BD, A4, EF, FF, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamOnFileA + D2 77FC01EB 16 Bytes [ FF, B5, AC, EF, FF, FF, FF, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamW + 19 77FC20EC 93 Bytes [ 69, 39, 0D, 00, DF, FC, 77, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamW + 77 77FC214A 20 Bytes [ 00, EB, 09, FF, 75, E8, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamW + 8C 77FC215F 1 Byte [ 74 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamW + 8E 77FC2161 101 Bytes [ 53, FF, D7, 8B, 45, FC, 5F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHOpenRegStreamW + F4 77FC21C7 15 Bytes [ 15, 60, 13, F6, 77, 85, C0, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DllGetVersion 77FC57A1 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DllGetVersion + 4 77FC57A5 8 Bytes [ FF, 55, 8B, EC, 81, EC, 1C, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DllGetVersion + D 77FC57AE 18 Bytes [ 00, A1, 48, D2, FC, 77, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DllGetVersion + 20 77FC57C1 17 Bytes [ 8B, 45, 1C, 56, 8B, 75, 10, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DllGetVersion + 32 77FC57D3 38 Bytes CALL E0FC57CD
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DelayLoadFailureHook + 20 77FC686D 157 Bytes [ 55, 8B, EC, 8B, 45, 08, 56, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DelayLoadFailureHook + BE 77FC690B 94 Bytes [ 55, 8B, EC, 56, 33, F6, 39, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DelayLoadFailureHook + 127 77FC6974 154 Bytes [ 6A, 01, FF, 75, 08, E8, 8B, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DelayLoadFailureHook + 1C2 77FC6A0F 19 Bytes CALL 03746027
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!DelayLoadFailureHook + 1D6 77FC6A23 81 Bytes [ 75, 0C, 53, 53, FF, D7, 3B, ... ]
.text ...
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + B 77FC7946 17 Bytes [ 90, 90, 90, 90, 90, 6A, 7F, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + 1D 77FC7958 2 Bytes [ 90, 90 ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + 2F 77FC796A 30 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + 4F 77FC798A 40 Bytes [ A1, 48, D2, FC, 77, 83, A5, ... ]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[312] SHLWAPI.dll!SHCreateStreamWrapper + 13D 77FC7A78 123 Bytes [ 65, F8, 00, 83, 65, FC, 00, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[568] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\Explorer.EXE[568] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\Explorer.EXE[568] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\Explorer.EXE[568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\Explorer.EXE[568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\Explorer.EXE[568] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Vzumqeatmyqcw\hjniaes.exe[664] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Vzumqeatmyqcw\hjniaes.exe[664] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Vzumqeatmyqcw\hjniaes.exe[664] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Vzumqeatmyqcw\hjniaes.exe[664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Vzumqeatmyqcw\hjniaes.exe[664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Vzumqeatmyqcw\hjniaes.exe[664] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Winamp\winampa.exe[672] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Winamp\winampa.exe[672] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Winamp\winampa.exe[672] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Winamp\winampa.exe[672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Winamp\winampa.exe[672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Winamp\winampa.exe[672] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[788] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[788] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[788] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[788] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\RTHDCPL.EXE[800] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\RTHDCPL.EXE[800] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\RTHDCPL.EXE[800] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\RTHDCPL.EXE[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\RTHDCPL.EXE[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\RTHDCPL.EXE[800] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[828] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D4AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[828] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D4B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[828] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D4AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D42610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D42720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[828] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 00D4AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00ABAB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00ABB1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00ABAC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AB2610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AB2720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 00ABAAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1260] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 016BAB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1260] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 016BB1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1260] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 016BAC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 016B2610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 016B2720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1260] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 016BAAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\D-Tools\daemon.exe[1296] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CBAB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\D-Tools\daemon.exe[1296] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CBB1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\D-Tools\daemon.exe[1296] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00CBAC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\D-Tools\daemon.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CB2610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\D-Tools\daemon.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CB2720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\D-Tools\daemon.exe[1296] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 00CBAAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1312] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1312] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1312] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1312] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1384] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Messenger\msmsgs.exe[1392] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Messenger\msmsgs.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Messenger\msmsgs.exe[1392] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Messenger\msmsgs.exe[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Messenger\msmsgs.exe[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Messenger\msmsgs.exe[1392] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Internet Download Manager\IDMan.exe[1400] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Internet Download Manager\IDMan.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Internet Download Manager\IDMan.exe[1400] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Internet Download Manager\IDMan.exe[1400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Internet Download Manager\IDMan.exe[1400] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Internet Download Manager\IDMan.exe[1400] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\ctfmon.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\ctfmon.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\WINDOWS\system32\ctfmon.exe[1408] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1484] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 036CAB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1484] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 036CB1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1484] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 036CAC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1484] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 036C2610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1484] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 036C2720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1484] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 036CAAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1524] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0295AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1524] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0295B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1524] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0295AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02952610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02952720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1524] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 0295AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1688] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [ 25, 00, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [ 25 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 8 7C90DC5D 2 Bytes [ 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [ 65, 00, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [ A5, 01, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes [ E5, 01, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [ A5, 02, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [ 65, 01, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [ 65, 02, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes [ E5, 02, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [ A5, 00, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes [ E5, 00, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [ 25, 01, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [ 25, 02, 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [ E2 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [ 65 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 8 7C90E968 2 Bytes [ 16, 00 ]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [ E2 ]
.text C:\Program Files\WinRAR\WinRAR.exe[2592] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2592] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2592] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2592] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.313\gmer.exe[3204] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.313\gmer.exe[3204] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.313\gmer.exe[3204] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.313\gmer.exe[3204] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3732] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3732] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3732] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3732] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000AB30 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000B1E0 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000AC70 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002610 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002720 C:\WINDOWS\system32\mseun6erd.dll
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4004] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 1000AAD0 C:\WINDOWS\system32\mseun6erd.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 867C91F0
Device \FileSystem\Udfs \UdfsCdRom 864C3DB8
Device \FileSystem\InCDfs \InCDFsDisk 85D15230
Device \FileSystem\Udfs \UdfsDisk 864C3DB8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 8662D768
Device \FileSystem\Rdbss \Device\FsWrap 85D2FB10
Device \Driver\Cdrom \Device\CdRom1 8662D768
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 866284A0
Device \Driver\atapi \Device\Ide\IdePort0 866284A0
Device \Driver\atapi \Device\Ide\IdePort1 866284A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 866284A0
Device \Driver\Cdrom \Device\CdRom2 8662D768
Device \Driver\mcdbus \Device\00000069 86464008
Device \FileSystem\InCDfs \Device\InCDfsComm 85D15230
Device \FileSystem\Srv \Device\LanmanServer 85B0CD38
Device \Driver\mcdbus \Device\mcdbus 86464008

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D36200
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D36200
Device \FileSystem\Npfs \Device\NamedPipe 86454B90
Device \FileSystem\Msfs \Device\Mailslot 86454B10
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 86638008
Device \Driver\d347prt \Device\Scsi\d347prt1 86638008
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86191A50
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86191A50
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86191A50
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86191A50
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86191A50
Device \FileSystem\InCDfs \GLOBAL??\BsUDF 85D15230
Device \FileSystem\Cdfs \Cdfs 864D72E0

---- Modules - GMER 1.0.14 ----

Module _________ F7418000-F7430000 (98304 bytes)
---- Processes - GMER 1.0.14 ----

Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [568] 0x10000000

Process C:\Program Files\Vzumqeatmyqcw\hjniaes.exe (*** hidden *** ) 664
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Vzumqeatmyqcw\hjniaes.exe [664] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Winamp\winampa.exe [672] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [788] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\WINDOWS\RTHDCPL.EXE [800] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [828] 0x00D40000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\WINDOWS\system32\RUNDLL32.EXE [944] 0x00AB0000

Process C:\Program Files\Vzumqeatmyqcw\hjniaes.exe (*** hidden *** ) 1088
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Vzumqeatmyqcw\hjniaes.exe [1088] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1260] 0x016B0000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\D-Tools\daemon.exe [1296] 0x00CB0000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgtray.exe [1312] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [1384] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [1392] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Internet Download Manager\IDMan.exe [1400] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1408] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [1484] 0x036C0000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1524] 0x02950000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [1688] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\WinRAR\WinRAR.exe [2592] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.313\gmer.exe [3204] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3732] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Documents and Settings\user\Desktop\OTScanIt2\OTScanIt2.exe [3880] 0x10000000
Library C:\WINDOWS\system32\mseun6erd.dll (*** hidden *** ) @ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [4004] 0x10000000

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0xFE 0x38 0x96 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0x76 0x38 0x96 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0x76 0x38 0x96 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0x76 0x38 0x96 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0x76 0x38 0x96 0x58 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@69695 C:\Program Files\Vzumqeatmyqcw\hjniaes.exe hj
Reg HKLM\SOFTWARE\Classes\CLSID\{3fca6ead-2600-4d67-9a37-3df8e3e5bc59}@Model 236
Reg HKLM\SOFTWARE\Classes\CLSID\{3fca6ead-2600-4d67-9a37-3df8e3e5bc59}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xD1 0x98 0xC8 0x0E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x1C 0x0B 0xAC 0x06 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}@Model 302
Reg HKLM\SOFTWARE\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}@Therad 21
Reg HKLM\SOFTWARE\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}@MData 0xCB 0x9B 0xAD 0xEF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@69695 C:\Program Files\Vzumqeatmyqcw\hjniaes.exe hj

---- Files - GMER 1.0.14 ----

File C:\Program Files\Vzumqeatmyqcw 0 bytes
File C:\Program Files\Vzumqeatmyqcw\help.chm 785086 bytes
File C:\Program Files\Vzumqeatmyqcw\hjniaes.exe 1742492 bytes executable
File C:\Program Files\Vzumqeatmyqcw\Log 0 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Audio 0 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Text 0 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Text\aiocht.dat 233298 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Text\aiotxt.dat 798452 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Text\aioweb.dat 228758 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual 0 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07082008.dat 163679888 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07092008.dat 208447945 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07102008.dat 331475649 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07112008.dat 335685296 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07122008.dat 325125294 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07132008.dat 289478199 bytes
File C:\Program Files\Vzumqeatmyqcw\Log\Visual\07142008.dat 144077762 bytes
File C:\Program Files\Vzumqeatmyqcw\unins000.dat 12797 bytes
File C:\Program Files\Vzumqeatmyqcw\unins000.exe 686706 bytes
File C:\WINDOWS\system32\mseun6erd.dll 131072 bytes executable

---- EOF - GMER 1.0.14 ----

Thank you very much for your reply and help.

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 07 February 2009 - 10:28 AM

Hello.

It looks like the keylogger hooks itself into every program that is run. We will need some stronger tools to deal with this.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
With Regards,
The Panda

#5 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 February 2009 - 01:35 PM

Hello PP.

I realise after running ComboFix the process seems to have been killed.

ComboFix 09-02-06.04 - user 2009-02-08 2:06:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.519 [GMT 8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\_sv_CMD_
c:\windows\system\_sv_CMD_\U.exe
c:\windows\system32\BReWErS.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-07 11:38 . 2009-02-07 11:38 250 --a------ c:\windows\gmer.ini
2009-02-04 17:21 . 2008-11-07 00:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-04 17:21 . 2008-11-07 00:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-03 16:56 . 2009-02-03 22:17 <DIR> d-------- c:\documents and settings\user\Application Data\U3
2009-01-28 14:54 . 2009-01-28 14:54 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-28 14:54 . 2009-01-28 14:54 <DIR> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-01-28 14:54 . 2009-01-28 14:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-27 14:30 . 2004-08-04 09:07 2,148,352 --a------ c:\windows\system32\ntoskrnl.exe.zottel
2009-01-27 14:30 . 2004-08-04 09:07 2,015,232 --a------ c:\windows\system32\ntkrnlpa.exe.zottel
2009-01-27 13:15 . 2009-01-27 13:23 <DIR> d-------- c:\program files\Thoosje Vista Sidebar
2009-01-27 12:05 . 2009-01-27 12:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 12:05 . 2009-01-27 12:05 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-27 12:05 . 2009-01-27 12:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 12:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 12:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 22:41 . 2009-01-26 22:41 <DIR> d-------- c:\program files\Trend Micro
2009-01-19 18:03 . 2009-01-19 18:03 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-19 18:03 . 2009-01-28 14:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-19 18:03 . 2009-01-19 18:03 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-09 16:47 . 2009-01-09 16:47 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 18:07 --------- d-----w c:\documents and settings\user\Application Data\DMCache
2009-02-07 16:00 --------- d-----w c:\program files\Garena
2009-02-07 03:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-04 09:22 --------- d-----w c:\program files\DivX
2009-02-03 14:06 --------- d-----w c:\documents and settings\user\Application Data\uTorrent
2009-01-31 08:41 --------- d-----w c:\program files\LegendGunZ V1.2
2009-01-28 07:10 --------- d-----w c:\program files\Magic Workstation
2009-01-28 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-28 00:12 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-28 00:12 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-28 00:12 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-26 16:07 --------- d-----w c:\documents and settings\user\Application Data\Hamachi
2009-01-26 15:53 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-01-26 03:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 03:14 --------- d-----w c:\program files\Saga
2009-01-26 03:13 --------- d-----w c:\program files\Mobius
2009-01-02 06:37 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-01 14:08 --------- d-----w c:\program files\Keronsoft
2009-01-01 14:08 --------- d-----w c:\documents and settings\All Users\Application Data\Keronsoft
2009-01-01 11:58 --------- d-----w c:\program files\Xilisoft
2008-12-30 17:55 --------- d-----w c:\program files\Common Files\xing shared
2008-12-30 17:55 --------- d-----w c:\program files\Common Files\Real
2008-12-30 17:54 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-30 17:54 --------- d-----w c:\program files\Real
2008-12-25 11:24 --------- d-----w c:\program files\Bome's Mouse Keyboard
2008-12-25 10:46 673,546 ----a-w c:\windows\unins000.exe
2008-12-24 18:35 --------- d-----w c:\documents and settings\user\Application Data\Propellerhead Software
2008-12-24 18:34 368,640 ----a-w c:\windows\system32\ReWire.dll
2008-12-24 18:34 233,472 ----a-w c:\windows\system32\REX Shared Library.dll
2008-12-24 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
2008-12-24 18:04 --------- d-----w c:\program files\Propellerhead
2008-12-24 18:03 --------- d-----w c:\program files\PowerISO
2008-12-24 18:02 --------- d-----w c:\program files\MagicDisc
2008-12-24 17:43 --------- d-----w c:\program files\MagicISO
2008-12-21 17:02 --------- d-----w c:\program files\Caly's RPG Dice Roller
2008-12-12 03:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 03:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 03:28 --------- d-----w c:\program files\Java
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-10 18:25 --------- d-----w c:\program files\Gravity
2008-12-10 07:52 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-10 07:39 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 07:36 --------- d-----w c:\program files\Adobe Media Player
2008-12-10 07:33 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-10 07:29 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-10 06:55 --------- d-----w c:\documents and settings\user\Application Data\Download Manager
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-24 05:47 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-09 21:43 410,984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"69695"="c:\program files\Vzumqeatmyqcw\hjniaes.exe" [2006-11-05 1742492]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-08-26 2610608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"69695"="c:\program files\Vzumqeatmyqcw\hjniaes.exe" [2006-11-05 1742492]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-10 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-28 08:12 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= mapledxp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 09:07 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-18 16:36 133104 c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-31 01:54 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LegendGunZ V1.2\\Gunz.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Command And Conquer Red Alert 2 Yuri's Revenge\\gamemd.exe"=
"c:\\Program Files\\Magic Workstation\\MWSPlay.exe"=
"c:\\Documents and Settings\\user\\Desktop\\Miscellaneous\\Draft\\WoW TCG Draft.exe"=
"e:\\Program Files\\EA Sports\\FIFA Online 2\\FF2Client.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-08 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-08 107272]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-25 24720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-08 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 298264]
R3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\XXL3D3.tmp --> c:\docume~1\user\LOCALS~1\Temp\XXL3D3.tmp [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-09 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-09 8320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GARENAPENGINE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1647877149-725345543-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 16:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-svcmon - c:\windows\system32\svcmon\svcmon.exe
MSConfigStartUp-CTFMon - c:\windows\system32\CTF\ctfmon.exe
MSConfigStartUp-HomeKeyLogger - c:\program files\HomeKeylogger\KeyLogger.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{E43C2D05-B380-418a-A8E2-C83122DC61A7} - c:\casino\Miami Beach Casino\casino.exe
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tbv94nn0.default\
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tbv94nn0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tbv94nn0.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tbv94nn0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\tbv94nn0.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 02:07:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [65188]
? [1304]
? [32456]
? [32464]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\XXL3D3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1647877149-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,67,6f,67,72,56,af,4a,d0,16,0e,80,36,5a,f3,fe,81,7f,68,81,81,2c,5a,
7a,46,03,12,79,45,8a,b0,6e,af,dd,c2,d7,b4,51,06,75,87,f1,d0,d9,14,ed,b3,3f,\
"??"=hex:71,62,bd,56,fe,5e,29,33,46,2b,13,c3,ed,70,d7,02

[HKEY_USERS\S-1-5-21-1993962763-1647877149-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,b9,0a,a6,9b,a6,88,bf,c1,08,25,17,14,2e,46,64,7f,20,4d,63,47,
5e,9b,69,1b,10,47,8b,0f,fb,04,a8,c3,52,0e,b5,b9,94,ed,04,15,44,e1,70,f2,63,\
"rkeysecu"=hex:05,73,18,ca,82,de,6e,41,f2,53,05,df,31,89,c4,bc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3fca6ead-2600-4d67-9a37-3df8e3e5bc59}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ec
"Therad"=dword:0000001e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d1,98,c8,0e,30,68,46,02,73,ff,15,5c,cc,8d,d8,a2,d7,2d,e8,c3,36,
d7,cb,51,b7,04,73,83,c2,af,41,f7,c3,ca,7a,78,2e,0e,49,82,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1c,0b,ac,06,76,a5,f5,7c,1e,d4,6e,74,40,a1,6c,65,7e,7c,dc,5f,09,
77,ca,1f,40,39,f7,53,fb,d5,4e,a9,72,b7,1f,ea,8c,1d,e2,84,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}]
@Denied: (Full) (Everyone)
"Model"=dword:0000012e
"Therad"=dword:00000015
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,a7,9d,25,ad,6d,35,2c,d6,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-02-08 2:09:59
ComboFix-quarantined-files.txt 2009-02-07 18:09:14

Pre-Run: 17,443,852,288 bytes free
Post-Run: 17,796,087,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

302

Edited by PropagandaPanda, 07 February 2009 - 01:43 PM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 07 February 2009 - 01:43 PM

Hello.

Not quite. Let's take care of what's left.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    Folder::
    c:\program files\Vzumqeatmyqcw
    
    Rootkit::
    C:\WINDOWS\system32\mseun6erd.dll
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "69695"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "69695"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Please also take a new GMER log too.

With Regards,
The Panda

#7 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 February 2009 - 11:11 PM

Hello PP,

I cant take the CF log as many problems occur -

it takes AGES to finish
force quitting the program causes the processes explorer and system to hang
shutting down becomes a problem

Here's the GMER log :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-08 12:09:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF74C1818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF74C17D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF74B5A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74B62A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF74C1910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF74C1794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74B62C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF74C1866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74C10B0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF1E0AF20]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1288] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86733940
Device \FileSystem\Udfs \UdfsCdRom 865DF110
Device \FileSystem\InCDfs \InCDFsDisk 85D11A60
Device \FileSystem\Udfs \UdfsDisk 865DF110

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 867783D0
Device \FileSystem\Rdbss \Device\FsWrap 85CFA898
Device \Driver\Cdrom \Device\CdRom1 867783D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 865CF750
Device \Driver\atapi \Device\Ide\IdePort0 865CF750
Device \Driver\atapi \Device\Ide\IdePort1 865CF750
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 865CF750
Device \Driver\Cdrom \Device\CdRom2 867783D0
Device \FileSystem\InCDfs \Device\InCDfsComm 85D11A60
Device \FileSystem\Srv \Device\LanmanServer 85B29D18
Device \Driver\mcdbus \Device\mcdbus 8646C1F0

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\mcdbus \Device\0000006b 8646C1F0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D205E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D205E8
Device \FileSystem\Npfs \Device\NamedPipe 85CF9848
Device \FileSystem\Msfs \Device\Mailslot 85D1AB08
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 86409C88
Device \Driver\d347prt \Device\Scsi\d347prt1 86409C88
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 861808E8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 861808E8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 861808E8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 861808E8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 861808E8
Device \FileSystem\InCDfs \GLOBAL??\BsUDF 85D11A60
Device \FileSystem\Cdfs \Cdfs 8667F5E0

---- Modules - GMER 1.0.14 ----

Module _________ F7418000-F7430000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0xA6 0x61 0xF9 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0x2E 0x61 0xF9 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0x2E 0x61 0xF9 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0x2E 0x61 0xF9 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0x2E 0x61 0xF9 0x26 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths@Directory C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1@CachePath C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2@CachePath C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3@CachePath C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4@CachePath C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{3fca6ead-2600-4d67-9a37-3df8e3e5bc59}@Model 236
Reg HKLM\SOFTWARE\Classes\CLSID\{3fca6ead-2600-4d67-9a37-3df8e3e5bc59}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xD1 0x98 0xC8 0x0E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x1C 0x0B 0xAC 0x06 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}@Model 302
Reg HKLM\SOFTWARE\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}@Therad 21
Reg HKLM\SOFTWARE\Classes\CLSID\{b4f5ff02-bc11-49bb-8fd2-4b855aa4fde7}@MData 0xCB 0x9B 0xAD 0xEF ...

---- EOF - GMER 1.0.14 ----

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 08 February 2009 - 11:48 AM

Hello.

ComboFix may have run the script even though it didn't finish.

Please take a log with OTScanIt.

Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Change the Rootkit Scan option from "No" to Yes.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

With Regards,
The Panda

#9 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 09 February 2009 - 05:27 AM

Hello PP,

Here is the OTScan it log.

Thank you so much for your assistance so far.

However, do you have any personal recommendations for antiviruses? I feel AVG gives lots of false positives.

Attached Files



#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 09 February 2009 - 11:48 AM

Hello.

Looks like ComboFix ran successfully.

However, do you have any personal recommendations for antiviruses? I feel AVG gives lots of false positives.

I used AVG for awhile and found it to be OK.

Any of these AVs are good choices:--
F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Also take a new DDS log.

Any issues at the moment?

With Regards,
The Panda

#11 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 10 February 2009 - 07:44 AM

Hello PP,

Traces of malware seems to be gone. FF still crashes when I visit certain websites though. Would you be able to help with this error?

F-Secure :

Scanning Report
Tuesday, February 10, 2009 17:57:58 - 20:36:54

Computer name: USER-36ED159696
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\
Result: 6 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Adtech (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Mediaplex (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Statistics
Scanned:

* Files: 32363
* System: 3954
* Not scanned: 15

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 6
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ETILQS_I30EGMKGF50FZTM
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ETILQS_TJAELJOFGN3RFZD
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ETILQS_UHTTMDVC3LUIH0XI3ZZX
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\SAFE BROWSING-JOURNAL
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY INDEX 2009-02-JOURNAL
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY-JOURNAL
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\THUMBNAILS-JOURNAL
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\VISITED LINKS
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA-JOURNAL

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.6.8511, 2009-02-10
* F-Secure AVP: 7.0.171, 2009-02-09
* F-Secure Pegasus: 1.20.0, 1970-00-01
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

DDS -


DDS (Ver_09-01-19.01) - NTFSx86
Run by user at 20:42:30.95 on 2009-02-10
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.383 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E43C2D05-B380-418a-A8E2-C83122DC61A7} - c:\casino\miami beach casino\casino.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215505712796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215508945421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\tbv94nn0.default\
FF - component: c:\documents and settings\user\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\tbv94nn0.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 107272]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-25 24720]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 903960]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 298264]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\xxl3d3.tmp --> c:\docume~1\user\locals~1\temp\XXL3D3.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-9 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-9 8320]

=============== Created Last 30 ================

2009-02-10 17:30 366,530,056 a------- C:\Heroes.S03E15.HDTV.XviD-LOL.avi
2009-02-10 17:26 <DIR> --d----- C:\fsaua.data
2009-02-10 17:20 <DIR> --d----- C:\78bf33e7f20fe420b5
2009-02-10 17:10 <DIR> --d----- C:\2002cd3077745fdbe3
2009-02-08 11:23 388,608 a------- c:\windows\system32\CF24923.exe
2009-02-08 11:23 <DIR> --d----- C:\ComboFix
2009-02-08 11:22 388,608 a------- c:\windows\system32\CF24691.exe
2009-02-08 03:11 388,608 a------- c:\windows\system32\CF26889.exe
2009-02-08 02:03 <DIR> a-dshr-- C:\cmdcons
2009-02-08 02:02 161,792 a------- c:\windows\SWREG.exe
2009-02-08 02:02 98,816 a------- c:\windows\sed.exe
2009-02-07 11:38 250 a------- c:\windows\gmer.ini
2009-02-04 17:21 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-04 17:21 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-28 14:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-28 14:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-28 14:54 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-01-27 14:30 2,015,232 a------- c:\windows\system32\ntkrnlpa.exe.zottel
2009-01-27 14:30 2,148,352 a------- c:\windows\system32\ntoskrnl.exe.zottel
2009-01-27 13:15 <DIR> --d----- c:\program files\Thoosje Vista Sidebar
2009-01-27 12:05 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-01-27 12:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-27 12:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 12:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-26 22:41 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 18:03 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-19 18:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2009-02-08 15:43 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-08 15:43 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-01-28 08:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-28 08:12 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-28 08:12 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-31 01:54 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-25 18:46 7,452 a------- c:\windows\unins000.dat
2008-12-25 18:46 673,546 a------- c:\windows\unins000.exe
2008-12-25 02:34 233,472 a------- c:\windows\system32\REX Shared Library.dll
2008-12-25 02:34 368,640 a------- c:\windows\system32\ReWire.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 08:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 08:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 10:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 10:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 10:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 10:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-24 13:47 66,872 a------- c:\windows\system32\PnkBstrA.exe

============= FINISH: 20:42:57.20 ===============

Attached Files


Edited by Natchflux, 10 February 2009 - 07:47 AM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 10 February 2009 - 11:51 AM

Hello.

Looks good.

FF still crashes when I visit certain websites though. Would you be able to help with this error?

I can't really help with this.

You could try disabling the FF addons. Have you tried a reinstall of FF?

With Regards,
The Panda

#13 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 11 February 2009 - 09:22 AM

Hello PP,

It seems that AVG LinkScanner is interfering with Firefox. After disabling it, the problem seems to have stopped.

I would like to thank you for your help so far. You have provided great support.

Sincerely,
Natchflux

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 11 February 2009 - 03:42 PM

Hello.

Sorry for the delay.

Looks good to me. Unless there are any issues at the moment, we can wrap up.

Click on Start - > Run.. type:
ComboFix.exe  /u

Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#15 Natchflux

Natchflux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 12 February 2009 - 06:38 AM

Hello PP,

No it wasn't really a late reply.

And I have no other concerns, other than looking for tutorials on using HijackThis/DDS to diagnose problems.

Thanks,
Natchflux




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users