Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I am infected with happili redirect


  • This topic is locked This topic is locked
33 replies to this topic

#1 vartanlvr

vartanlvr

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 30 April 2012 - 02:15 PM

Hello, I first want to say this site and the people who help us unfortunate who get viruses are amazing! about a year ago I had a virus and by reading through the forum was able to fix my problem. My computer has been working wonderfully until last week. This one seems a bit out of my league, so I hope someone can help. I noticed about a week ago that my computer started to become slow and I started having to reload pages because of errors. Well last night I started getting redirected, first to the happili page and then a bunch more tabs with various things I've never even searched started opening.

Thanks in advance for any help you can give me!

I read through another topic on my issue here and I ran the GMER program and this is the log from that.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-30 14:51:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: 18dfkxif.exe; Driver: C:\DOCUME~1\WALK-A~1\LOCALS~1\Temp\pwrdyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6896EBF]

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300F1
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00F1ED04; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00F1ECC3; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00F199F5; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00F19B28; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00F19988; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00F19AFC; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00F196D0; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00F1970E; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00F19692; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00F19763; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00F19A23; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00F19AA2; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00F19855; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00F197B8; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00F198F2; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00F1993D; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00F1ED81; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00F1ED6A; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00F10F1F; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00F1435B; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00F0F221; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00F0F271; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00F0F182; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00F137F1; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00F1388B; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00F13579; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00F0F249; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00F138DD; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00F134ED; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00F0F054; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00F0F022; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00F13723; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00F0F29C; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00F10F5F; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00F1376C; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00F13533; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, F0]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00F0F132; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, F1]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00F1383E; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00F10FF2; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00F13605; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00F13697; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00F144D1; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00F135BF; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00F1364E; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00F136DD; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00F0F09B; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00F1E42A; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00F1E819; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00F1E851; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00F1E3BA; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00F1E872; RET
.text C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE[152] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00F21103; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300F3
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00F3ED04; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00F3ECC3; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00F30F1F; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00F3435B; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00F2F221; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00F2F271; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00F2F182; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00F337F1; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00F3388B; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00F33579; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00F2F249; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00F338DD; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00F334ED; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00F2F054; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00F2F022; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00F33723; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00F2F29C; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00F30F5F; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00F3376C; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00F33533; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, F2]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00F2F132; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, F3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00F3383E; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00F30FF2; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00F33605; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00F33697; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00F344D1; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00F335BF; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00F3364E; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00F336DD; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00F2F09B; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00F3ED81; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00F3ED6A; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00F3E42A; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00F3E819; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00F3E851; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00F3E3BA; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00F3E872; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00F41103; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00F399F5; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00F39B28; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00F39988; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00F39AFC; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00F396D0; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00F3970E; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00F39692; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00F39763; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00F39A23; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00F39AA2; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00F39855; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00F397B8; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00F398F2; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[168] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00F3993D; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 026BE8C0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 6B, 02, C3]
.text C:\Program Files\iTunes\iTunesHelper.exe[360] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 026BED04; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 026BECC3; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 026BED81; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 026BED6A; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 026B0F1F; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 026B0EA1; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 026B435B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 026B0EE0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 026AF221; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 026AF271; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 026AF182; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 026B37F1; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 026B388B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 026B347F; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 026B34CF; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 026B3579; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 026AF249; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 026B38DD; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 026B34ED; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 026B0D96; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 026B0E06; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 026AF054; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 026AF022; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 026B3723; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 026AF29C; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 026B0F5F; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 026B376C; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 026B3533; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 026AF0D8; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 026AF132; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 026B0E46; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 026B383E; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 026B0FF2; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 026B3605; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 026B3697; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 026B44D1; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 026B35BF; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 026B364E; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 026B36DD; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 026AF09B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 026BE42A; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 026BE819; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 026BE851; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 026BE3BA; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 026BE872; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 026C1103; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 026B99F5; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 026B9B28; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 026B9988; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 026B9AFC; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 026B96D0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 026B970E; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 026B9692; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 026B9763; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 026B9A23; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 026B9AA2; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 026B9855; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 026B97B8; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 026B98F2; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[360] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 026B993D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300B9
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B9ED04; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B9ECC3; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00B9ED81; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00B9ED6A; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00B90F1F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00B9435B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00B8F221; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00B8F271; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00B8F182; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00B937F1; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00B9388B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00B93579; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00B8F249; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00B938DD; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00B934ED; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00B8F054; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00B8F022; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00B93723; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00B8F29C; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00B90F5F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00B9376C; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00B93533; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, B8]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00B8F132; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, B9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00B9383E; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00B90FF2; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00B93605; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00B93697; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00B944D1; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00B935BF; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00B9364E; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00B936DD; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00B8F09B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00B999F5; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00B99B28; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00B99988; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00B99AFC; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00B996D0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00B9970E; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00B99692; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00B99763; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00B99A23; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00B99AA2; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00B99855; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00B997B8; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00B998F2; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00B9993D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B9E42A; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B9E819; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B9E851; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B9E3BA; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B9E872; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[380] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00BA1103; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C30014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014ED04; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014ECC3; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00140F1F; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0014435B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0013F221; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0013F271; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0013F182; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 001437F1; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0014388B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00143579; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0013F249; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 001438DD; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 001434ED; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0013F054; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0013F022; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00143723; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0013F29C; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00140F5F; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0014376C; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00143533; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 13]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0013F132; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 14]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0014383E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00140FF2; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00143605; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00143697; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001444D1; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001435BF; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0014364E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 001436DD; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0013F09B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0014ED81; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0014ED6A; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0014E42A; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0014E819; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0014E851; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0014E3BA; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0014E872; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00151103; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 001499F5; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00149B28; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00149988; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00149AFC; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 001496D0; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0014970E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00149692; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00149763; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00149A23; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00149AA2; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00149855; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 001497B8; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 001498F2; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[532] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0014993D; RET
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, C9]
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300C9
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C9ED04; RET
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C9ECC3; RET
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00C9ED81; RET
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00C9ED6A; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00C90F1F; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00C9435B; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00C8F221; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C8F271; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00C8F182; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00C937F1; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00C9388B; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00C93579; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00C8F249; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00C938DD; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00C934ED; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00C8F054; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00C8F022; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00C93723; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00C8F29C; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00C90F5F; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00C9376C; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00C93533; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, C8]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00C8F132; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, C9]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00C9383E; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00C90FF2; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00C93605; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00C93697; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00C944D1; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00C935BF; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00C9364E; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00C936DD; RET
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00C8F09B; RET
.text C:\WINDOWS\Explorer.EXE[636] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00CA1103; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00C999F5; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00C99B28; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00C99988; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00C99AFC; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00C996D0; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00C9970E; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00C99692; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00C99763; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00C99A23; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00C99AA2; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00C99855; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00C997B8; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00C998F2; RET
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00C9993D; RET
.text C:\WINDOWS\Explorer.EXE[636] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00C9E42A; RET
.text C:\WINDOWS\Explorer.EXE[636] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00C9E819; RET
.text C:\WINDOWS\Explorer.EXE[636] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00C9E851; RET
.text C:\WINDOWS\Explorer.EXE[636] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00C9E3BA; RET
.text C:\WINDOWS\Explorer.EXE[636] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00C9E872; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0119E8C0; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 19, 01, C3]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0119ED04; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0119ECC3; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0119ED81; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0119ED6A; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01190F1F; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01190EA1; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0119435B; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01190EE0; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0118F221; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0118F271; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0118F182; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 011937F1; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0119388B; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0119347F; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 011934CF; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01193579; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0118F249; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 011938DD; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 011934ED; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01190D96; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01190E06; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0118F054; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0118F022; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01193723; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0118F29C; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01190F5F; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0119376C; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01193533; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 0118F0D8; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0118F132; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01190E46; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0119383E; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01190FF2; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01193605; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01193697; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 011944D1; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 011935BF; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0119364E; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 011936DD; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0118F09B; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0119E42A; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0119E819; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0119E851; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0119E3BA; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0119E872; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 011A1103; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 011999F5; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01199B28; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01199988; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01199AFC; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 011996D0; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0119970E; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01199692; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01199763; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01199A23; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01199AA2; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01199855; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 011997B8; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 011998F2; RET
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1268] WININET.dll!HttpEndRequestW

BC AdBot (Login to Remove)

 


#2 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 30 April 2012 - 02:19 PM

.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01ECE8C0; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, EC, 01, C3]
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 01ECED04; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 01ECECC3; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01EC0F1F; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01EC0EA1; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01EC435B; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01EC0EE0; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01EBF221; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01EBF271; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01EBF182; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01EC37F1; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01EC388B; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 01EC347F; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 01EC34CF; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01EC3579; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01EBF249; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01EC38DD; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 01EC34ED; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01EC0D96; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01EC0E06; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01EBF054; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01EBF022; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01EC3723; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01EBF29C; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01EC0F5F; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01EC376C; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01EC3533; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01EBF0D8; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01EBF132; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01EC0E46; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01EC383E; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01EC0FF2; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01EC3605; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01EC3697; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 01EC44D1; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 01EC35BF; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01EC364E; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01EC36DD; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01EBF09B; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01ECED81; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01ECED6A; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 01ECE42A; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 01ECE819; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 01ECE851; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 01ECE3BA; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 01ECE872; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 01ED1103; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 01EC99F5; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01EC9B28; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01EC9988; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01EC9AFC; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 01EC96D0; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 01EC970E; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01EC9692; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01EC9763; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01EC9A23; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01EC9AA2; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01EC9855; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 01EC97B8; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 01EC98F2; RET
.text C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[1288] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 01EC993D; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300EC
.text C:\WINDOWS\system32\rundll32.exe[1460] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00ECED04; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00ECECC3; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00EC0F1F; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00EC435B; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00EBF221; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00EBF271; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00EBF182; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00EC37F1; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00EC388B; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00EC3579; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00EBF249; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00EC38DD; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00EC34ED; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00EBF054; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00EBF022; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00EC3723; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00EBF29C; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00EC0F5F; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00EC376C; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00EC3533; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, EB]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00EBF132; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, EC]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00EC383E; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00EC0FF2; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00EC3605; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00EC3697; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00EC44D1; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00EC35BF; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00EC364E; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00EC36DD; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00EBF09B; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00ECED81; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00ECED6A; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00ECE42A; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00ECE819; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00ECE851; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00ECE3BA; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00ECE872; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00EC99F5; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00EC9B28; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00EC9988; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00EC9AFC; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00EC96D0; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00EC970E; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00EC9692; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00EC9763; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00EC9A23; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00EC9AA2; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00EC9855; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00EC97B8; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00EC98F2; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00EC993D; RET
.text C:\WINDOWS\system32\rundll32.exe[1460] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00ED1103; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0172E8C0; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 72, 01, C3]
.text C:\WINDOWS\system32\rundll32.exe[1480] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0172ED04; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0172ECC3; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01720F1F; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01720EA1; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0172435B; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01720EE0; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0171F221; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0171F271; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0171F182; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 017237F1; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0172388B; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0172347F; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 017234CF; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01723579; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0171F249; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 017238DD; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 017234ED; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01720D96; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01720E06; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0171F054; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0171F022; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01723723; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0171F29C; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01720F5F; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0172376C; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01723533; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 0171F0D8; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0171F132; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01720E46; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0172383E; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01720FF2; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01723605; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01723697; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 017244D1; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 017235BF; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0172364E; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 017236DD; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0171F09B; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0172ED81; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0172ED6A; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0172E42A; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0172E819; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0172E851; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0172E3BA; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0172E872; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 01731103; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 017299F5; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01729B28; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01729988; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01729AFC; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 017296D0; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0172970E; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01729692; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01729763; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01729A23; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01729AA2; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01729855; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 017297B8; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 017298F2; RET
.text C:\WINDOWS\system32\rundll32.exe[1480] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0172993D; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0130E8C0; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 30, 01, C3]
.text C:\WINDOWS\ehome\ehtray.exe[1768] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0130ED04; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0130ECC3; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01300F1F; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01300EA1; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0130435B; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01300EE0; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 012FF221; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 012FF271; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 012FF182; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 013037F1; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0130388B; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0130347F; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 013034CF; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01303579; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 012FF249; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 013038DD; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 013034ED; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01300D96; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01300E06; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 012FF054; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 012FF022; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01303723; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 012FF29C; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01300F5F; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0130376C; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01303533; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 012FF0D8; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 012FF132; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01300E46; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0130383E; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01300FF2; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01303605; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01303697; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 013044D1; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 013035BF; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0130364E; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 013036DD; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 012FF09B; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0130ED81; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0130ED6A; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 013099F5; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01309B28; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01309988; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01309AFC; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 013096D0; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0130970E; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01309692; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01309763; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01309A23; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01309AA2; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01309855; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 013097B8; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 013098F2; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0130993D; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0130E42A; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0130E819; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0130E851; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0130E3BA; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0130E872; RET
.text C:\WINDOWS\ehome\ehtray.exe[1768] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 01311103; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0188E8C0; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 88, 01, C3]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0188ED04; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0188ECC3; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 018899F5; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01889B28; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01889988; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01889AFC; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 018896D0; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0188970E; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01889692; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01889763; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01889A23; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01889AA2; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01889855; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 018897B8; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 018898F2; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0188993D; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0188ED81; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0188ED6A; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01880F1F; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01880EA1; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0188435B; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01880EE0; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0187F221; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0187F271; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0187F182; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 018837F1; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0188388B; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0188347F; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 018834CF; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01883579; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0187F249; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 018838DD; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 018834ED; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01880D96; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01880E06; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0187F054; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0187F022; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01883723; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0187F29C; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01880F5F; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0188376C; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01883533; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 0187F0D8; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0187F132; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01880E46; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0188383E; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01880FF2; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01883605; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01883697; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 018844D1; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 018835BF; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0188364E; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 018836DD; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0187F09B; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0188E42A; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0188E819; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0188E851; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0188E3BA; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0188E872; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1972] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 01891103; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C30094
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0094ED04; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0094ECC3; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00940F1F; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0094435B; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0093F221; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0093F271; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0093F182; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 009437F1; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0094388B; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00943579; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0093F249; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 009438DD; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 009434ED; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0093F054; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0093F022; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00943723; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0093F29C; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00940F5F; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0094376C; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00943533; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 93]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0093F132; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 94]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0094383E; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00940FF2; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00943605; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00943697; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 009444D1; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 009435BF; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0094364E; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 009436DD; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0093F09B; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0094ED81; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0094ED6A; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0094E42A; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0094E819; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0094E851; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0094E3BA; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0094E872; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00951103; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 009499F5; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00949B28; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00949988; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00949AFC; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 009496D0; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0094970E; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00949692; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00949763; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00949A23; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00949AA2; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00949855; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 009497B8; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 009498F2; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1996] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0094993D; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 011BE8C0; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 1B, 01, C3]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 011BED04; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 011BECC3; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 011BED81; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 011BED6A; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 011B0F1F; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 011B0EA1; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 011B435B; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 011B0EE0; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 011AF221; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 011AF271; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 011AF182; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 011B37F1; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 011B388B; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 011B347F; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 011B34CF; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 011B3579; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 011AF249; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 011B38DD; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 011B34ED; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 011B0D96; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 011B0E06; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 011AF054; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 011AF022; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 011B3723; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 011AF29C; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 011B0F5F; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 011B376C; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 011B3533; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 011AF0D8; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 011AF132; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 011B0E46; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 011B383E; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 011B0FF2; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 011B3605; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 011B3697; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 011B44D1; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 011B35BF; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 011B364E; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 011B36DD; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 011AF09B; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 011C1103; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 011B99F5; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 011B9B28; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 011B9988; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 011B9AFC; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 011B96D0; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 011B970E; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 011B9692; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 011B9763; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 011B9A23; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 011B9AA2; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 011B9855; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 011B97B8; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 011B98F2; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 011B993D; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ws2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 011BE42A; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ws2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 011BE819; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ws2_32.dll!send 71AB4C27 6 Bytes PUSH 011BE851; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ws2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 011BE3BA; RET
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2020] ws2_32.dll!WSASend

.text C:\WINDOWS\eHome\ehmsas.exe[2096] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300C4
.text C:\WINDOWS\eHome\ehmsas.exe[2096] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C4ED04; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C4ECC3; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00C40F1F; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00C4435B; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00C3F221; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C3F271; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00C3F182; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00C437F1; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00C4388B; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00C43579; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00C3F249; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00C438DD; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00C434ED; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00C3F054; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00C3F022; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00C43723; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00C3F29C; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00C40F5F; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00C4376C; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00C43533; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00C3F132; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, C4]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00C4383E; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00C40FF2; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00C43605; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00C43697; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00C444D1; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00C435BF; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00C4364E; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00C436DD; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00C3F09B; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00C4ED81; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00C4ED6A; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00C4E42A; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00C4E819; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00C4E851; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00C4E3BA; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00C4E872; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00C51103; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00C499F5; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00C49B28; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00C49988; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00C49AFC; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00C496D0; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00C4970E; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00C49692; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00C49763; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00C49A23; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00C49AA2; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00C49855; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00C497B8; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00C498F2; RET
.text C:\WINDOWS\eHome\ehmsas.exe[2096] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00C4993D; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C3009F
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 009FED04; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 009FECC3; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 009FED81; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 009FED6A; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 009F0F1F; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 009F435B; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 009EF221; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 009EF271; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 009EF182; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 009F37F1; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 009F388B; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 009F3579; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 009EF249; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 009F38DD; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 009F34ED; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 009EF054; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 009EF022; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 009F3723; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 009EF29C; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 009F0F5F; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 009F376C; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 009F3533; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 9E]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 009EF132; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 9F]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 009F383E; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 009F0FF2; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 009F3605; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 009F3697; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 009F44D1; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 009F35BF; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 009F364E; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 009F36DD; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 009EF09B; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 009FE42A; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 009FE819; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 009FE851; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 009FE3BA; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 009FE872; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00A01103; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 009F99F5; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 009F9B28; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 009F9988; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 009F9AFC; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 009F96D0; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 009F970E; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 009F9692; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 009F9763; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 009F9A23; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 009F9AA2; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 009F9855; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 009F97B8; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 009F98F2; RET
.text C:\Program Files\Common Files\HPOperatingSystem\HPOperatingSystem.exe[2156] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 009F993D; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0149E8C0; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 49, 01, C3]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0149ED04; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0149ECC3; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01490F1F; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01490EA1; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0149435B; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01490EE0; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0148F221; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0148F271; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0148F182; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 014937F1; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0149388B; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0149347F; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 014934CF; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01493579; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0148F249; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 014938DD; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 014934ED; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01490D96; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01490E06; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0148F054; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0148F022; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01493723; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0148F29C; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01490F5F; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0149376C; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01493533; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 0148F0D8; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0148F132; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01490E46; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0149383E; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01490FF2; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01493605; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01493697; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 014944D1; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 014935BF; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0149364E; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 014936DD; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0148F09B; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0149ED81; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0149ED6A; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 014A1103; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0149E42A; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0149E819; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0149E851; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0149E3BA; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0149E872; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 014999F5; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01499B28; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01499988; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01499AFC; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 014996D0; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0149970E; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01499692; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01499763; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01499A23; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01499AA2; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01499855; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 014997B8; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 014998F2; RET
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2212] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0149993D; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300FA
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00FAED04; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00FAECC3; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00FAED81; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00FAED6A; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00FA0F1F; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00FA435B; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00F9F221; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00F9F271; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00F9F182; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00FA37F1; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00FA388B; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00FA3579; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00F9F249; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00FA38DD; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00FA34ED; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00F9F054; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00F9F022; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00FA3723; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00F9F29C; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00FA0F5F; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00FA376C; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00FA3533; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, F9]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00F9F132; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, FA]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00FA383E; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00FA0FF2; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00FA3605; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00FA3697; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00FA44D1; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00FA35BF; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00FA364E; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00FA36DD; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00F9F09B; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00FAE42A; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00FAE819; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00FAE851; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00FAE3BA; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00FAE872; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00FB1103; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00FA99F5; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00FA9B28; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00FA9988; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00FA9AFC; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00FA96D0; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00FA970E; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00FA9692; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00FA9763; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00FA9A23; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00FA9AA2; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00FA9855; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00FA97B8; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00FA98F2; RET
.text C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe[2252] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00FA993D; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300A1
.text C:\WINDOWS\system32\ctfmon.exe[2316] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00A1ED04; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00A1ECC3; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00A1ED81; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00A1ED6A; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00A10F1F; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00A1435B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00A0F221; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00A0F271; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00A0F182; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00A137F1; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00A1388B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00A13579; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00A0F249; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00A138DD; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00A134ED; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00A0F054; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00A0F022; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00A13723; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00A0F29C; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00A10F5F; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00A1376C; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00A13533; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, A0]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00A0F132; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, A1]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00A1383E; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00A10FF2; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00A13605; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00A13697; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00A144D1; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00A135BF; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00A1364E; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00A136DD; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00A0F09B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00A1E42A; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00A1E819; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00A1E851; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00A1E3BA; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00A1E872; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00A21103; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00A199F5; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00A19B28; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00A19988; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00A19AFC; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00A196D0; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00A1970E; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00A19692; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00A19763; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00A19A23; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00A19AA2; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00A19855; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00A197B8; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00A198F2; RET
.text C:\WINDOWS\system32\ctfmon.exe[2316] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00A1993D; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C30014
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014ED04; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014ECC3; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00140F1F; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0014435B; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0013F221; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0013F271; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0013F182; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 001437F1; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0014388B; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00143579; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0013F249; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 001438DD; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 001434ED; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0013F054; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0013F022; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00143723; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0013F29C; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00140F5F; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0014376C; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00143533; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 13]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0013F132; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 14]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0014383E; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00140FF2; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00143605; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00143697; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001444D1; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001435BF; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0014364E; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 001436DD; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0013F09B; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0014ED81; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0014ED6A; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0014E42A; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0014E819; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0014E851; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0014E3BA; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0014E872; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00151103; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 001499F5; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00149B28; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00149988; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00149AFC; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 001496D0; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0014970E; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00149692; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00149763; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00149A23; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00149AA2; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00149855; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 001497B8; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 001498F2; RET
.text C:\Documents and Settings\Walk-a-thon Winner\My Documents\Downloads\18dfkxif.exe[2332] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0014993D; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0108E8C0; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [9B, EA, 08, 01, C3]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0108ED04; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0108ECC3; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01080F1F; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01080EA1; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0108435B; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01080EE0; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0107F221; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0107F271; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0107F182; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 010837F1; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0108388B; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0108347F; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 010834CF; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01083579; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0107F249; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 010838DD; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 010834ED; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01080D96; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01080E06; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0107F054; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0107F022; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01083723; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0107F29C; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01080F5F; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0108376C; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01083533; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 0107F0D8; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0107F132; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01080E46; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0108383E; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01080FF2; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01083605; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01083697; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 010844D1; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 010835BF; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0108364E; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 010836DD; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0107F09B; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0108ED81; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0108ED6A; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0108E42A; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0108E819; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0108E851; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0108E3BA; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0108E872; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 01091103; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 010899F5; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 01089B28; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 01089988; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 01089AFC; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 010896D0; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0108970E; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 01089692; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 01089763; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 01089A23; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 01089AA2; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 01089855; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 010897B8; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 010898F2; RET
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2472] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0108993D; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C30014
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014ED04; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014ECC3; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00140F1F; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0014435B; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0013F221; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0013F271; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0013F182; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 001437F1; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0014388B; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00143579; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0013F249; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 001438DD; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 001434ED; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0013F054; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0013F022; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00143723; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0013F29C; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00140F5F; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0014376C; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00143533; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 13]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0013F132; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0014383E; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00140FF2; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00143605; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00143697; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001444D1; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001435BF; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0014364E; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 001436DD; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0013F09B; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0014ED81; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0014ED6A; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0014E42A; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0014E819; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0014E851; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0014E3BA; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0014E872; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00151103; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 001499F5; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00149B28; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00149988; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00149AFC; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 001496D0; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0014970E; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00149692; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00149763; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00149A23; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00149AA2; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00149855; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 001497B8; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 001498F2; RET
.text C:\Program Files\Logitech\LWS\LU\LULnchr.exe[2884] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0014993D; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300E7
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00E7ED04; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00E7ECC3; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00E7ED81; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00E7ED6A; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00E70F1F; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00E7435B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00E6F221; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00E6F271; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00E6F182; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00E737F1; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00E7388B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00E73579; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00E6F249; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00E738DD; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00E734ED; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00E6F054; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00E6F022; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00E73723; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00E6F29C; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00E70F5F; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00E7376C; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00E73533; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, E6]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00E6F132; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, E7]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00E7383E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00E70FF2; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00E73605; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00E73697; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00E744D1; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00E735BF; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00E7364E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00E736DD; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00E6F09B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00E7E42A; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00E7E819; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00E7E851; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00E7E3BA; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00E7E872; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00E81103; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00E799F5; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00E79B28; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00E79988; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00E79AFC; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00E796D0; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00E7970E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00E79692; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00E79763; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00E79A23; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00E79AA2; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00E79855; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00E797B8; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00E798F2; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2904] WININET.dll!HttpEndRequestW

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C3003D
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 003DED04; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 003DECC3; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 003D0F1F; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 003D435B; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 003CF221; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 003CF271; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 003CF182; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 003D37F1; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 003D388B; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 003D3579; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 003CF249; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 003D38DD; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 003D34ED; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 003CF054; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 003CF022; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 003D3723; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 003CF29C; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 003D0F5F; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 003D376C; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 003D3533; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 3C]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 003CF132; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 3D]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 003D383E; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 003D0FF2; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 003D3605; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 003D3697; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 003D44D1; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 003D35BF; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 003D364E; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 003D36DD; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 003CF09B; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 003DED81; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 003DED6A; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 003DE42A; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 003DE819; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 003DE851; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 003DE3BA; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 003DE872; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 003E1103; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 003D99F5; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 003D9B28; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 003D9988; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 003D9AFC; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 003D96D0; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 003D970E; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 003D9692; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 003D9763; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 003D9A23; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 003D9AA2; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 003D9855; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 003D97B8; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 003D98F2; RET
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2916] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 003D993D; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300B1
.text C:\WINDOWS\system32\RAMASST.exe[2996] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B1ED04; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B1ECC3; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00B10F1F; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00B1435B; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00B0F221; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00B0F271; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00B0F182; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00B137F1; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00B1388B; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00B13579; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00B0F249; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00B138DD; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00B134ED; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00B0F054; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00B0F022; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00B13723; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00B0F29C; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00B10F5F; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00B1376C; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00B13533; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, B0]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00B0F132; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, B1]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00B1383E; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00B10FF2; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00B13605; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00B13697; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00B144D1; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00B135BF; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00B1364E; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00B136DD; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00B0F09B; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00B1ED81; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00B1ED6A; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B1E42A; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B1E819; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B1E851; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B1E3BA; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B1E872; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00B21103; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00B199F5; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00B19B28; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00B19988; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00B19AFC; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00B196D0; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00B1970E; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00B19692; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00B19763; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00B19A23; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00B19AA2; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00B19855; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00B197B8; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00B198F2; RET
.text C:\WINDOWS\system32\RAMASST.exe[2996] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00B1993D; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C30014
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014ED04; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014ECC3; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00140F1F; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 0014435B; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 0013F221; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 0013F271; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 0013F182; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 001437F1; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 0014388B; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00143579; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 0013F249; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 001438DD; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 001434ED; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 0013F054; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 0013F022; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00143723; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 0013F29C; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00140F5F; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 0014376C; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00143533; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, 13]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 0013F132; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, 14]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 0014383E; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00140FF2; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00143605; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00143697; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001444D1; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001435BF; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 0014364E; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 001436DD; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 0013F09B; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 0014ED81; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 0014ED6A; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 001499F5; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00149B28; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00149988; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00149AFC; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 001496D0; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 0014970E; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00149692; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00149763; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00149A23; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00149AA2; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00149855; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 001497B8; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 001498F2; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 0014993D; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0014E42A; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0014E819; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0014E851; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0014E3BA; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0014E872; RET
.text C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe[3616] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00151103; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, C0, E8, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes JMP 80C300E7
.text C:\WINDOWS\system32\wuauclt.exe[3888] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00E7ED04; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00E7ECC3; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00E7ED81; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00E7ED6A; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00E70F1F; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetDC 7E4186C7 4 Bytes [68, A1, 0E, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00E7435B; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, E0, 0E, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00E6F221; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00E6F271; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00E6F182; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00E737F1; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00E7388B; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 7F, 34, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, CF, 34, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00E73579; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00E6F249; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00E738DD; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00E734ED; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 96, 0D, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 06, 0E, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00E6F054; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00E6F022; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00E73723; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00E6F29C; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00E70F5F; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00E7376C; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00E73533; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, D8, F0, E6]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00E6F132; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, 46, 0E, E7]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00E7383E; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00E70FF2; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00E73605; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00E73697; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00E744D1; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00E735BF; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00E7364E; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00E736DD; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00E6F09B; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00E81103; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00E7E42A; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00E7E819; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00E7E851; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00E7E3BA; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00E7E872; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!InternetReadFile 3D94654B 6 Bytes PUSH 00E799F5; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpQueryInfoA 3D94878D 6 Bytes PUSH 00E79B28; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 00E79988; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 00E79AFC; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 00E796D0; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 00E7970E; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 00E79692; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 00E79763; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 00E79A23; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!InternetSetFilePointer 3D9A5989 6 Bytes PUSH 00E79AA2; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 00E79855; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 00E797B8; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpEndRequestA 3D9BA76E 6 Bytes PUSH 00E798F2; RET
.text C:\WINDOWS\system32\wuauclt.exe[3888] WININET.dll!HttpEndRequestW 3D9BA7A0 6 Bytes PUSH 00E7993D; RET

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpaxt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpaxt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSosvd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSbrsr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSnmxq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSsihl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSrhym.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSbubx.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSvvbj.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSbivk.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkpjp.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Nova Development\PhotoImpact Pro\FantaMorph\Language\Portugu\xbf\xa6s.lng 1

---- EOF - GMER 1.0.15 ----

#3 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 30 April 2012 - 02:57 PM

I forgot to say that I use Windows XP and Firefox. I was using an older version of Firefox but updated it this morning.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 01 May 2012 - 01:01 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 May 2012 - 12:24 PM

Hello Gringo,

Thank You for responding! Well since I posted my initial problem, I think I royally messed up my laptop! I could just kick myself! I tried to update my malwarebytes and then my computer would only boot in safe mode. I ran the malwarebytes in safe mode and it found 12 issues. I uninstalled malwarebytes, rebooted my computer and while super slow, it did eventually boot. I also uninstalled firefox and my personal settings. I reinstalled it today. I will never try to fix anything on my own again!

Here are the logs I just ran from security check and DDS

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.2)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2006 11:10:20 PM
System Uptime: 5/1/2012 12:40:12 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Satellite P105
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U2E1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 34.676 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GMA-4082N_______________HV02____\304D363048373432313220322020202020202020
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVDRAM GMA-4082N
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GMA-4082N_______________HV02____\304D363048373432313220322020202020202020
Service: cdrom
.
==== System Restore Points ===================
.
RP297: 4/28/2012 8:29:02 AM - System Checkpoint
RP298: 1/29/2012 4:50:07 PM - System Checkpoint
RP299: 2/2/2012 6:51:17 PM - System Checkpoint
RP300: 2/7/2012 5:45:42 PM - System Checkpoint
RP301: 2/8/2012 6:09:20 PM - System Checkpoint
RP302: 2/14/2012 4:12:34 PM - System Checkpoint
RP303: 2/21/2012 3:12:26 PM - System Checkpoint
RP304: 2/24/2012 6:09:50 PM - System Checkpoint
RP305: 2/25/2012 6:24:58 PM - System Checkpoint
RP306: 2/26/2012 6:28:38 PM - System Checkpoint
RP307: 2/28/2012 6:11:54 PM - System Checkpoint
RP308: 2/29/2012 7:38:48 PM - System Checkpoint
RP309: 3/3/2012 12:49:16 PM - System Checkpoint
RP310: 3/8/2012 6:05:12 PM - System Checkpoint
RP311: 3/11/2012 10:41:37 AM - System Checkpoint
RP312: 3/13/2012 11:11:26 PM - System Checkpoint
RP313: 3/16/2012 7:42:21 PM - System Checkpoint
RP314: 3/18/2012 5:49:22 PM - System Checkpoint
RP315: 3/20/2012 6:45:32 PM - System Checkpoint
RP316: 3/21/2012 8:15:32 PM - System Checkpoint
RP317: 3/24/2012 1:42:32 PM - System Checkpoint
RP318: 3/26/2012 6:31:01 PM - System Checkpoint
RP319: 3/29/2012 7:17:27 PM - System Checkpoint
RP320: 3/30/2012 6:31:39 PM - Removed Skype™ 5.5
RP321: 3/30/2012 9:31:45 PM - Installed %1 %2.
RP322: 3/30/2012 9:48:08 PM - Installed RollerCoaster Tycoon® 3
RP323: 3/31/2012 11:05:47 AM - Removed RollerCoaster Tycoon® 3
RP324: 4/2/2012 7:46:26 AM - System Checkpoint
RP325: 4/3/2012 6:10:28 PM - System Checkpoint
RP326: 4/5/2012 5:11:50 PM - System Checkpoint
RP327: 4/6/2012 6:00:11 PM - System Checkpoint
RP328: 4/8/2012 4:36:41 PM - System Checkpoint
RP329: 4/10/2012 6:05:49 PM - System Checkpoint
RP330: 4/11/2012 6:35:41 PM - System Checkpoint
RP331: 4/12/2012 7:17:27 PM - System Checkpoint
RP332: 4/14/2012 6:29:20 PM - System Checkpoint
RP333: 4/17/2012 7:48:51 PM - System Checkpoint
RP334: 4/21/2012 6:32:38 PM - System Checkpoint
RP335: 4/24/2012 6:24:15 PM - System Checkpoint
RP336: 4/25/2012 7:14:37 PM - System Checkpoint
RP337: 4/27/2012 5:48:30 PM - System Checkpoint
RP338: 4/28/2012 5:54:28 PM - System Checkpoint
RP339: 4/29/2012 9:30:21 PM - System Checkpoint
RP340: 4/30/2012 10:33:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
32 Bit HP CIO Components Installer
3600_Help
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
AiO_Scan_CDA
AiOSoftwareNPI
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bluetooth Stack for Windows by Toshiba
Bonjour
BookSmart® 3.2.2 3.2.2
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CA Pest Patrol Realtime Protection
CameraHelperMsi
CD/DVD Drive Acoustic Silencer
Click to Call with Skype
Conexant HD Audio
Destinations
DivX Setup
DocProc
DVD-RAM Driver
erLT
ESET Online Scanner v3
Fax
Fax_CDA
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet J3600 Series
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 8.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
InstantShareDevicesMFC
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
J3600
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 30
Java™ SE Runtime Environment 6 Update 1
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
McAfee Security Scan Plus
Metamail (Toshiba Registration Utility)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
Office 2003 Trial Assistant
PanoStandAlone
PhotoImpact Pro
ProductContext
ProductContextNPI
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RegAce
Scan
ScannerCopy
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Spotify
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
Toshiba Controls Utility
Toshiba Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA SD Memory Card Format
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
TOSHIBA TV Tuner 4.0.12.73
Toshiba Utility
TOSHIBA Zooming Utility
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WebFldrs XP
WebReg
Winamp (remove only)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows XP Service Pack 3
.
==== End Of File ===========================

#6 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 May 2012 - 01:44 PM

I know you didn't ask for it, but I may as well post the malwarebytes log just so you can see what it found. .

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Walk-a-thon Winner :: TOSHIBA-USER [administrator]

Protection: Disabled

4/30/2012 11:52:40 PM
mbam-log-2012-05-01 (01-47-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315856
Time elapsed: 1 hour(s), 53 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 3
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:54061 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pcprk (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\WALK-A~1\LOCALS~1\Temp\pcprk.dll",mpegInGetNextFrameTS -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|csums (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\WALK-A~1\LOCALS~1\Temp\csums.dll",GetObjectHandleByName -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\QooBox\Quarantine\C\Documents and Settings\Walk-a-thon Winner\Application Data\D8A43FA6244212A03E56D4081F1EB021\k70ccreloc.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe.vir (PUP.Zugo) -> No action taken.
C:\TDSSKiller_Quarantine\30.04.2012_00.17.45\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\30.04.2012_00.17.45\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\30.04.2012_09.55.52\tdlfs0000\tsk0003.dta (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\GV600_4.dll (RootKit.0Access.H) -> No action taken.
C:\WINDOWS\system32\RR2Ctrl.dll (RootKit.0Access.H) -> No action taken.
C:\WINDOWS\system32\shellhwdetection.dll (RootKit.0Access.H) -> No action taken.
C:\WINDOWS\system32\Xyz777b.dll (RootKit.0Access.H) -> No action taken.
C:\WINDOWS\system32\YahooAUService.dll (RootKit.0Access.H) -> No action taken.
C:\WINDOWS\temp\0.2970717949665068 (Exploit.Drop.9) -> No action taken.
C:\Documents and Settings\Walk-a-thon Winner\Local Settings\temp\ms0cfg32.exe (Exploit.Drop.CFG) -> No action taken.
C:\Documents and Settings\Walk-a-thon Winner\Local Settings\temp\pcprk.dll (Trojan.Agent.LTGen) -> No action taken.
C:\Documents and Settings\Walk-a-thon Winner\Local Settings\temp\csums.dll (Trojan.Agent.LTGen) -> No action taken.

(end)

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 01 May 2012 - 09:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 May 2012 - 10:54 AM

My computer is running at snail speed! Everything I try to open takes forever to load. I uninstalled all my security software before running combofix because I have new anti-virus software (kaspersky) I am going to install after I get this nasty junk off my computer! I started to run combofix and a message popped up that said I might not have internet connection after running it. I am online on infected laptop so that isnt' an issue. Then a message popped up saying rootkit is detected be patient. It then proceeded to reboot computer and run the scan. Here is the log... (THANKS AGAIN FOR YOUR HELP)

ComboFix 12-04-31.03 - Walk-a-thon Winner 05/02/2012 10:57:34.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.674 [GMT -4:00]
Running from: c:\documents and settings\Walk-a-thon Winner\Desktop\usethisone.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Walk-a-thon Winner\Application Data\Awivb
c:\documents and settings\Walk-a-thon Winner\Application Data\Awivb\sily.exe
c:\documents and settings\Walk-a-thon Winner\WINDOWS
C:\Thumbs.db
c:\windows\_iserr31.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-01 17:10 . 2012-05-01 17:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-01 17:05 . 2012-05-01 17:05 16339280 ----a-w- C:\Firefox Setup 12.0.exe
2012-04-30 04:21 . 2012-04-30 04:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-30 02:52 . 2012-04-30 02:52 25022 ----a-w- c:\windows\RGICE.tmp
2012-04-30 00:33 . 2012-04-30 00:33 -------- d-----w- c:\program files\Common Files\HPOperatingSystem
2012-04-30 00:32 . 2012-04-30 00:32 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Local Settings\Application Data\{FE8E042C-925B-11E1-826D-B8AC6F996F26}
2012-04-30 00:32 . 2012-04-30 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0EE88CE88003E9ABC4D151FC4E
2012-04-30 00:32 . 2012-04-30 00:32 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Local Settings\Application Data\Identities
2012-04-30 00:31 . 2012-04-30 03:56 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Application Data\Epti
2012-04-30 00:31 . 2012-04-30 00:31 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Application Data\Amcau
2012-04-14 01:08 . 2012-04-14 01:08 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 06:01 . 2006-03-02 18:38 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-14 01:08 . 2012-03-31 21:05 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 01:08 . 2011-05-19 21:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:46 . 2012-03-31 02:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2005-04-21 13:51 . 2005-04-21 13:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-04-21 13:52 . 2005-04-21 13:52 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2012-04-21 01:19 . 2012-05-01 17:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-11_05.00.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-31 15:47 . 1999-05-29 08:08 45568 c:\windows\UniFish3.exe
+ 2012-05-02 14:52 . 2012-05-02 14:52 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat
+ 2012-03-31 01:31 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2007-10-31 01:39 . 2007-10-31 01:39 59904 c:\windows\system32\TVUAx\zlib1.dll
- 2006-03-02 18:39 . 2012-01-04 13:28 74014 c:\windows\system32\perfc009.dat
+ 2006-03-02 18:39 . 2012-03-19 23:27 74014 c:\windows\system32\perfc009.dat
+ 2006-03-02 18:39 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\sstub.dll
+ 2006-03-02 18:39 . 2008-04-13 16:43 62976 c:\windows\system32\dllcache\spgrmr.dll
+ 2006-03-02 18:39 . 2008-04-14 00:12 34816 c:\windows\system32\dllcache\sniffpol.dll
- 2004-09-28 09:30 . 2005-08-05 21:29 63488 c:\windows\system32\dllcache\medctrro.exe
+ 2006-03-02 21:23 . 2005-08-05 21:29 63488 c:\windows\system32\dllcache\medctrro.exe
+ 2006-03-02 21:23 . 2005-08-05 22:01 45056 c:\windows\system32\dllcache\ehjpnime.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 18944 c:\windows\system32\dllcache\ehiuserxp.dll
- 2005-08-05 22:01 . 2005-08-05 22:01 18944 c:\windows\system32\dllcache\ehiuserxp.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 73728 c:\windows\system32\dllcache\ehiextens.dll
- 2005-08-05 22:01 . 2005-08-05 22:01 73728 c:\windows\system32\dllcache\ehiExtens.dll
+ 2006-03-02 21:23 . 2004-08-10 12:11 10240 c:\windows\system32\dllcache\ehepgnet.dll
+ 2006-03-02 21:23 . 2004-08-10 12:11 35328 c:\windows\system32\dllcache\ehepgdec.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 40960 c:\windows\system32\dllcache\ehentt.dll
+ 2012-02-24 03:30 . 2012-03-19 23:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-02 21:31 . 2012-03-19 23:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-02 21:31 . 2010-01-13 15:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-24 03:30 . 2012-03-19 23:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-21 02:13 . 2012-01-21 02:13 18944 c:\windows\Installer\1bced9fc.msi
+ 2012-01-21 02:11 . 2012-01-21 02:11 92672 c:\windows\Installer\1bced9eb.msi
+ 2012-03-24 02:30 . 2012-03-24 02:30 22016 c:\windows\Installer\15467847.msi
+ 2010-06-13 19:17 . 2012-01-21 00:35 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-13 19:17 . 2011-02-22 15:51 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f5ff3e17f6e213811a108110f7b74ce0\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\671fd43afa00654c9a8c2b9587a08eca\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\34fba6455956a34ed45c4fc20743d5c4\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\19ca3a2c95ca0893c952d37e74c039ad\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2012-03-31 01:31 . 2007-10-22 07:08 20480 c:\windows\$NtUninstallKB926139-v2$\PSCustomSetupUtil.exe
+ 2012-03-31 01:31 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2012-01-21 02:12 . 2012-01-21 02:12 5632 c:\windows\system32\pndx5032.dll
+ 2012-01-21 02:12 . 2012-01-21 02:12 6656 c:\windows\system32\pndx5016.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2012-03-31 01:31 . 2007-10-30 09:15 7680 c:\windows\$NtUninstallKB926139-v2$\PSSetupNativeUtils.exe
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2012-03-31 01:31 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2006-10-16 10:44 . 2006-10-16 10:44 196608 c:\windows\system32\TVUAx\ssleay32.dll
+ 2006-10-18 09:32 . 2006-10-18 09:32 348160 c:\windows\system32\TVUAx\msvcr71.dll
+ 2006-10-18 09:32 . 2006-10-18 09:32 499712 c:\windows\system32\TVUAx\msvcp71.dll
+ 2007-05-17 05:58 . 2007-05-17 05:58 143360 c:\windows\system32\TVUAx\libexpatw.dll
+ 2008-03-04 10:52 . 2008-03-04 10:52 286720 c:\windows\system32\TVUAx\libcurl.dll
+ 2012-01-21 02:12 . 2012-01-21 02:12 198832 c:\windows\system32\rmoc3260.dll
+ 2012-01-21 02:12 . 2012-01-21 02:12 272896 c:\windows\system32\pncrt.dll
+ 2006-03-02 18:39 . 2012-03-19 23:27 447690 c:\windows\system32\perfh009.dat
- 2006-03-02 18:39 . 2012-01-04 13:28 447690 c:\windows\system32\perfh009.dat
+ 2012-04-14 01:08 . 2012-04-14 01:08 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-14 00:08 . 2012-04-14 00:08 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-04-14 00:08 . 2012-04-14 00:08 424608 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-03-31 21:05 . 2012-04-14 01:08 253088 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-01-21 00:26 . 2011-11-10 10:54 157472 c:\windows\system32\javaws.exe
+ 2012-01-21 00:26 . 2011-11-10 10:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-21 00:26 . 2011-11-10 10:54 149280 c:\windows\system32\java.exe
+ 2006-03-02 18:39 . 2008-04-14 00:12 283648 c:\windows\system32\dllcache\winhlp32.exe
+ 2006-03-02 18:39 . 2008-04-14 00:12 279040 c:\windows\system32\dllcache\tshoot.dll
+ 2006-03-02 18:39 . 2008-04-14 00:12 130048 c:\windows\system32\dllcache\softkbd.dll
+ 2006-03-02 18:39 . 2008-04-14 00:11 220160 c:\windows\system32\dllcache\mscandui.dll
- 2004-09-28 09:55 . 2005-08-05 22:01 389120 c:\windows\system32\dllcache\ehRecObj.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 389120 c:\windows\system32\dllcache\ehrecobj.dll
- 2004-09-28 09:54 . 2005-08-05 22:01 307712 c:\windows\system32\dllcache\ehPlayer.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 307712 c:\windows\system32\dllcache\ehplayer.dll
+ 2006-03-02 21:23 . 2004-08-10 12:12 122880 c:\windows\system32\dllcache\ehiwmp.dll
- 2005-08-05 22:01 . 2005-08-05 22:01 278528 c:\windows\system32\dllcache\ehiVidCtl.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 278528 c:\windows\system32\dllcache\ehividctl.dll
- 2004-09-28 09:55 . 2005-08-05 22:01 389120 c:\windows\system32\dllcache\ehiProxy.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 389120 c:\windows\system32\dllcache\ehiproxy.dll
- 2005-08-05 22:01 . 2005-08-05 22:01 204800 c:\windows\system32\dllcache\ehiPlay.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 204800 c:\windows\system32\dllcache\ehiplay.dll
+ 2006-03-02 21:23 . 2006-10-09 21:17 328704 c:\windows\system32\dllcache\ehglid.dll
- 2006-10-09 21:17 . 2006-10-09 21:17 328704 c:\windows\system32\dllcache\ehglid.dll
- 2004-09-28 09:55 . 2005-08-05 22:01 126976 c:\windows\system32\dllcache\ehepgdat.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 126976 c:\windows\system32\dllcache\ehepgdat.dll
+ 2006-03-02 21:23 . 2006-10-09 21:07 868352 c:\windows\system32\dllcache\ehepg.dll
- 2004-09-28 09:55 . 2006-10-09 21:07 868352 c:\windows\system32\dllcache\ehepg.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 192512 c:\windows\system32\dllcache\ehcommon.dll
- 2004-09-28 09:55 . 2005-08-05 22:01 192512 c:\windows\system32\dllcache\ehcommon.dll
+ 2006-03-02 21:23 . 2005-08-05 22:01 102400 c:\windows\system32\dllcache\ehcir.dll
- 2005-08-05 22:01 . 2005-08-05 22:01 102400 c:\windows\system32\dllcache\ehCIR.dll
+ 2006-03-02 21:23 . 2004-08-10 12:11 152064 c:\windows\system32\dllcache\debugsvc.dll
+ 2006-03-02 18:37 . 2004-08-10 12:00 152576 c:\windows\system32\dllcache\bnts.dll
+ 2006-03-02 18:37 . 2008-04-14 00:11 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2006-03-02 18:37 . 2008-04-14 00:11 245248 c:\windows\system32\dllcache\acspecfc.dll
+ 2006-03-02 18:37 . 2008-04-14 00:11 141312 c:\windows\system32\dllcache\aclua.dll
+ 2012-01-20 04:39 . 2011-11-10 10:54 472808 c:\windows\system32\deployJava1.dll
+ 2012-01-21 00:36 . 2012-01-21 00:36 836096 c:\windows\Installer\1b6d4496.msi
+ 2012-01-20 04:39 . 2012-01-20 04:39 203776 c:\windows\Installer\172edeb5.msi
+ 2012-01-20 04:39 . 2012-01-20 04:39 901120 c:\windows\Installer\172edeb0.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-03-31 01:56 . 2012-03-31 01:56 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1d66495fd7a23500f7f8262b200c9b8b\System.Management.Automation.resources.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c314791ced733fca0b01d97f87c1671b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\95283aeaf043cf6550f525f7c2533344\Microsoft.PowerShell.Security.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7e7d906aa80e91912b2518b7b77a18a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-03-31 01:55 . 2012-03-31 01:55 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\29b677e9d1a41f78bd85463edc26891e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2012-03-31 01:31 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB926139-v2$\spuninst\updspapi.dll
+ 2012-03-31 01:31 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB926139-v2$\spuninst\spuninst.exe
+ 2010-04-23 10:22 . 2010-04-23 10:22 2898232 c:\windows\system32\TVUAx\npTVUAx.dll
+ 2006-10-16 10:44 . 2006-10-16 10:44 1028096 c:\windows\system32\TVUAx\libeay32.dll
+ 2006-03-02 18:38 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
- 2006-03-02 18:38 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2012-04-14 01:08 . 2012-04-14 01:08 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
+ 2006-03-02 18:40 . 2004-08-10 12:00 3374640 c:\windows\system32\dllcache\tourW.exe
- 2008-10-16 06:11 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 06:11 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 06:11 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 06:11 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 06:11 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 06:11 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 06:11 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 06:11 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-03-02 21:23 . 2005-08-05 22:01 1349120 c:\windows\system32\dllcache\ehuihlp.dll
- 2005-08-05 22:01 . 2005-08-05 22:01 1349120 c:\windows\system32\dllcache\ehuihlp.dll
- 2004-09-28 09:54 . 2005-08-05 22:01 8843776 c:\windows\system32\dllcache\ehres.dll
+ 2005-08-05 22:01 . 2005-08-05 22:01 8843776 c:\windows\system32\dllcache\ehres.dll
+ 2006-03-02 21:23 . 2006-10-09 21:16 1863680 c:\windows\system32\dllcache\ehcm.dll
- 2004-09-28 09:55 . 2006-10-09 21:16 1863680 c:\windows\system32\dllcache\ehcm.dll
+ 2006-03-02 21:23 . 2004-08-10 12:11 1370112 c:\windows\system32\dllcache\ehchsime.dll
+ 2012-01-21 00:32 . 2012-01-21 00:32 2295808 c:\windows\Installer\1b6d4487.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
- 2008-10-16 06:11 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 06:11 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 06:11 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 06:11 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 06:11 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 06:11 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 06:11 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 06:11 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-03-31 01:56 . 2012-03-31 01:56 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\cf2f92b2b626f7e53e80146b17bd7bed\System.Management.Automation.ni.dll
+ 2012-03-31 01:31 . 2012-03-31 01:31 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2012-01-21 00:35 . 2012-01-21 00:35 23622656 c:\windows\Installer\1b6d4492.msp
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\1b6d4488.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Xefeif"="c:\documents and settings\Walk-a-thon Winner\Application Data\Awivb\sily.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"NDSTray.exe"="NDSTray.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-21 296056]
"HPOperatingSystem"="c:\program files\Common Files\HPOperatingSystem\HPOperatingSystem.exe" [2012-04-30 41568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"rmoc3260.dll OCX"="c:\windows\system32\rmoc3260.dll" [2012-01-21 198832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-2 155648]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
S0 bbowilmu;bbowilmu;c:\windows\system32\drivers\ruuqxn.sys --> c:\windows\system32\drivers\ruuqxn.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 10:12 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 5:05 PM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 10:12 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/1/2012 1:10 PM 129976]
S3 oflpydin;oflpydin;\??\c:\docume~1\WALK-A~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\WALK-A~1\LOCALS~1\Temp\oflpydin.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xusb21
MaRdPnp
s616mgmt
szserver
s3psddr
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:08]
.
2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 02:12]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 02:12]
.
2012-01-11 c:\windows\Tasks\RegAce Scheduled Scan - Walk-a-thon Winner.job
- c:\program files\RegAce System Suite\RegAce.exe [2010-10-26 19:56]
.
2006-10-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-03-02 00:12]
.
2006-10-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-03-02 00:12]
.
2006-10-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-03-02 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: jasonmraz.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://www.gamehouse.com/realarcade-webgames/adventureball/abx.cab
FF - ProfilePath - c:\documents and settings\Walk-a-thon Winner\Application Data\Mozilla\Firefox\Profiles\rnjyonv6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpunauthgreeting2
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-27651257.sys
SafeBoot-34594186.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 11:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-02 11:41:26
ComboFix-quarantined-files.txt 2012-05-02 15:41
ComboFix2.txt 2012-01-11 05:07
ComboFix3.txt 2011-04-05 17:21
ComboFix4.txt 2010-01-13 18:10
ComboFix5.txt 2012-05-02 14:38
.
Pre-Run: 36,854,145,024 bytes free
Post-Run: 37,050,892,288 bytes free
.
- - End Of File - - 5EE652B2C906198FCACC7D0F1549DBD5

#9 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 May 2012 - 11:05 AM

oh, Also, everytime I turn on the computer the little yellow microsoft shield is in the lower right hand corner telling me updates are ready to be installed on your computer. I open it to see what updates are there and it's always the same things.

Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451)
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB26717)
Office 2003 Service Pack 3 (SP3)
Security Update for .NET Framework 2.0 SP2 and 3. SP1 on Windows Server 2003 and Windows XP x86 (KB218864)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual C++2008 Service Pack 1 Redistributale Package (KB238243)
....

The list goes on and on with variants of the same items listed above.

I have tried to install all the updates 2 or 3 times now. I click the install button and then it disappears until the computer is restarted and then it comes back.

I don't know if that is relevant to anything your are helping me with but I thought I should let you know.

Thanks again.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 02 May 2012 - 06:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 May 2012 - 08:40 PM

I haven't been getting any redirects the past few times I tried to search for something, but everything is still running uber slow...so I don't know what the dealio is! Here are reports...

20:37:39.0593 1084 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:37:50.0281 1084 ============================================================
20:37:50.0281 1084 Current date / time: 2012/05/02 20:37:50.0281
20:37:50.0281 1084 SystemInfo:
20:37:50.0281 1084
20:37:50.0281 1084 OS Version: 5.1.2600 ServicePack: 3.0
20:37:50.0281 1084 Product type: Workstation
20:37:50.0281 1084 ComputerName: TOSHIBA-USER
20:37:50.0281 1084 UserName: Walk-a-thon Winner
20:37:50.0281 1084 Windows directory: C:\WINDOWS
20:37:50.0281 1084 System windows directory: C:\WINDOWS
20:37:50.0281 1084 Processor architecture: Intel x86
20:37:50.0281 1084 Number of processors: 2
20:37:50.0281 1084 Page size: 0x1000
20:37:50.0281 1084 Boot type: Normal boot
20:37:50.0281 1084 ============================================================
20:37:55.0703 1084 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:37:55.0750 1084 ============================================================
20:37:55.0750 1084 \Device\Harddisk0\DR0:
20:37:55.0765 1084 MBR partitions:
20:37:55.0765 1084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9D35E2
20:37:55.0765 1084 ============================================================
20:37:55.0875 1084 C: <-> \Device\Harddisk0\DR0\Partition0
20:37:55.0906 1084 ============================================================
20:37:55.0906 1084 Initialize success
20:37:55.0906 1084 ============================================================
20:38:02.0859 2488 ============================================================
20:38:02.0859 2488 Scan started
20:38:02.0859 2488 Mode: Manual;
20:38:02.0859 2488 ============================================================
20:38:03.0609 2488 Abiosdsk - ok
20:38:03.0609 2488 abp480n5 - ok
20:38:03.0765 2488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:38:03.0875 2488 ACPI - ok
20:38:03.0890 2488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:38:03.0906 2488 ACPIEC - ok
20:38:04.0203 2488 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:04.0328 2488 AdobeFlashPlayerUpdateSvc - ok
20:38:04.0343 2488 adpu160m - ok
20:38:04.0453 2488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:38:04.0531 2488 aec - ok
20:38:04.0640 2488 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:38:04.0718 2488 AFD - ok
20:38:04.0718 2488 Aha154x - ok
20:38:04.0765 2488 aic78u2 - ok
20:38:04.0765 2488 aic78xx - ok
20:38:04.0828 2488 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:38:04.0843 2488 Alerter - ok
20:38:04.0906 2488 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:38:04.0921 2488 ALG - ok
20:38:04.0937 2488 AliIde - ok
20:38:04.0937 2488 amsint - ok
20:38:05.0468 2488 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
20:38:05.0812 2488 AntiSpywareService - ok
20:38:05.0937 2488 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:38:05.0984 2488 Apple Mobile Device - ok
20:38:06.0109 2488 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:38:06.0203 2488 AppMgmt - ok
20:38:06.0250 2488 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:38:06.0281 2488 Arp1394 - ok
20:38:06.0296 2488 asc - ok
20:38:06.0296 2488 asc3350p - ok
20:38:06.0312 2488 asc3550 - ok
20:38:06.0562 2488 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:38:06.0656 2488 aspnet_state - ok
20:38:06.0703 2488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:38:06.0718 2488 AsyncMac - ok
20:38:06.0812 2488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:06.0812 2488 atapi - ok
20:38:06.0828 2488 Atdisk - ok
20:38:06.0906 2488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:38:06.0968 2488 Atmarpc - ok
20:38:07.0062 2488 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:38:07.0078 2488 AudioSrv - ok
20:38:07.0109 2488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:38:07.0109 2488 audstub - ok
20:38:07.0125 2488 bbowilmu - ok
20:38:07.0171 2488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:38:07.0171 2488 Beep - ok
20:38:07.0453 2488 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:38:07.0734 2488 BITS - ok
20:38:07.0781 2488 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
20:38:07.0781 2488 BoiHwsetup - ok
20:38:08.0140 2488 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:38:08.0343 2488 Bonjour Service - ok
20:38:08.0421 2488 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:38:08.0453 2488 Browser - ok
20:38:08.0640 2488 catchme - ok
20:38:08.0671 2488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:38:08.0687 2488 cbidf2k - ok
20:38:08.0765 2488 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:38:08.0781 2488 CCDECODE - ok
20:38:08.0781 2488 cd20xrnt - ok
20:38:08.0796 2488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:38:08.0812 2488 Cdaudio - ok
20:38:08.0890 2488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:38:08.0921 2488 Cdfs - ok
20:38:09.0015 2488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:38:09.0062 2488 Cdrom - ok
20:38:09.0062 2488 Changer - ok
20:38:09.0156 2488 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:38:09.0171 2488 CiSvc - ok
20:38:09.0203 2488 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:38:09.0218 2488 ClipSrv - ok
20:38:09.0437 2488 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:09.0625 2488 clr_optimization_v2.0.50727_32 - ok
20:38:09.0687 2488 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:38:09.0687 2488 CmBatt - ok
20:38:09.0703 2488 CmdIde - ok
20:38:09.0718 2488 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:38:09.0734 2488 Compbatt - ok
20:38:09.0734 2488 COMSysApp - ok
20:38:09.0765 2488 Cpqarray - ok
20:38:09.0812 2488 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:38:09.0859 2488 CryptSvc - ok
20:38:09.0859 2488 dac2w2k - ok
20:38:09.0875 2488 dac960nt - ok
20:38:10.0156 2488 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:38:10.0359 2488 DcomLaunch - ok
20:38:10.0484 2488 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:38:10.0546 2488 Dhcp - ok
20:38:10.0640 2488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:10.0734 2488 Disk - ok
20:38:10.0796 2488 DLAIFS_M - ok
20:38:10.0937 2488 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:38:10.0984 2488 DLAUDFAM - ok
20:38:11.0046 2488 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:38:11.0093 2488 DLAUDF_M - ok
20:38:11.0109 2488 dmadmin - ok
20:38:11.0625 2488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:38:12.0078 2488 dmboot - ok
20:38:12.0171 2488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:38:12.0250 2488 dmio - ok
20:38:12.0281 2488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:38:12.0281 2488 dmload - ok
20:38:12.0312 2488 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:38:12.0328 2488 dmserver - ok
20:38:12.0390 2488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:38:12.0421 2488 DMusic - ok
20:38:12.0468 2488 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
20:38:12.0484 2488 Dnscache - ok
20:38:12.0734 2488 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:38:12.0812 2488 Dot3svc - ok
20:38:12.0812 2488 dpti2o - ok
20:38:12.0828 2488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:38:12.0843 2488 drmkaud - ok
20:38:12.0890 2488 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:38:12.0953 2488 DRVMCDB - ok
20:38:12.0968 2488 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:38:13.0000 2488 DRVNDDM - ok
20:38:13.0078 2488 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
20:38:13.0140 2488 DVD-RAM_Service - ok
20:38:13.0312 2488 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:38:13.0406 2488 E100B - ok
20:38:13.0515 2488 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:38:13.0609 2488 e1express - ok
20:38:13.0671 2488 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:38:13.0687 2488 EapHost - ok
20:38:13.0953 2488 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
20:38:14.0093 2488 ehRecvr - ok
20:38:14.0281 2488 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
20:38:14.0328 2488 ehSched - ok
20:38:14.0390 2488 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:38:14.0406 2488 ERSvc - ok
20:38:14.0531 2488 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:38:14.0593 2488 Eventlog - ok
20:38:14.0796 2488 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:38:14.0921 2488 EventSystem - ok
20:38:15.0062 2488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:38:15.0171 2488 Fastfat - ok
20:38:15.0296 2488 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:38:15.0375 2488 FastUserSwitchingCompatibility - ok
20:38:15.0562 2488 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:38:15.0703 2488 Fax - ok
20:38:15.0765 2488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:38:15.0781 2488 Fdc - ok
20:38:15.0843 2488 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
20:38:15.0859 2488 FilterService - ok
20:38:15.0921 2488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:38:15.0937 2488 Fips - ok
20:38:15.0953 2488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:38:15.0968 2488 Flpydisk - ok
20:38:16.0109 2488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:38:16.0171 2488 FltMgr - ok
20:38:16.0453 2488 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:38:16.0484 2488 FontCache3.0.0.0 - ok
20:38:16.0500 2488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:38:16.0515 2488 Fs_Rec - ok
20:38:16.0609 2488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:38:16.0687 2488 Ftdisk - ok
20:38:16.0718 2488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:38:16.0734 2488 GEARAspiWDM - ok
20:38:16.0781 2488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:38:16.0812 2488 Gpc - ok
20:38:17.0046 2488 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:38:17.0109 2488 gupdate - ok
20:38:17.0140 2488 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:38:17.0140 2488 gupdatem - ok
20:38:17.0500 2488 HdAudAddService (a8bccb6ab8e43c39f4ef1bc4db8d6165) C:\WINDOWS\system32\drivers\CHDAud.sys
20:38:17.0828 2488 HdAudAddService - ok
20:38:17.0953 2488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:38:18.0031 2488 HDAudBus - ok
20:38:18.0171 2488 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:38:18.0203 2488 helpsvc - ok
20:38:18.0234 2488 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:38:18.0250 2488 HidServ - ok
20:38:18.0281 2488 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:38:18.0281 2488 HidUsb - ok
20:38:18.0390 2488 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:38:18.0437 2488 hkmsvc - ok
20:38:18.0468 2488 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys
20:38:18.0484 2488 HPFXBULK - ok
20:38:18.0484 2488 hpn - ok
20:38:18.0781 2488 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:38:18.0890 2488 hpqcxs08 - ok
20:38:19.0031 2488 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:38:19.0093 2488 hpqddsvc - ok
20:38:19.0156 2488 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:38:19.0187 2488 HPZid412 - ok
20:38:19.0281 2488 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:38:19.0296 2488 HPZipr12 - ok
20:38:19.0343 2488 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:38:19.0484 2488 HPZius12 - ok
20:38:19.0875 2488 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:38:20.0078 2488 HSFHWAZL - ok
20:38:21.0671 2488 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:38:22.0250 2488 HSF_DPV - ok
20:38:22.0500 2488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:38:22.0656 2488 HTTP - ok
20:38:22.0750 2488 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:38:22.0765 2488 HTTPFilter - ok
20:38:22.0765 2488 i2omgmt - ok
20:38:22.0781 2488 i2omp - ok
20:38:22.0859 2488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:38:22.0890 2488 i8042prt - ok
20:38:23.0796 2488 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:38:24.0546 2488 ialm - ok
20:38:25.0265 2488 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:38:25.0406 2488 IDriverT - ok
20:38:28.0578 2488 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:38:29.0796 2488 idsvc - ok
20:38:32.0968 2488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:38:33.0000 2488 Imapi - ok
20:38:33.0187 2488 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:38:33.0281 2488 ImapiService - ok
20:38:33.0546 2488 ini910u - ok
20:38:33.0546 2488 IntelIde - ok
20:38:33.0609 2488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:38:33.0625 2488 intelppm - ok
20:38:33.0703 2488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:38:33.0718 2488 Ip6Fw - ok
20:38:33.0796 2488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:38:33.0812 2488 IpFilterDriver - ok
20:38:33.0859 2488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:38:33.0875 2488 IpInIp - ok
20:38:34.0046 2488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:38:34.0140 2488 IpNat - ok
20:38:35.0312 2488 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
20:38:35.0890 2488 iPod Service - ok
20:38:36.0062 2488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:38:36.0109 2488 IPSec - ok
20:38:36.0171 2488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:38:36.0171 2488 IRENUM - ok
20:38:36.0281 2488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:38:36.0296 2488 isapnp - ok
20:38:36.0406 2488 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
20:38:36.0421 2488 Iviaspi - ok
20:38:36.0640 2488 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
20:38:36.0734 2488 JavaQuickStarterService - ok
20:38:36.0781 2488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:38:36.0812 2488 Kbdclass - ok
20:38:36.0828 2488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:38:36.0843 2488 kbdhid - ok
20:38:36.0953 2488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:38:37.0046 2488 kmixer - ok
20:38:37.0093 2488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:38:37.0156 2488 KSecDD - ok
20:38:37.0265 2488 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:38:37.0328 2488 lanmanserver - ok
20:38:38.0062 2488 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:38:38.0156 2488 lanmanworkstation - ok
20:38:38.0156 2488 lbrtfdc - ok
20:38:38.0296 2488 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:38:38.0312 2488 LmHosts - ok
20:38:38.0453 2488 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
20:38:38.0500 2488 lvpopflt - ok
20:38:38.0578 2488 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
20:38:38.0593 2488 LVPr2Mon - ok
20:38:38.0828 2488 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
20:38:38.0937 2488 LVPrcSrv - ok
20:38:39.0140 2488 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
20:38:39.0312 2488 LVRS - ok
20:38:43.0546 2488 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
20:38:47.0796 2488 LVUVC - ok
20:38:48.0140 2488 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
20:38:48.0187 2488 McrdSvc - ok
20:38:48.0687 2488 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:38:48.0703 2488 mdmxsdk - ok
20:38:48.0781 2488 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
20:38:48.0843 2488 meiudf - ok
20:38:48.0890 2488 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:38:48.0921 2488 Messenger - ok
20:38:48.0984 2488 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
20:38:49.0046 2488 MHN - ok
20:38:49.0078 2488 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:38:49.0078 2488 MHNDRV - ok
20:38:49.0125 2488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:38:49.0125 2488 mnmdd - ok
20:38:49.0171 2488 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:38:49.0203 2488 mnmsrvc - ok
20:38:49.0250 2488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:38:49.0265 2488 Modem - ok
20:38:49.0296 2488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:38:49.0312 2488 Mouclass - ok
20:38:49.0375 2488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:38:49.0375 2488 mouhid - ok
20:38:49.0421 2488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:38:49.0437 2488 MountMgr - ok
20:38:49.0640 2488 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:38:49.0703 2488 MozillaMaintenance - ok
20:38:49.0718 2488 mraid35x - ok
20:38:49.0843 2488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:38:49.0968 2488 MRxDAV - ok
20:38:50.0281 2488 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:38:50.0531 2488 MRxSmb - ok
20:38:50.0578 2488 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:38:50.0593 2488 MSDTC - ok
20:38:50.0609 2488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:38:50.0625 2488 Msfs - ok
20:38:50.0625 2488 MSIServer - ok
20:38:50.0656 2488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:38:50.0656 2488 MSKSSRV - ok
20:38:50.0687 2488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:38:50.0687 2488 MSPCLOCK - ok
20:38:50.0703 2488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:38:50.0703 2488 MSPQM - ok
20:38:50.0781 2488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:38:50.0781 2488 mssmbios - ok
20:38:50.0843 2488 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:38:50.0843 2488 MSTEE - ok
20:38:50.0953 2488 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:38:51.0015 2488 Mup - ok
20:38:51.0093 2488 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:38:51.0156 2488 NABTSFEC - ok
20:38:51.0359 2488 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:38:51.0515 2488 napagent - ok
20:38:51.0656 2488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:38:51.0750 2488 NDIS - ok
20:38:51.0812 2488 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:38:51.0828 2488 NdisIP - ok
20:38:51.0906 2488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:38:51.0906 2488 NdisTapi - ok
20:38:51.0937 2488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:38:51.0937 2488 Ndisuio - ok
20:38:52.0000 2488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:38:52.0046 2488 NdisWan - ok
20:38:52.0109 2488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:38:52.0125 2488 NDProxy - ok
20:38:52.0187 2488 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
20:38:52.0218 2488 Net Driver HPZ12 - ok
20:38:52.0250 2488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:38:52.0265 2488 NetBIOS - ok
20:38:52.0375 2488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:52.0468 2488 NetBT - ok
20:38:52.0578 2488 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:38:52.0640 2488 NetDDE - ok
20:38:52.0656 2488 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:38:52.0656 2488 NetDDEdsdm - ok
20:38:52.0671 2488 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:38:52.0671 2488 Netdevio - ok
20:38:52.0734 2488 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:52.0750 2488 Netlogon - ok
20:38:52.0953 2488 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:38:53.0062 2488 Netman - ok
20:38:53.0296 2488 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:38:53.0375 2488 NetTcpPortSharing - ok
20:38:53.0437 2488 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:38:53.0484 2488 NIC1394 - ok
20:38:53.0687 2488 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
20:38:53.0796 2488 Nla - ok
20:38:53.0859 2488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:38:53.0875 2488 Npfs - ok
20:38:54.0218 2488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:38:54.0546 2488 Ntfs - ok
20:38:54.0578 2488 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:54.0578 2488 NtLmSsp - ok
20:38:54.0875 2488 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:38:55.0140 2488 NtmsSvc - ok
20:38:55.0171 2488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:38:55.0187 2488 Null - ok
20:38:55.0218 2488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:38:55.0234 2488 NwlnkFlt - ok
20:38:55.0265 2488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:38:55.0281 2488 NwlnkFwd - ok
20:38:55.0484 2488 oflpydin - ok
20:38:55.0531 2488 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:38:55.0578 2488 ohci1394 - ok
20:38:55.0859 2488 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:55.0906 2488 ose - ok
20:38:56.0187 2488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:38:56.0265 2488 Parport - ok
20:38:56.0375 2488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:38:56.0421 2488 PartMgr - ok
20:38:56.0484 2488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:38:56.0515 2488 ParVdm - ok
20:38:56.0625 2488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:38:56.0671 2488 PCI - ok
20:38:56.0671 2488 PCIDump - ok
20:38:56.0687 2488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:38:56.0687 2488 PCIIde - ok
20:38:56.0828 2488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:38:56.0906 2488 Pcmcia - ok
20:38:56.0906 2488 PDCOMP - ok
20:38:56.0921 2488 PDFRAME - ok
20:38:56.0937 2488 PDRELI - ok
20:38:56.0937 2488 PDRFRAME - ok
20:38:56.0953 2488 perc2 - ok
20:38:56.0953 2488 perc2hib - ok
20:38:57.0015 2488 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
20:38:57.0031 2488 pfc - ok
20:38:57.0156 2488 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:38:57.0156 2488 PlugPlay - ok
20:38:57.0250 2488 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
20:38:57.0281 2488 Pml Driver HPZ12 - ok
20:38:57.0312 2488 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:57.0328 2488 PolicyAgent - ok
20:38:57.0390 2488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:38:57.0437 2488 PptpMiniport - ok
20:38:57.0437 2488 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:57.0437 2488 ProtectedStorage - ok
20:38:57.0484 2488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:38:57.0531 2488 PSched - ok
20:38:57.0546 2488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:38:57.0562 2488 Ptilink - ok
20:38:57.0593 2488 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:38:57.0625 2488 PxHelp20 - ok
20:38:57.0656 2488 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
20:38:57.0671 2488 qkbfiltr - ok
20:38:57.0671 2488 ql1080 - ok
20:38:57.0687 2488 Ql10wnt - ok
20:38:57.0687 2488 ql12160 - ok
20:38:57.0703 2488 ql1240 - ok
20:38:57.0703 2488 ql1280 - ok
20:38:57.0718 2488 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
20:38:57.0734 2488 qmofiltr - ok
20:38:57.0781 2488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:38:57.0796 2488 RasAcd - ok
20:38:57.0906 2488 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:38:57.0953 2488 RasAuto - ok
20:38:58.0015 2488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:38:58.0046 2488 Rasl2tp - ok
20:38:58.0218 2488 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:38:58.0312 2488 RasMan - ok
20:38:58.0343 2488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:38:58.0375 2488 RasPppoe - ok
20:38:58.0421 2488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:38:58.0421 2488 Raspti - ok
20:38:58.0562 2488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:38:58.0656 2488 Rdbss - ok
20:38:58.0671 2488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:38:58.0671 2488 RDPCDD - ok
20:38:58.0812 2488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:38:58.0921 2488 rdpdr - ok
20:38:59.0015 2488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:38:59.0093 2488 RDPWD - ok
20:38:59.0203 2488 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:38:59.0281 2488 RDSessMgr - ok
20:38:59.0312 2488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:38:59.0343 2488 redbook - ok
20:38:59.0421 2488 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:38:59.0453 2488 RemoteAccess - ok
20:38:59.0500 2488 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:38:59.0531 2488 RemoteRegistry - ok
20:38:59.0546 2488 RimUsb - ok
20:38:59.0593 2488 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:38:59.0609 2488 RimVSerPort - ok
20:38:59.0640 2488 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:38:59.0640 2488 ROOTMODEM - ok
20:38:59.0906 2488 RoxLiveShare9 - ok
20:38:59.0968 2488 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:39:00.0015 2488 RpcLocator - ok
20:39:00.0343 2488 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:39:00.0343 2488 RpcSs - ok
20:39:00.0453 2488 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:39:00.0531 2488 RSVP - ok
20:39:00.0593 2488 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:39:00.0593 2488 SamSs - ok
20:39:00.0671 2488 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:39:00.0703 2488 sbp2port - ok
20:39:00.0796 2488 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:39:00.0859 2488 SCardSvr - ok
20:39:00.0968 2488 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:39:01.0078 2488 Schedule - ok
20:39:01.0156 2488 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:39:01.0187 2488 sdbus - ok
20:39:01.0250 2488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:39:01.0265 2488 Secdrv - ok
20:39:01.0312 2488 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:39:01.0328 2488 seclogon - ok
20:39:01.0359 2488 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:39:01.0375 2488 SENS - ok
20:39:01.0421 2488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:39:01.0453 2488 Serial - ok
20:39:01.0531 2488 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:39:01.0546 2488 sffdisk - ok
20:39:01.0562 2488 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:39:01.0578 2488 sffp_sd - ok
20:39:01.0609 2488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:39:01.0609 2488 Sfloppy - ok
20:39:01.0937 2488 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:39:02.0125 2488 SharedAccess - ok
20:39:02.0250 2488 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:39:02.0265 2488 ShellHWDetection - ok
20:39:02.0265 2488 Simbad - ok
20:39:02.0328 2488 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:39:02.0328 2488 SLIP - ok
20:39:02.0390 2488 SMCB000 (6c7f2b518f8a7abe1c145f26aa48c633) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
20:39:02.0390 2488 SMCB000 - ok
20:39:02.0421 2488 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:39:02.0468 2488 SONYPVU1 - ok
20:39:02.0468 2488 Sparrow - ok
20:39:02.0531 2488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:39:02.0546 2488 splitter - ok
20:39:02.0640 2488 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:39:02.0671 2488 Spooler - ok
20:39:02.0718 2488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:39:02.0765 2488 sr - ok
20:39:02.0906 2488 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:39:03.0000 2488 srservice - ok
20:39:03.0265 2488 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
20:39:03.0468 2488 Srv - ok
20:39:03.0546 2488 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:39:03.0578 2488 SSDPSRV - ok
20:39:03.0875 2488 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:39:04.0062 2488 stisvc - ok
20:39:04.0109 2488 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:39:04.0125 2488 streamip - ok
20:39:04.0156 2488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:39:04.0156 2488 swenum - ok
20:39:04.0218 2488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:39:04.0250 2488 swmidi - ok
20:39:04.0250 2488 SwPrv - ok
20:39:04.0343 2488 Swupdtmr (486a64aabd88e4e174681e89e9736bc9) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
20:39:04.0375 2488 Swupdtmr - ok
20:39:04.0375 2488 symc810 - ok
20:39:04.0390 2488 symc8xx - ok
20:39:04.0390 2488 sym_hi - ok
20:39:04.0406 2488 sym_u3 - ok
20:39:04.0531 2488 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:39:04.0640 2488 SynTP - ok
20:39:04.0703 2488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:39:04.0750 2488 sysaudio - ok
20:39:04.0843 2488 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:39:04.0890 2488 SysmonLog - ok
20:39:05.0078 2488 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:39:05.0250 2488 TapiSrv - ok
20:39:05.0281 2488 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
20:39:05.0296 2488 tbiosdrv - ok
20:39:05.0562 2488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:39:05.0750 2488 Tcpip - ok
20:39:05.0828 2488 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
20:39:05.0843 2488 TcUsb - ok
20:39:05.0875 2488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:39:05.0890 2488 TDPIPE - ok
20:39:05.0921 2488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:39:05.0937 2488 TDTCP - ok
20:39:06.0000 2488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:39:06.0015 2488 TermDD - ok
20:39:06.0281 2488 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:39:06.0453 2488 TermService - ok
20:39:06.0593 2488 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:39:06.0593 2488 Themes - ok
20:39:06.0703 2488 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
20:39:06.0796 2488 tifm21 - ok
20:39:06.0859 2488 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:39:06.0906 2488 TlntSvr - ok
20:39:06.0906 2488 TosIde - ok
20:39:06.0968 2488 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:39:07.0031 2488 TrkWks - ok
20:39:07.0109 2488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:39:07.0156 2488 Udfs - ok
20:39:07.0156 2488 UIUSys - ok
20:39:07.0171 2488 ultra - ok
20:39:07.0437 2488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:39:07.0656 2488 Update - ok
20:39:07.0890 2488 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:39:08.0000 2488 upnphost - ok
20:39:08.0093 2488 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:39:08.0109 2488 UPS - ok
20:39:08.0171 2488 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:39:08.0203 2488 USBAAPL - ok
20:39:08.0265 2488 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:39:08.0312 2488 usbaudio - ok
20:39:08.0359 2488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:39:08.0375 2488 usbccgp - ok
20:39:08.0406 2488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:39:08.0421 2488 usbehci - ok
20:39:08.0515 2488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:39:08.0546 2488 usbhub - ok
20:39:08.0609 2488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:39:08.0640 2488 usbprint - ok
20:39:08.0671 2488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:39:08.0687 2488 usbscan - ok
20:39:08.0734 2488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:39:08.0750 2488 USBSTOR - ok
20:39:08.0796 2488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:39:08.0812 2488 usbuhci - ok
20:39:08.0906 2488 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:39:08.0984 2488 usbvideo - ok
20:39:09.0093 2488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:39:09.0109 2488 VgaSave - ok
20:39:09.0109 2488 ViaIde - ok
20:39:09.0156 2488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:39:09.0187 2488 VolSnap - ok
20:39:09.0406 2488 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:39:09.0562 2488 VSS - ok
20:39:09.0734 2488 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:39:09.0828 2488 W32Time - ok
20:39:10.0781 2488 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:39:11.0578 2488 w39n51 - ok
20:39:12.0312 2488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:39:12.0328 2488 Wanarp - ok
20:39:12.0343 2488 wanatw - ok
20:39:12.0343 2488 WDICA - ok
20:39:12.0421 2488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:39:12.0468 2488 wdmaud - ok
20:39:12.0562 2488 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:39:12.0593 2488 WebClient - ok
20:39:13.0062 2488 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:39:13.0453 2488 winachsf - ok
20:39:13.0625 2488 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:39:13.0718 2488 winmgmt - ok
20:39:13.0796 2488 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:39:13.0812 2488 WmdmPmSN - ok
20:39:14.0218 2488 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:39:14.0562 2488 Wmi - ok
20:39:14.0656 2488 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:39:14.0656 2488 WmiAcpi - ok
20:39:14.0828 2488 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:39:14.0921 2488 WmiApSrv - ok
20:39:15.0671 2488 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:39:16.0171 2488 WMPNetworkSvc - ok
20:39:16.0265 2488 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:39:16.0281 2488 WS2IFSL - ok
20:39:16.0390 2488 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:39:16.0437 2488 wscsvc - ok
20:39:16.0500 2488 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:39:16.0515 2488 WSTCODEC - ok
20:39:16.0546 2488 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:39:16.0578 2488 wuauserv - ok
20:39:16.0656 2488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:39:16.0703 2488 WudfPf - ok
20:39:16.0765 2488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:39:16.0812 2488 WudfRd - ok
20:39:16.0859 2488 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:39:16.0921 2488 WudfSvc - ok
20:39:17.0250 2488 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:39:17.0515 2488 WZCSVC - ok
20:39:17.0625 2488 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:39:17.0703 2488 xmlprov - ok
20:39:17.0765 2488 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
20:39:18.0109 2488 \Device\Harddisk0\DR0 - ok
20:39:18.0109 2488 Boot (0x1200) (ddf12b0491322a0c719c581a96ca3c58) \Device\Harddisk0\DR0\Partition0
20:39:18.0125 2488 \Device\Harddisk0\DR0\Partition0 - ok
20:39:18.0125 2488 ============================================================
20:39:18.0125 2488 Scan finished
20:39:18.0125 2488 ============================================================
20:39:18.0140 3220 Detected object count: 0
20:39:18.0140 3220 Actual detected object count: 0

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 20:47:08
-----------------------------
20:47:08.000 OS Version: Windows 5.1.2600 Service Pack 3
20:47:08.000 Number of processors: 2 586 0xE08
20:47:08.000 ComputerName: TOSHIBA-USER UserName:
20:47:11.593 Initialize success
20:47:27.312 AVAST engine defs: 12050201
20:47:40.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:47:40.250 Disk 0 Vendor: TOSHIBA_MK1032GSX AS021G Size: 95396MB BusType: 3
20:47:40.281 Disk 0 MBR read successfully
20:47:40.281 Disk 0 MBR scan
20:47:40.406 Disk 0 Windows XP default MBR code
20:47:40.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95142 MB offset 63
20:47:40.437 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 251 MB offset 194852385
20:47:40.500 Disk 0 scanning sectors +195366465
20:47:40.656 Disk 0 scanning C:\WINDOWS\system32\drivers
20:48:23.828 Service scanning
20:49:28.250 Modules scanning
20:49:53.328 Disk 0 trace - called modules:
20:49:53.359 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:49:53.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f74ab8]
20:49:53.375 3 CLASSPNP.SYS[f762cfd7] -> nt!IofCallDriver -> \Device\00000079[0x86f07268]
20:49:53.375 5 ACPI.sys[f7583620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f06940]
20:49:57.468 AVAST engine scan C:\WINDOWS
20:50:19.156 AVAST engine scan C:\WINDOWS\system32
21:02:39.953 AVAST engine scan C:\WINDOWS\system32\drivers
21:03:39.250 AVAST engine scan C:\Documents and Settings\Walk-a-thon Winner
21:10:43.312 File: C:\Documents and Settings\Walk-a-thon Winner\Application Data\Sun\Java\Deployment\cache\6.0\18\3f48c312-1fe8308b **INFECTED** Win32:Karagany-FS [Trj]
21:15:59.781 File: C:\Documents and Settings\Walk-a-thon Winner\Local Settings\Application Data\Nova Development\ProductUpdate\230.exe **INFECTED** Win32:Malware-gen
21:31:22.984 AVAST engine scan C:\Documents and Settings\All Users
21:38:09.421 Scan finished successfully
21:39:08.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Walk-a-thon Winner\Desktop\MBR.dat"
21:39:08.812 The log file has been saved successfully to "C:\Documents and Settings\Walk-a-thon Winner\Desktop\aswMBRlog.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 02 May 2012 - 09:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
Folder::
c:\Program Files\Windows iLivid Toolba
C:\Documents and Settings\Walk-a-thon Winner\Application Data\Sun\Java\Deployment\cache\6.0\18

File::
C:\Documents and Settings\Walk-a-thon Winner\Local Settings\Application Data\Nova Development\ProductUpdate\230.exe

Driver::
oflpydin

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 May 2012 - 10:30 PM

When combofix first started to run this message popped up...

you are infect with ROotkit.zero access
it has inserted itself into the tcp/ip stack.
This is a particularly difficult infection.
If for any reason that your're unable to connect to the internet after running Combofix, reboot once and see if that fixes it.
If it's not fixed run ComboFix one more time.

I clicked ok and then another message popped up that said,
rootkit is dectected
Be patient as this may take some moments

I clicked ok then combofix did it's thing...here is the log

ComboFix 12-05-02.04 - Walk-a-thon Winner 05/02/2012 22:35:29.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.681 [GMT -4:00]
Running from: c:\documents and settings\Walk-a-thon Winner\Desktop\usethisone.exe
Command switches used :: c:\documents and settings\Walk-a-thon Winner\Desktop\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\documents and settings\Walk-a-thon Winner\Local Settings\Application Data\Nova Development\ProductUpdate\230.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Walk-a-thon Winner\Local Settings\Application Data\Nova Development\ProductUpdate\230.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OFLPYDIN
-------\Service_oflpydin
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-01 17:10 . 2012-05-01 17:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-01 17:05 . 2012-05-01 17:05 16339280 ----a-w- C:\Firefox Setup 12.0.exe
2012-04-30 04:21 . 2012-04-30 04:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-30 02:52 . 2012-04-30 02:52 25022 ----a-w- c:\windows\RGICE.tmp
2012-04-30 00:33 . 2012-04-30 00:33 -------- d-----w- c:\program files\Common Files\HPOperatingSystem
2012-04-30 00:32 . 2012-04-30 00:32 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Local Settings\Application Data\{FE8E042C-925B-11E1-826D-B8AC6F996F26}
2012-04-30 00:32 . 2012-04-30 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0EE88CE88003E9ABC4D151FC4E
2012-04-30 00:32 . 2012-04-30 00:32 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Local Settings\Application Data\Identities
2012-04-30 00:31 . 2012-04-30 03:56 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Application Data\Epti
2012-04-30 00:31 . 2012-04-30 00:31 -------- d-----w- c:\documents and settings\Walk-a-thon Winner\Application Data\Amcau
2012-04-14 01:08 . 2012-04-14 01:08 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 06:01 . 2006-03-02 18:38 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-14 01:08 . 2012-03-31 21:05 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 01:08 . 2011-05-19 21:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:46 . 2012-03-31 02:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2005-04-21 13:51 . 2005-04-21 13:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-04-21 13:52 . 2005-04-21 13:52 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2012-04-21 01:19 . 2012-05-01 17:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-02_15.33.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-03 03:15 . 2012-05-03 03:15 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Xefeif"="c:\documents and settings\Walk-a-thon Winner\Application Data\Awivb\sily.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"NDSTray.exe"="NDSTray.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-21 296056]
"HPOperatingSystem"="c:\program files\Common Files\HPOperatingSystem\HPOperatingSystem.exe" [2012-04-30 41568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"rmoc3260.dll OCX"="c:\windows\system32\rmoc3260.dll" [2012-01-21 198832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-2 155648]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
S0 bbowilmu;bbowilmu;c:\windows\system32\drivers\ruuqxn.sys --> c:\windows\system32\drivers\ruuqxn.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 10:12 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 5:05 PM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 10:12 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/1/2012 1:10 PM 129976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xusb21
MaRdPnp
s616mgmt
szserver
s3psddr
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:08]
.
2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 02:12]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 02:12]
.
2012-01-11 c:\windows\Tasks\RegAce Scheduled Scan - Walk-a-thon Winner.job
- c:\program files\RegAce System Suite\RegAce.exe [2010-10-26 19:56]
.
2006-10-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-03-02 00:12]
.
2006-10-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-03-02 00:12]
.
2006-10-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-03-02 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: jasonmraz.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://www.gamehouse.com/realarcade-webgames/adventureball/abx.cab
FF - ProfilePath - c:\documents and settings\Walk-a-thon Winner\Application Data\Mozilla\Firefox\Profiles\rnjyonv6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpunauthgreeting2
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 23:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5460)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
c:\program files\Logitech\LWS\LU\LULnchr.exe
c:\program files\Logitech\LWS\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-05-02 23:27:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-03 03:27
ComboFix2.txt 2012-05-02 15:41
ComboFix3.txt 2012-01-11 05:07
ComboFix4.txt 2011-04-05 17:21
ComboFix5.txt 2012-05-03 02:19
.
Pre-Run: 36,858,769,408 bytes free
Post-Run: 36,912,394,240 bytes free
.
- - End Of File - - 69B7B25F1491E3B9139CC4B080A998F6

#14 vartanlvr

vartanlvr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 May 2012 - 10:41 PM

my laptop seems to be running less slowly now! I don't know if it's completely healed but it's def not moving at snail speed!
right now!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 02 May 2012 - 10:47 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do




uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 3
Java™ 6 Update 30
Java™ SE Runtime Environment 6 Update 1
McAfee Security Scan Plus
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users