Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess.ee Trojan


  • This topic is locked This topic is locked
24 replies to this topic

#1 Rookie222

Rookie222

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 12 September 2012 - 03:06 PM

must do logs separately pop up states too long:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Dawn at 9:52:37 on 2012-09-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2382 [GMT -4:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
svchost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\D-Link\SharePort Utility\Connect.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=cc63466e0000000000000007e94c155e
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120626170340.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [PMSpeed] c:\program files\newsoft\presto! pagemanager 8 for ep\PMSpeed.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\dawn\local settings\application data\akamai\netsession_win.exe"
uRun: [jrctrtpb] "c:\documents and settings\dawn\local settings\application data\cjtxtuws.exe"
uRun: [Cymatao] "c:\documents and settings\dawn\application data\ocaqix\rula.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AnySync] "c:\program files\anysync\SyncLauncher.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264613689078
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264613670796
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BCA468CE-1E68-486B-82C1-084A7A8F4B87} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dawn\application data\mozilla\firefox\profiles\ln8j4nbg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1336406398&rver=5.5.4177.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fmy.msn.com%252f&lc=1033&id=254014
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=cc63466e0000000000000007e94c155e&q=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\vdownloader\addons\npVDownloader.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-27 475704]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2011-4-21 911680]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-27 89792]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-21 3987376]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2010-9-9 40960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-6-24 54760]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-2-9 12184]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-27 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-27 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-27 159608]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-6-11 206120]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2009-7-3 246920]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-2-18 4497704]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-6-11 185640]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-2-18 113448]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-4-21 163232]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-27 57600]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 12184]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-27 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-27 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-27 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-27 83856]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-6 250056]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-10-14 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-30 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-27 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-27 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-7-11 86016]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
.
=============== Created Last 30 ================
.
2012-09-11 18:25:36 14664 ----a-w- c:\windows\stinger.sys
2012-09-11 18:24:41 -------- d-----w- c:\program files\stinger
2012-09-11 16:41:44 -------- d-----w- c:\program files\Enigma Software Group
2012-09-11 16:40:47 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-11 16:40:42 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-09-11 15:06:57 -------- d-----w- c:\documents and settings\dawn\application data\Vyete
2012-09-11 15:06:57 -------- d-----w- c:\documents and settings\dawn\application data\Ridum
2012-09-11 15:06:57 -------- d-----w- c:\documents and settings\dawn\application data\Ocaqix
2012-09-10 13:33:34 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-09-11 18:24:51 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-11 18:24:51 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-09-11 18:24:51 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 18:23:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 18:23:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2010-01-26 14:11:08 444283 -c--a-w- c:\program files\common files\WinPcapNmap.exe
.
============= FINISH: 9:58:57.50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2010 1:08:17 PM
System Uptime: 9/12/2012 8:51:17 AM (1 hours ago)
.
Motherboard: Intel Corporation | | D875PBZ
Processor: Intel® Pentium® 4 CPU 3.20GHz | J2E1 | 3192/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 413.619 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 14.085 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is FIXED (NTFS) - 218 GiB total, 136.324 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP299: 5/29/2012 8:36:28 AM - System Checkpoint
RP300: 6/1/2012 6:50:35 PM - System Checkpoint
RP301: 6/3/2012 8:22:18 AM - System Checkpoint
RP302: 6/5/2012 9:10:23 AM - Software Distribution Service 3.0
RP303: 6/14/2012 6:02:03 AM - Software Distribution Service 3.0
RP304: 6/17/2012 2:14:45 PM - System Checkpoint
RP305: 6/27/2012 8:42:11 AM - System Checkpoint
RP306: 7/11/2012 2:29:49 PM - Software Distribution Service 3.0
RP307: 7/16/2012 5:20:08 PM - System Checkpoint
RP308: 8/14/2012 12:19:00 PM - System Checkpoint
RP309: 8/16/2012 6:23:45 AM - Software Distribution Service 3.0
RP310: 8/23/2012 10:40:37 AM - System Checkpoint
RP311: 9/9/2012 7:53:58 AM - System Checkpoint
RP312: 9/11/2012 12:41:40 PM - Installed SpyHunter
RP313: 9/11/2012 2:16:05 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
AcronisTrueImageHome 2011
Active Disk
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 10
Adobe Premiere Elements 10 Content
Adobe Premiere Elements 10 Content 1
Adobe Premiere Elements 10 Content 2
Adobe Premiere Elements 10 Content 3
Adobe Premiere Elements 10 HD Content 1
Adobe Premiere Elements 10 HD Content 2
Adobe Premiere Elements 10 HD Content 3
Adobe Reader 9.3.3
Adobe Reader X (10.1.2)
AIM 7
AIM Search
AIM Toolbar
AiO_Scan_CDA
AiOSoftwareNPI
Akamai NetSession Interface
Any Video Converter 3.3.5
AnySync
AnyTime Organizer
APC PowerChute Personal Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
Audacity 2.0
Bejeweled Twist
Bing Bar
Bonjour
BufferChm
C309a
C6100
c6100_Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon Easy-WebPrint EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Cinescore Studio 1.0
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Extra Content
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Extra Content
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Creative Audio Console
Creative Software AutoUpdate
CricutSync
CueTour
Destinations
DeviceDiscovery
DeviceManagementQFolder
DIGOpt
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Elements 10 Organizer
EPSON Artisan 810 Series Printer Uninstall
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EPSON Web-To-Page
EpsonNet Print
EpsonNet Setup
eReg
ESET Online Scanner v3
eSupportQFolder
Fax
Fax_CDA
FROG
FullDPAppQFolder
Gateway Drivers and Applications Recovery
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Document Viewer 7.0
HP Imaging Device Functions 13.0
HP Photosmart C309a All-In-One Driver Software 13.0 Rel .5
HP Photosmart Essential 3.5
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel® 537EP Data Fax Modem
Intel® PRO Network Adapters and Drivers
IomegaWare 4.0.2
iTunes
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LAME v3.99.3 (for Windows)
Logitech SetPoint 6.32
LTCM Client
Mahjongg Master Deluxe
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee SecurityCenter
Media Downloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft English TTS Engine
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2008
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Platform Installer 2.0
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works 6-9 Converter
Microsoft XML Parser
Motorola MP3 Loader
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 8
neroxml
Network
Network Magic
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
Palm Desktop
PanoStandAlone
PC-Doctor for Windows
PC Pitstop Driver Alert2 2.0.0.0
Pen Tablet
PhotoGallery
PhotoMail Maker
PRE10STIInstaller
Presto! PageManager 8.15.01 SE
ProductContextNPI
PS_AIO_05_C309_Software_Min
PSE10 STI Installer
Pure Networks Platform
QuickTime
RandMap
Readme
Ring Factory 2009 (3.0.2)
SAPI Wrapper
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SharePort Utility
SkinsHP1
SlideShow
SmartSound Common Data
SmartSound Premiere Elements 10 Plugin
SmartSound Sonicfire Pro 5
SmartWebPrinting
SolutionCenter
Sonic_PrimoSDK
Sony DVD Architect Studio 4.5
Sony Sound Forge Audio Studio 9.0
Sony Vocal Eraser
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Status
System Requirements Lab
Toolbox
TrayApp
TTS Wrapper
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VDownloader 3.9.1195
Vegas Movie Studio Platinum 9.0
Verizon Download Manager
ViewSonic Monitor Drivers
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Vz In Home Agent
WebFldrs XP
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.1
Works Upgrade
Zuma Deluxe 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/12/2012 9:21:56 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
9/11/2012 8:43:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
9/11/2012 8:42:40 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
9/11/2012 8:42:40 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
9/11/2012 8:33:53 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the WTouchService service.
9/11/2012 2:25:41 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:41 PM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:40 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (verizondm) service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:40 PM, error: Service Control Manager [7034] - The SupportSoft Repair Service (verizondm) service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:40 PM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:39 PM, error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:39 PM, error: Service Control Manager [7034] - The EPSON V5 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:39 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:39 PM, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:25:39 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V10 service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 2:16:34 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/11/2012 11:27:23 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 12 September 2012 - 03:10 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-12 15:50:02
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD5000AAKS-00V1A0 rev.05.01D05
Running: v969x0qd.exe; Driver: C:\DOCUME~1\Dawn\LOCALS~1\Temp\awlyqfod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7BAF2A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7BAF2B4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7BAF2E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7BAF336]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7BAF28C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7BAF264]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7BAF278]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7BAF2CA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7BAF30C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7BAF2F6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7BAF360]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7BAF34C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7BAF320]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A92 7 Bytes JMP F7BAF324 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP F7BAF290 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80578ABE 5 Bytes JMP F7BAF2A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A5A1 5 Bytes JMP F7BAF350 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057AA19 7 Bytes JMP F7BAF33A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057B4EF 7 Bytes JMP F7BAF2FA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057BB80 5 Bytes JMP F7BAF268 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E6B9 5 Bytes JMP F7BAF364 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80596A0F 5 Bytes JMP F7BAF27C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 805991EC 7 Bytes JMP F7BAF2E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059A5CD 7 Bytes JMP F7BAF2B8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetSecurityObject 8059EC29 5 Bytes JMP F7BAF310 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8065675A 7 Bytes JMP F7BAF2CE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? iqpfl.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F5F360, 0x37388D, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7791A60]
? C:\DOCUME~1\Dawn\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\CTHELPER.EXE[348] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0127259A; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 27, 01, C3] {JNZ 0x29; DAA ; ADD EBX, EAX}
.text C:\WINDOWS\system32\CTHELPER.EXE[348] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 012729F0; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 012729AF; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0126D4A0; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0126D422; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01275EF4; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0126D461; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01271D05; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01271D55; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01271C66; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01275C10; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01275CAA; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0127589E; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 012758EE; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01275998; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01271D2D; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01275CFC; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0127590C; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0126D317; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0126D387; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01271B38; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01271B06; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01275B42; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01271D80; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0126D4E0; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01275B8B; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01275952; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01271BBC; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01271C16; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0126D3C7; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01275C5D; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0126D573; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01275A24; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01275AB6; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 012760A3; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 012759DE; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01275A6D; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01275AFC; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01271B7F; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01272A6D; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01272A56; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0125EE3C; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0125C035; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0125C41F; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0125C457; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0125BFC5; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0125C478; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30126C5; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0126C69B; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0126C4FB; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0126C66F; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0126C23D; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0126C281; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0126C1F9; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0126C2D6; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0126C596; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0126C615; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0126C3C8; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0126C32B; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0126C465; RET
.text C:\WINDOWS\system32\CTHELPER.EXE[348] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0126C4B0; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 013A259A; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 3A, 01, C3] {JNZ 0x29; CMP AL, [ECX]; RET }
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 013A29F0; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 013A29AF; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0139D4A0; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0139D422; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 013A5EF4; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0139D461; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 013A1D05; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 013A1D55; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 013A1C66; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 013A5C10; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 013A5CAA; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 013A589E; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 013A58EE; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 013A5998; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 013A1D2D; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 013A5CFC; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 013A590C; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0139D317; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0139D387; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 013A1B38; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 013A1B06; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 013A5B42; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 013A1D80; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0139D4E0; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 013A5B8B; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 013A5952; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 013A1BBC; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 013A1C16; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0139D3C7; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 013A5C5D; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0139D573; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 013A5A24; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 013A5AB6; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 013A60A3; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 013A59DE; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 013A5A6D; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 013A5AFC; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 013A1B7F; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 013A2A6D; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 013A2A56; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0138C035; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0138C41F; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0138C457; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0138BFC5; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0138C478; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0138EE3C; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30139C5; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0139C69B; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0139C4FB; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0139C66F; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0139C23D; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0139C281; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0139C1F9; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0139C2D6; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0139C596; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0139C615; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0139C3C8; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0139C32B; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0139C465; RET
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[464] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0139C4B0; RET
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00980082
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00980071
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00980054
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00980F97
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00980FB9
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009800C1
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009800B0
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009800FE
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009800E3
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00980F4A
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00980FA8
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00980FEF
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00980093
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0098002F
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00980FD4
.text C:\WINDOWS\system32\svchost.exe[500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009800D2
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00970025
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00970051
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00970040
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00970F9E
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B7, 88] {MOV BH, 0x88}
.text C:\WINDOWS\system32\svchost.exe[500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00960FB7
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!system 77C293C7 5 Bytes JMP 00960042
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00960FD2
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0096000C
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0096001D
.text C:\WINDOWS\system32\svchost.exe[500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00960FE3
.text C:\WINDOWS\system32\svchost.exe[500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, B5]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, B5]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B529F0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B529AF; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00B52A6D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00B52A56; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00B4D4A0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, B4]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00B55EF4; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, B4]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00B51D05; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00B51D55; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00B51C66; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00B55C10; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00B55CAA; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, B5]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, B5]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00B55998; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00B51D2D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00B55CFC; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00B5590C; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, B4]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, B4]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00B51B38; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00B51B06; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00B55B42; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00B51D80; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00B4D4E0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00B55B8B; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00B55952; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, B5]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00B51C16; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, B4]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00B55C5D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00B4D573; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00B55A24; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00B55AB6; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00B560A3; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00B559DE; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00B55A6D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00B55AFC; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00B51B7F; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B3C035; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B3C41F; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B3C457; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B3BFC5; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B3C478; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00B3EE3C; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300B4C5; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00B4C69B; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00B4C4FB; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00B4C66F; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00B4C23D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00B4C281; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00B4C1F9; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00B4C2D6; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00B4C596; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00B4C615; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00B4C3C8; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00B4C32B; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00B4C465; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[536] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00B4C4B0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, AA]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, AA] {JNZ 0x29; STOSB }
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00AA29F0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00AA29AF; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00AA2A6D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00AA2A56; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00A9D4A0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, A9]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00AA5EF4; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, A9]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00AA1D05; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00AA1D55; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00AA1C66; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00AA5C10; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00AA5CAA; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, AA]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, AA]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00AA5998; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00AA1D2D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00AA5CFC; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00AA590C; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, A9]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, A9]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00AA1B38; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00AA1B06; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00AA5B42; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00AA1D80; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00A9D4E0; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00AA5B8B; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00AA5952; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, AA]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00AA1C16; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, A9]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00AA5C5D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00A9D573; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00AA5A24; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00AA5AB6; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00AA60A3; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00AA59DE; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00AA5A6D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00AA5AFC; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00AA1B7F; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00A8C035; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00A8C41F; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00A8C457; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00A8BFC5; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00A8C478; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00A8EE3C; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300A9C5; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00A9C69B; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00A9C4FB; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00A9C66F; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00A9C23D; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00A9C281; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00A9C1F9; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00A9C2D6; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00A9C596; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00A9C615; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00A9C3C8; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00A9C32B; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00A9C465; RET
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[556] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00A9C4B0; RET
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[644] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[644] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, ED]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, ED] {JNZ 0x29; IN EAX, DX}
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00ED29F0; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00ED29AF; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00ECD4A0; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, EC]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00ED5EF4; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, EC]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00ED1D05; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00ED1D55; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00ED1C66; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00ED5C10; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00ED5CAA; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, ED]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, ED]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00ED5998; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00ED1D2D; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00ED5CFC; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00ED590C; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, EC]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, EC]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00ED1B38; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00ED1B06; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00ED5B42; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00ED1D80; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00ECD4E0; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00ED5B8B; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00ED5952; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, ED]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00ED1C16; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, EC]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00ED5C5D; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00ECD573; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00ED5A24; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00ED5AB6; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00ED60A3; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00ED59DE; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00ED5A6D; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00ED5AFC; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00ED1B7F; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00ED2A6D; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00ED2A56; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00EBC035; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00EBC41F; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00EBC457; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00EBBFC5; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00EBC478; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00EBEE3C; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300ECC5; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00ECC69B; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00ECC4FB; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00ECC66F; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00ECC23D; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00ECC281; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00ECC1F9; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00ECC2D6; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00ECC596; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00ECC615; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00ECC3C8; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00ECC32B; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00ECC465; RET
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[652] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00ECC4B0; RET
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A10FDE
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F5C
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F6D
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00047
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F94
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FC0
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F24
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F35
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000AC
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00091
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000BD
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00FA5
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0006C
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00036
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F13
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0F94
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0FAF
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FC0
.text C:\WINDOWS\system32\svchost.exe[696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FA8
.text C:\WINDOWS\system32\svchost.exe[696] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FB9
.text C:\WINDOWS\system32\svchost.exe[696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0018
.text C:\WINDOWS\system32\svchost.exe[696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0029
.text C:\WINDOWS\system32\svchost.exe[696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 02B0259A; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, B0, 02, C3] {JNZ 0x29; MOV AL, 0x2; RET }
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 02B029F0; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 02B029AF; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 02B02A6D; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 02B02A56; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 02AFD4A0; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 02AFD422; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 02B05EF4; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 02AFD461; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 02B01D05; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 02B01D55; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 02B01C66; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 02B05C10; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 02B05CAA; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 02B0589E; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 02B058EE; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 02B05998; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 02B01D2D; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 02B05CFC; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 02B0590C; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 02AFD317; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 02AFD387; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 02B01B38; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 02B01B06; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 02B05B42; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 02B01D80; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 02AFD4E0; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 02B05B8B; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 02B05952; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 02B01BBC; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 02B01C16; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 02AFD3C7; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 02B05C5D; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 02AFD573; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 02B05A24; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 02B05AB6; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 02B060A3; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 02B059DE; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 02B05A6D; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 02B05AFC; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 02B01B7F; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 02AEC035; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 02AEC41F; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 02AEC457; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 02AEBFC5; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 02AEC478; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 02AEEE3C; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C302AFC5; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 02AFC69B; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 02AFC4FB; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 02AFC66F; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 02AFC23D; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 02AFC281; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 02AFC1F9; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 02AFC2D6; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 02AFC596; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 02AFC615; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 02AFC3C8; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 02AFC32B; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 02AFC465; RET
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[724] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 02AFC4B0; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0144259A; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 44, 01, C3] {JNZ 0x29; INC ESP; ADD EBX, EAX}
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 014429F0; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 014429AF; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01442A6D; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01442A56; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0143D4A0; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0143D422; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01445EF4; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0143D461; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01441D05; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01441D55; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01441C66; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01445C10; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01445CAA; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0144589E; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 014458EE; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01445998; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01441D2D; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01445CFC; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0144590C; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0143D317; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0143D387; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01441B38; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01441B06; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01445B42; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01441D80; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0143D4E0; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01445B8B; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01445952; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01441BBC; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01441C16; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0143D3C7; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01445C5D; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0143D573; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01445A24; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01445AB6; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 014460A3; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 014459DE; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01445A6D; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01445AFC; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01441B7F; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0142C035; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0142C41F; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0142C457; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0142BFC5; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0142C478; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0142EE3C; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30143C5; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0143C69B; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0143C4FB; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0143C66F; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0143C23D; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0143C281; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0143C1F9; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0143C2D6; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0143C596; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0143C615; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0143C3C8; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0143C32B; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0143C465; RET
.text C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe[736] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0143C4B0; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, 15]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, 15]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001529F0; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001529AF; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00152A6D; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00152A56; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0013EE3C; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0014D4A0; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, 14]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00155EF4; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, 14]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00151D05; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00151D55; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00151C66; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00155C10; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00155CAA; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, 15]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, 15]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00155998; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00151D2D; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00155CFC; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0015590C; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, 14]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, 14]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00151B38; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00151B06; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00155B42; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00151D80; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0014D4E0; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00155B8B; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00155952; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, 15]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00151C16; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, 14]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00155C5D; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0014D573; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00155A24; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00155AB6; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001560A3; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001559DE; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00155A6D; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00155AFC; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00151B7F; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30014C5; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0014C69B; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0014C4FB; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0014C66F; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0014C23D; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0014C281; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0014C1F9; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0014C2D6; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0014C596; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0014C615; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0014C3C8; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0014C32B; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0014C465; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0014C4B0; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0013C035; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0013C41F; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0013C457; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0013BFC5; RET
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[788]

#3 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 12 September 2012 - 03:14 PM

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AB0051
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AB0F5C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AB0F6D
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AB0036
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AB0F9E
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AB008E
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB007D
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB00CB
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB00BA
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AB00DC
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AB0025
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB006C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AB0FAF
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AB000A
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AB009F
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AA0FB9
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AA0058
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AA0FCA
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AA0FDB
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AA0047
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AA0036
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A90049
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A90038
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A9001D
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A90FC8
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A90000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, C3] {JNZ 0x29; RET }
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C329F0; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C329AF; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00C32A6D; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00C32A56; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00C2D4A0; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, C2]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00C35EF4; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, C2]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00C31D05; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C31D55; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00C31C66; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00C35C10; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00C35CAA; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00C35998; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00C31D2D; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00C35CFC; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00C3590C; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, C2]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, C2]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00C31B38; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00C31B06; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00C35B42; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00C31D80; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00C2D4E0; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00C35B8B; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00C35952; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00C31C16; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, C2]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00C35C5D; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00C2D573; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00C35A24; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00C35AB6; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00C360A3; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00C359DE; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00C35A6D; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00C35AFC; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00C31B7F; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00C1C035; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00C1C41F; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00C1C457; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00C1BFC5; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00C1C478; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00C1EE3C; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300C2C5; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00C2C69B; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00C2C4FB; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00C2C66F; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00C2C23D; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00C2C281; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00C2C1F9; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00C2C2D6; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00C2C596; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00C2C615; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00C2C3C8; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00C2C32B; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00C2C465; RET
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1060] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00C2C4B0; RET
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01A20FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01A20FB9
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01A20FD4
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A10000
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A10F94
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A10089
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01A1006C
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01A1005B
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01A10FCA
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01A100C1
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01A10F79
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01A10F39
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A100D2
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01A10F28
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01A10FB9
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A10FDB
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01A100A4
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01A1002C
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01A10011
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A10F54
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01A00FCD
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01A00F7C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01A00FDE
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01A00FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01A00F97
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01A00000
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01A00039
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01A00FB2
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 019F0F90
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 019F0FA1
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 019F0FCD
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 019F0FEF
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 019F0FB2
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 019F0FDE
.text C:\WINDOWS\system32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 019E0FEF
.text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\rundll32.exe[1392] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, B5]
.text C:\WINDOWS\system32\rundll32.exe[1392] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, B5]
.text C:\WINDOWS\system32\rundll32.exe[1392] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B529F0; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B529AF; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00B4D4A0; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, B4]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00B55EF4; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, B4]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00B51D05; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00B51D55; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00B51C66; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00B55C10; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00B55CAA; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, B5]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, B5]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00B55998; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00B51D2D; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00B55CFC; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00B5590C; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, B4]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, B4]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00B51B38; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00B51B06; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00B55B42; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00B51D80; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00B4D4E0; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00B55B8B; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00B55952; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, B5]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00B51C16; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, B4]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00B55C5D; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00B4D573; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00B55A24; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00B55AB6; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00B560A3; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00B559DE; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00B55A6D; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00B55AFC; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00B51B7F; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00B52A6D; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00B52A56; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B3C035; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B3C41F; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B3C457; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B3BFC5; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B3C478; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00B3EE3C; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300B4C5; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00B4C69B; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00B4C4FB; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00B4C66F; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00B4C23D; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00B4C281; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00B4C1F9; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00B4C2D6; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00B4C596; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00B4C615; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00B4C3C8; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00B4C32B; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00B4C465; RET
.text C:\WINDOWS\system32\rundll32.exe[1392] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00B4C4B0; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, E6]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, E6]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00E629F0; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00E629AF; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00E5D4A0; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, E5]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00E65EF4; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, E5]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00E61D05; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00E61D55; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00E61C66; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00E65C10; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00E65CAA; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, E6]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, E6]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00E65998; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00E61D2D; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00E65CFC; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00E6590C; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, E5]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, E5]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00E61B38; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00E61B06; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00E65B42; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00E61D80; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00E5D4E0; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00E65B8B; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00E65952; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, E6]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00E61C16; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, E5]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00E65C5D; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00E5D573; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00E65A24; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00E65AB6; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00E660A3; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00E659DE; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00E65A6D; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00E65AFC; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00E61B7F; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00E62A6D; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00E62A56; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00E4C035; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00E4C41F; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00E4C457; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00E4BFC5; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00E4C478; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00E4EE3C; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300E5C5; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00E5C69B; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00E5C4FB; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00E5C66F; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00E5C23D; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00E5C281; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00E5C1F9; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00E5C2D6; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00E5C596; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00E5C615; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00E5C3C8; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00E5C32B; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00E5C465; RET
.text C:\WINDOWS\system32\RUNDLL32.EXE[1408] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00E5C4B0; RET
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 024A259A; RET
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB0000
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 4A, 02, C3] {JNZ 0x29; DEC EDX; ADD AL, BL}
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F81
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0076
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA005B
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA004A
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA002F
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0091
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F49
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00A2
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F13
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0EF8
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0FA8
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 024A29F0; RET
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 024A29AF; RET
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F66
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0014
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F2E
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C9001B
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90047
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90000
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F8A
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 024A2A6D; RET
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C90036
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FAF
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 024A2A56; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0249D4A0; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0249D422; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 024A5EF4; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0249D461; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 024A1D05; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 024A1D55; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 024A1C66; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 024A5C10; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 024A5CAA; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 024A589E; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 024A58EE; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 024A5998; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 024A1D2D; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 024A5CFC; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 024A590C; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0249D317; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0249D387; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 024A1B38; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 024A1B06; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 024A5B42; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 024A1D80; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0249D4E0; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 024A5B8B; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 024A5952; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 024A1BBC; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 024A1C16; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0249D3C7; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 024A5C5D; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0249D573; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 024A5A24; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 024A5AB6; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 024A60A3; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 024A59DE; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 024A5A6D; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 024A5AFC; RET
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 024A1B7F; RET
.text C:\WINDOWS\Explorer.EXE[1460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FB2
.text C:\WINDOWS\Explorer.EXE[1460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FC3
.text C:\WINDOWS\Explorer.EXE[1460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80033
.text C:\WINDOWS\Explorer.EXE[1460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C8000C
.text C:\WINDOWS\Explorer.EXE[1460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\Explorer.EXE[1460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\Explorer.EXE[1460] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0248EE3C; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30249C5; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0249C69B; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0249C4FB; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0249C66F; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0249C23D; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0249C281; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0249C1F9; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0249C2D6; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00C60000
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0249C596; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0249C615; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00C6001B
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0249C3C8; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0249C32B; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0249C465; RET
.text C:\WINDOWS\Explorer.EXE[1460] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0249C4B0; RET
.text C:\WINDOWS\Explorer.EXE[1460] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\Explorer.EXE[1460] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0248C035; RET
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0248C41F; RET
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0248C457; RET
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0248BFC5; RET
.text C:\WINDOWS\Explorer.EXE[1460] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0248C478; RET
.text C:\WINDOWS\system32\services.exe[1540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01620FE5
.text C:\WINDOWS\system32\services.exe[1540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01620FCA
.text C:\WINDOWS\system32\services.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01620000
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01610FE5
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0161007D
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01610F88
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01610F99
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01610062
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01610040
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01610F46
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01610F57
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01610F17
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016100BA
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01610EFC
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01610051
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0161000A
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0161008E
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01610FD4
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0161001B
.text C:\WINDOWS\system32\services.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016100A9
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01600FC0
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01600069
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01600011
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01600FE5
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01600058
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01600000
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0160003D
.text C:\WINDOWS\system32\services.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0160002C
.text C:\WINDOWS\system32\services.exe[1540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 015F0F6B
.text C:\WINDOWS\system32\services.exe[1540] msvcrt.dll!system 77C293C7 5 Bytes JMP 015F0000
.text C:\WINDOWS\system32\services.exe[1540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015F0FAB
.text C:\WINDOWS\system32\services.exe[1540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 015F0FE3
.text C:\WINDOWS\system32\services.exe[1540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 015F0F9A
.text C:\WINDOWS\system32\services.exe[1540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 015F0FC6
.text C:\WINDOWS\system32\services.exe[1540] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015E0FEF
.text C:\WINDOWS\system32\lsass.exe[1552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\lsass.exe[1552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F50FD4
.text C:\WINDOWS\system32\lsass.exe[1552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F6A
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA005F
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0F91
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0044
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0033
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F2D
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F3E
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00AB
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA009A
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0F01
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0FA2
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F4F
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0022
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0011
.text C:\WINDOWS\system32\lsass.exe[1552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F1C
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90F83
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C9002F
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F9E
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FAF
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
.text C:\WINDOWS\system32\lsass.exe[1552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\lsass.exe[1552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FA1
.text C:\WINDOWS\system32\lsass.exe[1552] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C8002C
.text C:\WINDOWS\system32\lsass.exe[1552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FC6
.text C:\WINDOWS\system32\lsass.exe[1552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\lsass.exe[1552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C8001B
.text C:\WINDOWS\system32\lsass.exe[1552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\lsass.exe[1552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 024C0000
.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 024C0025
.text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024B0FEF
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024B0043
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024B0F58
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024B0F69
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024B0028
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024B0F97
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024B0074
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024B0F2C
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024B0EEC
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024B0F07
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024B0096
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 024B0F86
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024B0FD4
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024B0F3D
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 024B0FA8
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 024B0FB9
.text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024B0085
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024A001B
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024A0F8A
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024A0FD4
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024A0FE5
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024A0F9B
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024A0000
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 024A003D
.text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024A002C
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0249004E
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 02490FC3
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02490022
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02490000
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02490033
.text C:\WINDOWS\system32\svchost.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02490011
.text C:\WINDOWS\system32\svchost.exe[1724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 012E259A; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 2E, 01, C3]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 012E29F0; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 012E29AF; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 012E2A6D; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 012E2A56; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 012DD4A0; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 012DD422; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 012E5EF4; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 012DD461; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 012E1D05; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 012E1D55; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 012E1C66; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 012E5C10; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 012E5CAA; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 012E589E; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 012E58EE; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 012E5998; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 012E1D2D; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 012E5CFC; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 012E590C; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 012DD317; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 012DD387; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 012E1B38; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 012E1B06; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 012E5B42; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 012E1D80; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 012DD4E0; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 012E5B8B; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 012E5952; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 012E1BBC; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 012E1C16; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 012DD3C7; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 012E5C5D; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 012DD573; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 012E5A24; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 012E5AB6; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 012E60A3; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 012E59DE; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 012E5A6D; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 012E5AFC; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 012E1B7F; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 012CEE3C; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 012CC035; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 012CC41F; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 012CC457; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 012CBFC5; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 012CC478; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C3012DC5; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 012DC69B; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 012DC4FB; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 012DC66F; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 012DC23D; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 012DC281; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 012DC1F9; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 012DC2D6; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 012DC596; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 012DC615; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 012DC3C8; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 012DC32B; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 012DC465; RET
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[1740] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 012DC4B0; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0166259A; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 66, 01, C3] {JNZ 0x29; ADD BX, AX}
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 016629F0; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 016629AF; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01662A6D; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01662A56; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0165D4A0; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0165D422; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01665EF4; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0165D461; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01661D05; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01661D55; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01661C66; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01665C10; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01665CAA; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0166589E; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 016658EE; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01665998; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01661D2D; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01665CFC; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0166590C; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0165D317; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0165D387; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01661B38; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01661B06; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01665B42; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01661D80; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0165D4E0; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01665B8B; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01665952; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01661BBC; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01661C16; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0165D3C7; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01665C5D; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0165D573; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01665A24; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01665AB6; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 016660A3; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 016659DE; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01665A6D; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01665AFC; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01661B7F; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0164EE3C; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0164C035; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0164C41F; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0164C457; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0164BFC5; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0164C478; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30165C5; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0165C69B; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0165C4FB; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0165C66F; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0165C23D; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0165C281; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0165C1F9; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0165C2D6; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0165C596; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0165C615; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0165C3C8; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0165C32B; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0165C465; RET
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1752] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0165C4B0; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, F6]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, F6]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00F629F0; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00F629AF; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00F5D4A0; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, F5]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00F65EF4; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, F5]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00F61D05; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00F61D55; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00F61C66; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00F65C10; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00F65CAA; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, F6]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, F6]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00F65998; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00F61D2D; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00F65CFC; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00F6590C; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, F5]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, F5]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00F61B38; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00F61B06; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00F65B42; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00F61D80; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00F5D4E0; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00F65B8B; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00F65952; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, F6]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00F61C16; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, F5]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00F65C5D; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00F5D573; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00F65A24; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00F65AB6; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00F660A3; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00F659DE; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00F65A6D; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00F65AFC; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00F61B7F; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00F62A6D; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00F62A56; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00F4C035; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00F4C41F; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00F4C457; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00F4BFC5; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00F4C478; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00F4EE3C; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300F5C5; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00F5C69B; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00F5C4FB; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00F5C66F; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00F5C23D; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00F5C281; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00F5C1F9; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00F5C2D6; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00F5C596; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00F5C615; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00F5C3C8; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00F5C32B; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00F5C465; RET
.text C:\Program Files\Iomega\AutoDisk\ADUserMon.exe[1764] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00F5C4B0; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, FA]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, FA] {JNZ 0x29; CLI }
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00FA29F0; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00FA29AF; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00F9D4A0; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, F9]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00FA5EF4; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, F9]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00FA1D05; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00FA1D55; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00FA1C66; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00FA5C10; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00FA5CAA; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, FA]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, FA]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00FA5998; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00FA1D2D; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00FA5CFC; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00FA590C; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, F9]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, F9]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00FA1B38; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00FA1B06; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00FA5B42; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00FA1D80; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00F9D4E0; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00FA5B8B; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00FA5952; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, FA]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00FA1C16; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, F9]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00FA5C5D; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00F9D573; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00FA5A24; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00FA5AB6; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00FA60A3; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00FA59DE; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00FA5A6D; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00FA5AFC; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00FA1B7F; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00FA2A6D; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00FA2A56; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00F8C035; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00F8C41F; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00F8C457; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00F8BFC5; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00F8C478; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00F8EE3C; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300F9C5; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00F9C69B; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00F9C4FB; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00F9C66F; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00F9C23D; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00F9C281; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00F9C1F9; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00F9C2D6; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00F9C596; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00F9C615; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00F9C3C8; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00F9C32B; RET
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00F9C465; RET

.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1780] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00F9C4B0; RET
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E20025
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10F70
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F81
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10F9C
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10065
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10FC3
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F44
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F55
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100B1
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F18
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E10EFD
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E1004A
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10080
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10025
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10F29
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00F68
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E00FDB
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E0001B
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00F83
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00FAF
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF0040
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FC6
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0FAB
.text C:\WINDOWS\system32\svchost.exe[1816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0FD7
.text C:\WINDOWS\system32\svchost.exe[1816] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0FEF
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0191259A; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 91, 01, C3] {JNZ 0x29; XCHG ECX, EAX; ADD EBX, EAX}
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 019129F0; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 019129AF; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01912A6D; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01912A56; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0190D4A0; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0190D422; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01915EF4; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0190D461; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01911D05; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01911D55; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01911C66; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01915C10; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01915CAA; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0191589E; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 019158EE; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01915998; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01911D2D; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01915CFC; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0191590C; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0190D317; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0190D387; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01911B38; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01911B06; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01915B42; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01911D80; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0190D4E0; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01915B8B; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01915952; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01911BBC; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01911C16; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0190D3C7; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01915C5D; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0190D573; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01915A24; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01915AB6; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 019160A3; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 019159DE; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01915A6D; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01915AFC; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01911B7F; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30190C5; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0190C69B; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0190C4FB; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0190C66F; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0190C23D; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0190C281; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0190C1F9; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0190C2D6; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0190C596; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0190C615; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0190C3C8; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0190C32B; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0190C465; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0190C4B0; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 018FC035; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 018FC41F; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 018FC457; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 018FBFC5; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 018FC478; RET
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1908] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 018FEE3C; RET
.text C:\WINDOWS\System32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02B80FEF
.text C:\WINDOWS\System32\svchost.exe[1940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02B8000A
.text C:\WINDOWS\System32\svchost.exe[1940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B80FD4
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B70000
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B70F41
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B70F5C
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B70F77
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B70F94
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B70025
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B70EF8
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B70F1F
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B70EA7
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B70EC2
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B7005B
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B70036
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B70FE5
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B70F30
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B70FC3
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B70FD4
.text C:\WINDOWS\System32\svchost.exe[1940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B70EDD
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B60014
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B60F9E
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B60FC3
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B60FD4
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B60065
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B60FEF
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02B60040
.text C:\WINDOWS\System32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B60025
.text C:\WINDOWS\System32\svchost.exe[1940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B5007A
.text C:\WINDOWS\System32\svchost.exe[1940] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B50FEF
.text C:\WINDOWS\System32\svchost.exe[1940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B5003A
.text C:\WINDOWS\System32\svchost.exe[1940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B5000C
.text C:\WINDOWS\System32\svchost.exe[1940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B5005F
.text C:\WINDOWS\System32\svchost.exe[1940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B50029
.text C:\WINDOWS\System32\svchost.exe[1940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B40FEF
.text C:\WINDOWS\System32\svchost.exe[1940] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 02B30000
.text C:\WINDOWS\System32\svchost.exe[1940] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 02B30FE5
.text C:\WINDOWS\System32\svchost.exe[1940] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 02B3001B
.text C:\WINDOWS\System32\svchost.exe[1940] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 02B30FCA
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 04A7259A; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, A7, 04, C3] {JNZ 0x29; CMPSD ; ADD AL, 0xc3}
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 04A729F0; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 04A729AF; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 04A6D4A0; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 04A6D422; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 04A75EF4; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 04A6D461; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 04A71D05; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 04A71D55; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 04A71C66; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 04A75C10; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 04A75CAA; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 04A7589E; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 04A758EE; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 04A75998; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 04A71D2D; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 04A75CFC; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 04A7590C; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 04A6D317; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 04A6D387; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 04A71B38; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 04A71B06; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 04A75B42; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 04A71D80; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 04A6D4E0; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 04A75B8B; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 04A75952; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 04A71BBC; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 04A71C16; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 04A6D3C7; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 04A75C5D; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 04A6D573; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 04A75A24; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 04A75AB6; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 04A760A3; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 04A759DE; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 04A75A6D; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 04A75AFC; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 04A71B7F; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 04A72A6D; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 04A72A56; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C304A6C5; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 04A6C69B; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 04A6C4FB; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 04A6C66F; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 04A6C23D; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 04A6C281; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 04A6C1F9; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 04A6C2D6; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 04A6C596; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 04A6C615; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 04A6C3C8; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 04A6C32B; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 04A6C465; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 04A6C4B0; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 04A5C035; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 04A5C41F; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 04A5C457; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 04A5BFC5; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 04A5C478; RET
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[1988] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 04A5EE3C; RET
.text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F97
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065008C
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F7C
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500B8
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650101
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500F0
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650112
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006500A7
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650014
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500D5
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640058
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640047
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640FA5
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630036
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FAB
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D20FC3
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D20FDE
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10FC7
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D100BC
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D100A1
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10084
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10062
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D100F4
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D100E3
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F73
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10116
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D10127
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10073
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10FB6
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D10105
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D00091
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00076
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D0005B
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D0004A
.text C:\WINDOWS\system32\svchost.exe[2040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0F92
.text C:\WINDOWS\system32\svchost.exe[2040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0FB7
.text C:\WINDOWS\system32\svchost.exe[2040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF001D
.text C:\WINDOWS\system32\svchost.exe[2040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[2040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0FC8
.text C:\WINDOWS\system32\svchost.exe[2040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, BB]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, BB]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00BB29F0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00BB29AF; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00BB2A6D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00BB2A56; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00BAD4A0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, BA]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00BB5EF4; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, BA]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00BB1D05; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00BB1D55; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00BB1C66; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00BB5C10; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00BB5CAA; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, BB]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, BB]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00BB5998; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00BB1D2D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00BB5CFC; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00BB590C; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, BA]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, BA]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00BB1B38; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00BB1B06; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00BB5B42; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00BB1D80; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00BAD4E0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00BB5B8B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00BB5952; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, BB]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00BB1C16; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, BA]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00BB5C5D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00BAD573; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00BB5A24; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00BB5AB6; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00BB60A3; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00BB59DE; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00BB5A6D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00BB5AFC; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00BB1B7F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300BAC5; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00BAC69B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00BAC4FB; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00BAC66F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00BAC23D; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00BAC281; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00BAC1F9; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00BAC2D6; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00BAC596; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00BAC615; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00BAC3C8; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00BAC32B; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00BAC465; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00BAC4B0; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00B9C035; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B9C41F; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B9C457; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00B9BFC5; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B9C478; RET
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00B9EE3C; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0295259A; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 95, 02, C3] {JNZ 0x29; XCHG EBP, EAX; ADD AL, BL}
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 029529F0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 029529AF; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 02952A6D; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 02952A56; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0294D4A0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0294D422; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 02955EF4; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0294D461; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 02951D05; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 02951D55; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 02951C66; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 02955C10; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 02955CAA; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0295589E; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 029558EE; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 02955998; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 02951D2D; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 02955CFC; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0295590C; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0294D317; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0294D387; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 02951B38; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 02951B06; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 02955B42; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 02951D80; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0294D4E0; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 02955B8B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 02955952; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 02951BBC; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 02951C16; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0294D3C7; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 02955C5D; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0294D573; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 02955A24; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 02955AB6; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 029560A3; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 029559DE; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 02955A6D; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 02955AFC; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 02951B7F; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0293C035; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0293C41F; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0293C457; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0293BFC5; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0293C478; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0293EE3C; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30294C5; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0294C69B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0294C4FB; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0294C66F; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0294C23D; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0294C281; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0294C1F9; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0294C2D6; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0294C596; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0294C615; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0294C3C8; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0294C32B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0294C465; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[2132] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0294C4B0; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0154259A; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 54, 01, C3] {JNZ 0x29; PUSH ESP; ADD EBX, EAX}
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 015429F0; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 015429AF; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01542A6D; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01542A56; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0153D4A0; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0153D422; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01545EF4; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0153D461; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01541D05; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01541D55; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01541C66; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01545C10; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01545CAA; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0154589E; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 015458EE; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01545998; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01541D2D; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01545CFC; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0154590C; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0153D317; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0153D387; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01541B38; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01541B06; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01545B42; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01541D80; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0153D4E0; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01545B8B; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01545952; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01541BBC; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01541C16; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0153D3C7; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01545C5D; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0153D573; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01545A24; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01545AB6; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 015460A3; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 015459DE; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01545A6D; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01545AFC; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01541B7F; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0152C035; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0152C41F; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0152C457; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0152BFC5; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0152C478; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0152EE3C; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30153C5; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0153C69B; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0153C4FB; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0153C66F; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0153C23D; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0153C281; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0153C1F9; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0153C2D6; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0153C596; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0153C615; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0153C3C8; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0153C32B; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0153C465; RET
.text C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE[2160] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0153C4B0; RET
.text C:\WINDOWS\system32\svchost.exe[2216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[2216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C50011
.text C:\WINDOWS\system32\svchost.exe[2216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C40071
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40F7C
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C40056
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C40039
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40014
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C40F44
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C40F55
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C400DD
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C400C2
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C40F33
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40F97
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40082
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40FA8
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40FB9
.text C:\WINDOWS\system32\svchost.exe[2216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C400A7
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30F9E
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C3002F
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30FDE
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30F72
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30F83
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[2216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[2216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F89
.text C:\WINDOWS\system32\svchost.exe[2216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20F9A
.text C:\WINDOWS\system32\svchost.exe[2216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FAB
.text C:\WINDOWS\system32\svchost.exe[2216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[2216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[2216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FD2
.text C:\WINDOWS\system32\svchost.exe[2216] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[2216] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[2216] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[2216] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[2216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0285259A; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 85, 02, C3] {JNZ 0x29; TEST [EDX], EAX; RET }
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 028529F0; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 028529AF; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0284D4A0; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0284D422; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 02855EF4; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0284D461; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 02851D05; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 02851D55; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 02851C66; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 02855C10; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 02855CAA; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0285589E; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 028558EE; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 02855998; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 02851D2D; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 02855CFC; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0285590C; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0284D317; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0284D387; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 02851B38; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 02851B06; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 02855B42; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 02851D80; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0284D4E0; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 02855B8B; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 02855952; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 02851BBC; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 02851C16; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0284D3C7; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 02855C5D; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0284D573; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 02855A24; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 02855AB6; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 028560A3; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 028559DE; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 02855A6D; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 02855AFC; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 02851B7F; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 02852A6D; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 02852A56; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0283EE3C; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0283C035; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0283C41F; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0283C457; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0283BFC5; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0283C478; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30284C5; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0284C69B; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0284C4FB; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0284C66F; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0284C23D; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0284C281; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0284C1F9; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0284C2D6; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0284C596; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0284C615; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0284C3C8; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0284C32B; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0284C465; RET
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2332] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0284C4B0; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, C4]
.text C:\WINDOWS\system32\ctfmon.exe[2348] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, C4]
.text C:\WINDOWS\system32\ctfmon.exe[2348] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C429F0; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C429AF; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00C42A6D; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00C42A56; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00C3D4A0; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00C45EF4; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00C41D05; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C41D55; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00C41C66; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00C45C10; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00C45CAA; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, C4]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, C4]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00C45998; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00C41D2D; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00C45CFC; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00C4590C; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00C41B38; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00C41B06; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00C45B42; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00C41D80; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00C3D4E0; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00C45B8B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00C45952; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, C4]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00C41C16; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00C45C5D; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00C3D573; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00C45A24; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00C45AB6; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00C460A3; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00C459DE; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00C45A6D; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00C45AFC; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00C41B7F; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00C2C035; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00C2C41F; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00C2C457; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00C2BFC5; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00C2C478; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00C2EE3C; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300C3C5; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00C3C69B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00C3C4FB; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00C3C66F; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00C3C23D; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00C3C281; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00C3C1F9; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00C3C2D6; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00C3C596; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00C3C615; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00C3C3C8; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00C3C32B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00C3C465; RET
.text C:\WINDOWS\system32\ctfmon.exe[2348] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00C3C4B0; RET

.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0149259A; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 49, 01, C3] {JNZ 0x29; DEC ECX; ADD EBX, EAX}
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 014929F0; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 014929AF; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0148D4A0; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0148D422; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01495EF4; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0148D461; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01491D05; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01491D55; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01491C66; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01495C10; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01495CAA; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0149589E; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 014958EE; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01495998; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01491D2D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01495CFC; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0149590C; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0148D317; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0148D387; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01491B38; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01491B06; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01495B42; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01491D80; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0148D4E0; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01495B8B; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01495952; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01491BBC; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01491C16; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0148D3C7; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01495C5D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0148D573; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01495A24; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01495AB6; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 014960A3; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 014959DE; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01495A6D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01495AFC; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01491B7F; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01492A6D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01492A56; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0147EE3C; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0147C035; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0147C41F; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0147C457; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0147BFC5; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0147C478; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30148C5; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0148C69B; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0148C4FB; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0148C66F; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0148C23D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0148C281; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0148C1F9; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0148C2D6; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0148C596; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0148C615; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0148C3C8; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0148C32B; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0148C465; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2388] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0148C4B0; RET
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0139259A; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, 39, 01, C3] {JNZ 0x29; CMP [ECX], EAX; RET }
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 013929F0; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 013929AF; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0138D4A0; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 0138D422; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01395EF4; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 0138D461; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01391D05; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01391D55; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01391C66; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01395C10; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01395CAA; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 0139589E; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 013958EE; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01395998; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01391D2D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01395CFC; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0139590C; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 0138D317; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 0138D387; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01391B38; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01391B06; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01395B42; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01391D80; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0138D4E0; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01395B8B; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01395952; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01391BBC; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01391C16; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 0138D3C7; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01395C5D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0138D573; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01395A24; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01395AB6; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 013960A3; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 013959DE; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01395A6D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01395AFC; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01391B7F; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01392A6D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01392A56; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0137EE3C; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0137C035; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0137C41F; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0137C457; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0137BFC5; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0137C478; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30138C5; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0138C69B; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0138C4FB; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0138C66F; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0138C23D; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0138C281; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0138C1F9; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0138C2D6; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0138C596; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0138C615; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0138C3C8; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0138C32B; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0138C465; RET
.text C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe[2668] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0138C4B0; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, C2]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, C2]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C229F0; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C229AF; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00C22A6D; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00C22A56; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00C1D4A0; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, C1]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00C25EF4; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, C1]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00C21D05; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C21D55; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00C21C66; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00C25C10; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00C25CAA; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, C2]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, C2]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00C25998; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00C21D2D; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00C25CFC; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00C2590C; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, C1]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, C1]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00C21B38; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00C21B06; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00C25B42; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00C21D80; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00C1D4E0; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00C25B8B; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00C25952; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, C2]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00C21C16; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, C1]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00C25C5D; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00C1D573; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00C25A24; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00C25AB6; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00C260A3; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00C259DE; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00C25A6D; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00C25AFC; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00C21B7F; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00C0C035; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00C0C41F; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00C0C457; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00C0BFC5; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00C0C478; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00C0EE3C; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300C1C5; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00C1C69B; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00C1C4FB; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00C1C66F; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00C1C23D; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00C1C281; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00C1C1F9; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00C1C2D6; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00C1C596; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00C1C615; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00C1C3C8; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00C1C32B; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00C1C465; RET
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3092] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00C1C4B0; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, 15]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, 15]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001529F0; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001529AF; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0014D4A0; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, 14]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00155EF4; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, 14]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00151D05; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00151D55; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00151C66; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00155C10; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00155CAA; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, 15]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, 15]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00155998; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00151D2D; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00155CFC; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0015590C; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, 14]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, 14]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00151B38; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00151B06; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00155B42; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00151D80; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0014D4E0; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00155B8B; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00155952; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, 15]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00151C16; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, 14]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00155C5D; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0014D573; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00155A24; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00155AB6; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001560A3; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001559DE; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00155A6D; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00155AFC; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00151B7F; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00152A6D; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00152A56; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0013C035; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0013C41F; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0013C457; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0013BFC5; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0013C478; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0013EE3C; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30014C5; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0014C69B; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0014C4FB; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0014C66F; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0014C23D; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0014C281; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0014C1F9; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0014C2D6; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0014C596; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0014C615; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0014C3C8; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0014C32B; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0014C465; RET
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3116] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0014C4B0; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01C0259A; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [75, 27, C0, 01, C3] {JNZ 0x29; ROL BYTE [ECX], 0xc3}
.text C:\Program Files\WTouch\WTouchUser.exe[3284] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 01C029F0; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 01C029AF; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 01C02A6D; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 01C02A56; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 01BFD4A0; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetDC 7E4186C7 6 Bytes PUSH 01BFD422; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 01C05EF4; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetWindowDC 7E419021 6 Bytes PUSH 01BFD461; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 01C01D05; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 01C01D55; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 01C01C66; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 01C05C10; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 01C05CAA; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!OpenInputDesktop 7E41ECA3 6 Bytes PUSH 01C0589E; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!SwitchDesktop 7E41FE6E 6 Bytes PUSH 01C058EE; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 01C05998; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 01C01D2D; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 01C05CFC; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 01C0590C; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!BeginPaint 7E428FE9 6 Bytes PUSH 01BFD317; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!EndPaint 7E428FFD 6 Bytes PUSH 01BFD387; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 01C01B38; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 01C01B06; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 01C05B42; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 01C01D80; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 01BFD4E0; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 01C05B8B; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 01C05952; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!SetCapture 7E42C35E 6 Bytes PUSH 01C01BBC; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 01C01C16; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetDCEx 7E42C595 6 Bytes PUSH 01BFD3C7; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 01C05C5D; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 01BFD573; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 01C05A24; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 01C05AB6; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 01C060A3; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 01C059DE; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 01C05A6D; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 01C05AFC; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 01C01B7F; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 01BEEE3C; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 01BEC035; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 01BEC41F; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 01BEC457; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 01BEBFC5; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 01BEC478; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C301BFC5; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 01BFC69B; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 01BFC4FB; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 01BFC66F; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 01BFC23D; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 01BFC281; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 01BFC1F9; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 01BFC2D6; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 01BFC596; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 01BFC615; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 01BFC3C8; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 01BFC32B; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 01BFC465; RET
.text C:\Program Files\WTouch\WTouchUser.exe[3284] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 01BFC4B0; RET
.text C:\WINDOWS\system32\SearchIndexer.exe[3288] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, C0]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, C0]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00C029F0; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00C029AF; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00BFD4A0; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, BF]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00C05EF4; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, BF]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00C01D05; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00C01D55; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00C01C66; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00C05C10; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00C05CAA; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, C0]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, C0]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00C05998; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00C01D2D; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00C05CFC; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00C0590C; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, BF]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, BF]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00C01B38; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00C01B06; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00C05B42; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00C01D80; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00BFD4E0; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00C05B8B; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00C05952; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, C0]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00C01C16; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, BF]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00C05C5D; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00BFD573; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00C05A24; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00C05AB6; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00C060A3; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00C059DE; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00C05A6D; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00C05AFC; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00C01B7F; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00C02A6D; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00C02A56; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00BEC035; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00BEC41F; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00BEC457; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00BEBFC5; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00BEC478; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00BEEE3C; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300BFC5; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00BFC69B; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00BFC4FB; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00BFC66F; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00BFC23D; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00BFC281; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00BFC1F9; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00BFC2D6; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00BFC596; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00BFC615; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00BFC3C8; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00BFC32B; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00BFC465; RET
.text C:\Program Files\D-Link\SharePort Utility\Connect.exe[3392] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00BFC4B0; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, 15]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, 15]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001529F0; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001529AF; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0014D4A0; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, 14]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00155EF4; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, 14]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00151D05; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00151D55; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00151C66; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00155C10; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00155CAA; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, 15]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, 15]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00155998; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00151D2D; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00155CFC; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0015590C; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, 14]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, 14]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00151B38; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00151B06; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00155B42; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00151D80; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0014D4E0; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00155B8B; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00155952; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, 15]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00151C16; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, 14]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00155C5D; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0014D573; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00155A24; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00155AB6; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001560A3; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001559DE; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00155A6D; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00155AFC; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00151B7F; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00152A6D; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00152A56; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0013C035; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0013C41F; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0013C457; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0013BFC5; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0013C478; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0013EE3C; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30014C5; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0014C69B; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0014C4FB; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0014C66F; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0014C23D; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0014C281; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0014C1F9; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0014C2D6; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0014C596; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0014C615; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0014C3C8; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0014C32B; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0014C465; RET
.text C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe[3516] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0014C4B0; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, DA]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, DA]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00DA29F0; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00DA29AF; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00DA2A6D; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00DA2A56; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 00D9D4A0; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, D9]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00DA5EF4; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, D9]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00DA1D05; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00DA1D55; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00DA1C66; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00DA5C10; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00DA5CAA; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, DA]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, DA]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00DA5998; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00DA1D2D; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00DA5CFC; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 00DA590C; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, D9]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, D9]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00DA1B38; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00DA1B06; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00DA5B42; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00DA1D80; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 00D9D4E0; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00DA5B8B; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00DA5952; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, DA]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00DA1C16; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, D9]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00DA5C5D; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 00D9D573; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00DA5A24; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00DA5AB6; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 00DA60A3; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 00DA59DE; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00DA5A6D; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00DA5AFC; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00DA1B7F; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 00D8C035; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00D8C41F; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00D8C457; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 00D8BFC5; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00D8C478; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 00D8EE3C; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C300D9C5; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 00D9C69B; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 00D9C4FB; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 00D9C66F; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 00D9C23D; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 00D9C281; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 00D9C1F9; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 00D9C2D6; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 00D9C596; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 00D9C615; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 00D9C3C8; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 00D9C32B; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 00D9C465; RET
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[3948] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 00D9C4B0; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, 15]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [75, 27, 15]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001529F0; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001529AF; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00152A6D; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00152A56; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0013C035; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0013C41F; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0013C457; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0013BFC5; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0013C478; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0014D4A0; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, 14]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00155EF4; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, 14]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00151D05; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00151D55; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00151C66; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00155C10; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00155CAA; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, 15]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, 15]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00155998; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00151D2D; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00155CFC; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0015590C; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, 14]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, 14]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00151B38; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00151B06; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00155B42; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00151D80; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0014D4E0; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00155B8B; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00155952; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, 15]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00151C16; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, 14]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00155C5D; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0014D573; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00155A24; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00155AB6; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001560A3; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001559DE; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00155A6D; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00155AFC; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00151B7F; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0013EE3C; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30014C5; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0014C69B; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0014C4FB; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0014C66F; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0014C23D; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0014C281; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0014C1F9; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0014C2D6; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0014C596; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0014C615; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0014C3C8; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0014C32B; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0014C465; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4396] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0014C4B0; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 9A, 25, 15]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] ntdll.dll!LdrLoadDll 7C91632D 6 Bytes JMP 01520C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01757B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01757B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001529F0; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001529AF; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01523FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!ReleaseDC 7E41869D 6 Bytes PUSH 0014D4A0; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetDC 7E4186C7 4 Bytes [68, 22, D4, 14]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetDC + 5 7E4186CC 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 00155EF4; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetWindowDC 7E419021 4 Bytes [68, 61, D4, 14]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetWindowDC + 5 7E419026 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 00151D05; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 00151D55; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetCapture 7E4194DA 6 Bytes PUSH 00151C66; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 00155C10; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 00155CAA; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!OpenInputDesktop 7E41ECA3 4 Bytes [68, 9E, 58, 15]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!OpenInputDesktop + 5 7E41ECA8 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!SwitchDesktop 7E41FE6E 4 Bytes [68, EE, 58, 15]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!SwitchDesktop + 5 7E41FE73 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefDlgProcW 7E423D3A 6 Bytes PUSH 00155998; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetMessageA 7E42772B 6 Bytes PUSH 00151D2D; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!RegisterClassExA 7E427C39 6 Bytes PUSH 00155CFC; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefWindowProcW 7E428D20 6 Bytes PUSH 0015590C; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!BeginPaint 7E428FE9 4 Bytes [68, 17, D3, 14]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!BeginPaint + 5 7E428FEE 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!EndPaint 7E428FFD 4 Bytes [68, 87, D3, 14]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!EndPaint + 5 7E429002 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetCursorPos 7E42974E 6 Bytes PUSH 00151B38; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetMessagePos 7E42996C 6 Bytes PUSH 00151B06; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!CallWindowProcW 7E42A01E 6 Bytes PUSH 00155B42; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!PeekMessageA 7E42A340 6 Bytes PUSH 00151D80; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetUpdateRect 7E42A8C9 6 Bytes PUSH 0014D4E0; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!CallWindowProcA 7E42A97D 6 Bytes PUSH 00155B8B; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefWindowProcA 7E42C17E 6 Bytes PUSH 00155952; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!SetCapture 7E42C35E 4 Bytes [68, BC, 1B, 15]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!SetCapture + 5 7E42C363 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!ReleaseCapture 7E42C37A 6 Bytes PUSH 00151C16; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetDCEx 7E42C595 4 Bytes [68, C7, D3, 14]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetDCEx + 5 7E42C59A 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 00155C5D; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetUpdateRgn 7E42F5EC 6 Bytes PUSH 0014D573; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefFrameProcW 7E430833 6 Bytes PUSH 00155A24; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefMDIChildProcW 7E430A47 6 Bytes PUSH 00155AB6; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 001560A3; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefDlgProcA 7E43E577 6 Bytes PUSH 001559DE; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefFrameProcA 7E44F965 6 Bytes PUSH 00155A6D; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!DefMDIChildProcA 7E44F9B4 6 Bytes PUSH 00155AFC; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] USER32.dll!SetCursorPos 7E4561B3 6 Bytes PUSH 00151B7F; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01757AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 00152A6D; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes PUSH 00152A56; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] SHELL32.dll!SHFileOperation 7CA70C6C 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WS2_32.dll!getaddrinfo 71AB2A6F 6 Bytes PUSH 0013C035; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 0013C41F; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 0013C457; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WS2_32.dll!gethostbyname 71AB5355 6 Bytes PUSH 0013BFC5; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 0013C478; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] CRYPT32.dll!PFXImportCertStore 77AEFF8F 6 Bytes PUSH 0013EE3C; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!InternetReadFile 3D94655B 6 Bytes PUSH C30014C5; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpQueryInfoA 3D94879D 6 Bytes PUSH 0014C69B; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!InternetCloseHandle 3D949098 6 Bytes PUSH 0014C4FB; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!InternetQueryDataAvailable 3D94BF93 6 Bytes PUSH 0014C66F; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpOpenRequestA 3D94D518 6 Bytes PUSH 0014C23D; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpSendRequestW 3D94FACE 6 Bytes PUSH 0014C281; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpOpenRequestW 3D94FC0B 6 Bytes PUSH 0014C1F9; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpSendRequestA 3D95EEA1 6 Bytes PUSH 0014C2D6; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!InternetReadFileExA 3D963271 6 Bytes PUSH 0014C596; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!InternetSetFilePointer 3D9A5A11 6 Bytes PUSH 0014C615; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpSendRequestExA 3D9BA6DA 6 Bytes PUSH 0014C3C8; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpSendRequestExW 3D9BA733 6 Bytes PUSH 0014C32B; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpEndRequestA 3D9BA7E2 6 Bytes PUSH 0014C465; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[4452] WININET.dll!HttpEndRequestW 3D9BA814 6 Bytes PUSH 0014C4B0; RET
.text C:\WINDOWS\System32\svchost.exe[5500] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[5500] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090025
.text C:\WINDOWS\System32\svchost.exe[5500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F84
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F9F
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0079
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FBC
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FCD
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00B1
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00A0
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00CC
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F33
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00E7
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0054
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F69
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[5500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F44
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0036
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0FC0
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0025
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0073
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0062
.text C:\WINDOWS\System32\svchost.exe[5500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0047
.text C:\WINDOWS\System32\svchost.exe[5500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0F97
.text C:\WINDOWS\System32\svchost.exe[5500] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0FBC
.text C:\WINDOWS\System32\svchost.exe[5500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0FCD
.text C:\WINDOWS\System32\svchost.exe[5500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[5500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F002C
.text C:\WINDOWS\System32\svchost.exe[5500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0011
.text C:\WINDOWS\System32\svchost.exe[5500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#4 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 12 September 2012 - 03:24 PM

McAfee started with a very persistent pop up stating the Trojan name "repaired and removed". Computer started getting slower by the minute. Also desktop icons have been moved all to one side of desktop. Cannot move them around, have a mind of their own now. Malware bytes showed 3 files and 2 registry entries of the Trojan. When click to fix, nothing changes. Restarted computer - got blue screen. Restarted again and back to where I started. Icons on one side of desktop, computer barely moving.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.10.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dawn :: DAWN-999FD0EE80 [administrator]

9/11/2012 5:22:13 PM
mbam-log-2012-09-11 (20-27-30).txt

Scan type: Full scan (C:\|D:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349661
Time elapsed: 2 hour(s), 55 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$1627d24686913f271a51c185f906c400\n.) Good: (fastprox.dll) -> No action taken.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-1275210071-2049760794-839522115-1004\$1627d24686913f271a51c185f906c400\n.) Good: (fastprox.dll) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\RECYCLER\S-1-5-18\$1627d24686913f271a51c185f906c400\n (Trojan.0Access) -> No action taken.
C:\RECYCLER\S-1-5-18\$1627d24686913f271a51c185f906c400\U\00000001.@ (Trojan.0Access) -> No action taken.
C:\RECYCLER\S-1-5-21-1275210071-2049760794-839522115-1004\$1627d24686913f271a51c185f906c400\n (Trojan.0Access) -> No action taken.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 13 September 2012 - 12:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.




--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 13 September 2012 - 07:40 AM

Logs from: Adw cleaner & Rogue Killer

# AdwCleaner v2.001 - Logfile created 09/13/2012 at 06:43:33
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dawn - DAWN-999FD0EE80
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dawn\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Dawn\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Dawn\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Dawn\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Dawn\Local Settings\Application Data\Babylon
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=cc63466e0000000000000007e94c155e --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&babsrc=NT_ss&mntrId=cc63466e0000000000000007e94c155e --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\prefs.js

C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Web Search,Maps,Dashboard,Google Shortcuts Setti[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "cc63466e0000000000000007e94c155e");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "cc63466e0000000000000007e94c155e");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:02:28");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.aniweather.timeShifted", 465527);
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=cc63466e000000[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Dawn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=cc63466e0000000000000007e94c155e",
Deleted [l.17] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=cc63466e0000000000000007e94c155e" ]
Deleted [l.43] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.46] : keyword = "babylon.com",
Deleted [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",
Deleted [l.1243] : homepage = "hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=cc63466e0000000000000007e94c155e",
Deleted [l.1624] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=cc63466e0000000000000007e94c155e" ]

*************************

AdwCleaner[S2].txt - [11143 octets] - [13/09/2012 06:43:33]

########## EOF - C:\AdwCleaner[S2].txt - [11204 octets] ##########

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dawn [Admin rights]
Mode : Scan -- Date : 09/13/2012 06:50:10

Bad processes : 0

Registry Entries : 9
[RUN][SUSP PATH] HKCU\[...]\Run : jrctrtpb ("C:\Documents and Settings\Dawn\Local Settings\Application Data\cjtxtuws.exe") -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Cymatao ("C:\Documents and Settings\Dawn\Application Data\Ocaqix\rula.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1275210071-2049760794-839522115-1004[...]\Run : jrctrtpb ("C:\Documents and Settings\Dawn\Local Settings\Application Data\cjtxtuws.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1275210071-2049760794-839522115-1004[...]\Run : Cymatao ("C:\Documents and Settings\Dawn\Application Data\Ocaqix\rula.exe") -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$1627d24686913f271a51c185f906c400\@ --> FOUND
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1275210071-2049760794-839522115-1004\$1627d24686913f271a51c185f906c400\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$1627d24686913f271a51c185f906c400\U --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-1275210071-2049760794-839522115-1004\$1627d24686913f271a51c185f906c400\U --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$1627d24686913f271a51c185f906c400\L --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-1275210071-2049760794-839522115-1004\$1627d24686913f271a51c185f906c400\L --> FOUND

Driver : [LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive1: WDC WD5000AAKS-00V1A0 +++++
--- User ---
[MBR] c216357deeb8ca60233152b251577f93
[BSP] fdd6784ed80161ed5dfb1bc6fff7c667 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2500JD-00HBB0 +++++
--- User ---
[MBR] 3bdf815e90ed78f5433eddb152f319f8
[BSP] cfc07835dee738963ce631c595680d88 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15468 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31680180 | Size: 223003 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 13 September 2012 - 07:44 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 13 September 2012 - 09:55 AM

Ran combofix.Here is the log.
ComboFix 12-09-13.01 - Dawn 09/13/2012 10:17:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2514 [GMT -4:00]
Running from: c:\documents and settings\Dawn\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dawn\Application Data\Ocaqix
c:\documents and settings\Dawn\Application Data\Ocaqix\rula.exe
c:\documents and settings\Dawn\Application Data\WTouch
c:\documents and settings\Dawn\Application Data\WTouch\WTouch.xml
c:\documents and settings\Dawn\WINDOWS
C:\install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 14:33 . 2012-09-13 14:34 -------- d-----w- c:\documents and settings\Dawn\Application Data\WTouch
2012-09-11 18:25 . 2012-09-11 21:12 14664 ----a-w- c:\windows\stinger.sys
2012-09-11 18:24 . 2012-09-11 21:48 -------- d-----w- c:\program files\stinger
2012-09-11 16:41 . 2012-09-11 16:41 -------- d-----w- c:\program files\Enigma Software Group
2012-09-11 16:40 . 2012-09-11 18:15 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-11 16:40 . 2012-09-11 16:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-09-11 15:30 . 2012-09-11 15:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-09-11 15:06 . 2012-09-13 13:03 -------- d-----w- c:\documents and settings\Dawn\Application Data\Vyete
2012-09-11 15:06 . 2012-09-11 15:06 -------- d-----w- c:\documents and settings\Dawn\Application Data\Ridum
2012-09-10 13:33 . 2012-09-10 13:33 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-11 18:24 . 2011-01-27 22:33 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-11 18:24 . 2011-01-27 22:33 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-11 18:24 . 2011-01-27 22:33 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-09-07 21:04 . 2010-12-11 23:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 18:23 . 2012-08-06 15:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 18:23 . 2011-06-21 20:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 13:52 . 2012-08-06 13:52 8281168 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-01-26 18:02 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-01-26 14:11 . 2012-04-06 17:16 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-09-10 13:33 . 2011-06-11 19:29 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-01-27 22:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"Akamai NetSession Interface"="c:\documents and settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-06-11 206120]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-02 5417752]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-02 2536376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-02 390736]
"AnySync"="c:\program files\AnySync\SyncLauncher.exe" [2007-12-01 36864]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2009-06-23 28672]
.
c:\documents and settings\Dawn\Start Menu\Programs\Startup\
SharePort Utility.lnk - c:\program files\D-Link\SharePort Utility\Connect.exe [2010-9-9 337256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-1-26 221247]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^VDownloader.lnk]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\VDownloader.lnk
backup=c:\windows\pss\VDownloader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 21:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader]
2012-04-26 21:19 879616 ----a-w- c:\program files\VDownloader\VDownloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [4/21/2011 3:19 PM 911680]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/27/2011 6:33 PM 89792]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/1/2011 3:22 AM 169624]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [4/21/2011 3:19 PM 3987376]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [9/9/2010 4:49 PM 40960]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2/9/2012 2:27 PM 12184]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/27/2011 6:33 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/27/2011 6:33 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/27/2011 6:34 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/27/2011 6:33 PM 159608]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/11/2010 9:37 AM 206120]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [7/3/2009 6:19 PM 246920]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2/18/2010 2:16 PM 4497704]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/11/2010 9:37 AM 185640]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2/18/2010 2:17 PM 113448]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [4/21/2011 3:19 PM 163232]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/27/2011 6:33 PM 57600]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 5:01 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 5:01 AM 12184]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/27/2011 6:33 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/27/2011 6:33 PM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2010 1:14 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/6/2012 11:49 AM 250056]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/14/2011 11:47 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2010 1:14 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/27/2011 6:33 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/27/2011 6:33 PM 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 9:04 AM 114144]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/11/2011 10:33 AM 86016]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 18:23]
.
2012-02-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-DAWN-999FD0EE80-Dawn.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16 21:43]
.
2012-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-09-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 20:54]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 17:13]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 17:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1336406398&rver=5.5.4177.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fmy.msn.com%252f&lc=1033&id=254014
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKCU-Run-Cymatao - c:\documents and settings\Dawn\Application Data\Ocaqix\rula.exe
MSConfigStartUp-PC Pitstop Diskmd3 Reminder - c:\program files\PCPitstop\DiskMD3\Reminder-Diskmd3.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1452)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(5860)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Iomega\DriveIcons\IMGHOOK.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WTouch\WTouchUser.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-09-13 10:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-13 14:43
.
Pre-Run: 443,982,008,320 bytes free
Post-Run: 444,051,255,296 bytes free
.
- - End Of File - - 63CEA275B98A261C55ED203A8633F0A

I have had no issues running any of the steps given. Computer rebooted just fine. Computer also does not seem sluggish as it did before and the McAfee pop-up has not returned. I have yet to actually use the computer as I have been running the tests and will do so now, wanted to post this log ASAP, so I could get this finished.

#9 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 13 September 2012 - 11:00 AM

Computer seems to be running very well. If that was the last step, I am inquiring about all the items on the desktop (programs and.txt files downloaded for cleanup), just want to do some cleaning up. I won't touch them until instructed.
Thanks

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 13 September 2012 - 01:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 13 September 2012 - 09:01 PM

After script ran this log was created. Just before script ran a pop up asking to update combo fix to a newer version. I clicked no.

ComboFix 12-09-13.01 - Dawn 09/13/2012 21:01:01.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2442 [GMT -4:00]
Running from: c:\documents and settings\Dawn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dawn\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dawn\Application Data\WTouch
c:\documents and settings\Dawn\Application Data\WTouch\WTouch.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 01:10 . 2012-09-14 01:11 -------- d-----w- c:\documents and settings\Dawn\Application Data\WTouch
2012-09-11 18:25 . 2012-09-11 21:12 14664 ----a-w- c:\windows\stinger.sys
2012-09-11 18:24 . 2012-09-11 21:48 -------- d-----w- c:\program files\stinger
2012-09-11 16:41 . 2012-09-11 16:41 -------- d-----w- c:\program files\Enigma Software Group
2012-09-11 16:40 . 2012-09-11 18:15 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-11 16:40 . 2012-09-11 16:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-09-11 15:30 . 2012-09-11 15:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-09-11 15:06 . 2012-09-13 13:03 -------- d-----w- c:\documents and settings\Dawn\Application Data\Vyete
2012-09-11 15:06 . 2012-09-11 15:06 -------- d-----w- c:\documents and settings\Dawn\Application Data\Ridum
2012-09-10 13:33 . 2012-09-10 13:33 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-11 18:24 . 2011-01-27 22:33 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-11 18:24 . 2011-01-27 22:33 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-11 18:24 . 2011-01-27 22:33 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-09-07 21:04 . 2010-12-11 23:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 18:23 . 2012-08-06 15:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 18:23 . 2011-06-21 20:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 13:52 . 2012-08-06 13:52 8281168 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-01-26 18:02 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-01-26 14:11 . 2012-04-06 17:16 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-09-10 13:33 . 2011-06-11 19:29 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-01-27 22:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-13_14.34.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-14 01:11 . 2012-09-14 01:11 16384 c:\windows\Temp\Perflib_Perfdata_ab8.dat
+ 2012-09-14 01:10 . 2012-09-14 01:10 16384 c:\windows\Temp\Perflib_Perfdata_9ec.dat
+ 2011-06-21 02:50 . 2012-09-13 17:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-21 02:50 . 2012-09-13 10:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-26 18:09 . 2012-09-13 17:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-26 18:09 . 2012-09-13 10:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-09-13 17:13 . 2012-09-13 17:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"Akamai NetSession Interface"="c:\documents and settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-06-11 206120]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-02 5417752]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-02 2536376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-02 390736]
"AnySync"="c:\program files\AnySync\SyncLauncher.exe" [2007-12-01 36864]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2009-06-23 28672]
.
c:\documents and settings\Dawn\Start Menu\Programs\Startup\
SharePort Utility.lnk - c:\program files\D-Link\SharePort Utility\Connect.exe [2010-9-9 337256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-1-26 221247]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^VDownloader.lnk]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\VDownloader.lnk
backup=c:\windows\pss\VDownloader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 21:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:30 132392 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader]
2012-04-26 21:19 879616 ----a-w- c:\program files\VDownloader\VDownloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Dawn\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3408:TCP"= 3408:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [4/21/2011 3:19 PM 911680]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/27/2011 6:33 PM 89792]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/1/2011 3:22 AM 169624]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [4/21/2011 3:19 PM 3987376]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [9/9/2010 4:49 PM 40960]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2/9/2012 2:27 PM 12184]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/27/2011 6:33 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/27/2011 6:33 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/27/2011 6:34 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/27/2011 6:33 PM 159608]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/11/2010 9:37 AM 206120]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [7/3/2009 6:19 PM 246920]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2/18/2010 2:16 PM 4497704]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/11/2010 9:37 AM 185640]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2/18/2010 2:17 PM 113448]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [4/21/2011 3:19 PM 163232]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 5:01 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 5:01 AM 12184]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/27/2011 6:33 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/27/2011 6:33 PM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2010 1:14 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/6/2012 11:49 AM 250056]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/27/2011 6:33 PM 57600]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/14/2011 11:47 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2010 1:14 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/27/2011 6:33 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/27/2011 6:33 PM 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 9:04 AM 114144]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/11/2011 10:33 AM 86016]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 18:23]
.
2012-02-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-DAWN-999FD0EE80-Dawn.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16 21:43]
.
2012-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-09-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 20:54]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 17:13]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 17:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1336406398&rver=5.5.4177.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fmy.msn.com%252f&lc=1033&id=254014
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 21:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1452)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-09-13 21:16:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-14 01:16
ComboFix2.txt 2012-09-13 14:43
.
Pre-Run: 444,039,946,240 bytes free
Post-Run: 444,019,425,280 bytes free
.
- - End Of File - - 46384099985EE9E57D724E1D555BE1D1

Thought I was doing well until I went to post this log and I cannot use any of my browsers. McAfee is also dead. The icons are there but no action. This includes Mozilla, IE, Google Chrome, MSN and McAfee. I switched to my laptop to send this info.

#12 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 14 September 2012 - 07:35 AM

Hoping today is a better day.... after I posted last log, I could not get into any of the internet browsers. It was getting late so I was going to just shut down the computer and start over in the morning, but, the computer didn't want to shut down. I tried several different methods (ctrl, alt, del no go) finally ended up pushing the button and it shut down.
This am I started it up, it went thru a disk check (it has been doing the disk ck upon each restart thru this process)and desktop was good. I am now able to get McAfee virus and firewall started. The browsers are starting to work. In Mozilla I was unable to sign in to the bleeping computer website. I could click on other parts of the page with no issues. I closed out of Mozilla and tried MSN. That worked fine although I get occasonal pop-ups windows is blocking a few things such as - share port utility, windows live messenger. As they come up I have unblocked them. I went back to Mozilla and still cannot use the sign in. Firefox help section stated to update Java. When I checked the addons to see the version I had installed, Java 6.0.310.5 was disabled. I did update the Java, but this has not helped to be able to use Mozilla and sign into this website. I will do no more until I have a response back.

Edited by Rookie222, 14 September 2012 - 08:32 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 14 September 2012 - 02:54 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Rookie222

Rookie222
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 15 September 2012 - 06:00 AM

OTL logfile created on: 9/15/2012 6:42:02 AM - Run 2
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Documents and Settings\Dawn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.52% Memory free
4.84 Gb Paging File | 4.03 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 413.19 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
Drive D: | 15.11 Gb Total Space | 14.09 Gb Free Space | 93.24% Space Free | Partition Type: NTFS
Drive H: | 217.78 Gb Total Space | 136.32 Gb Free Space | 62.60% Space Free | Partition Type: NTFS

Computer Name: DAWN-999FD0EE80 | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dawn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\D-Link\SharePort Utility\Connect.exe (D-Link Corp.)
PRC - C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe ()
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe (NewSoft Technology Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\D-Link\SharePort Utility\Svlscapi.dll ()
MOD - C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Iomega\Common\IoATLDrv.dll ()


========== Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (D-Link SharePort Helper) -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (tgsrvc_verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (EPSON_EB_RPCV4_01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (EPSON_PM_RPCV4_01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (RapportIaso) -- c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys File not found
DRV - (Point32) -- system32\DRIVERS\point32.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (mfeavfk01) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) -- C:\WINDOWS\system32\drivers\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (sxuptp) -- C:\WINDOWS\system32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTERFXFX) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (iomdisk) -- C:\WINDOWS\system32\drivers\IomDisk.sys (Iomega Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC F8 6F E1 E9 FA CC 01 [binary data]
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\SearchScopes\{2EA62881-5769-4657-BF30-9F4D2202C9A5}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\SearchScopes\{E8167C69-B06D-4776-A6B1-A4E8BE108583}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1336406398&rver=5.5.4177.0&wp=MBI_SSL&wreply=https:%2F%2Flogin.secure.co1.msn.com%2Fwlsignin.aspx%3Fru%3Dhttp%253a%252f%252fmy.msn.com%252f&lc=1033&id=254014"
FF - prefs.js..extensions.enabledAddons: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.36
FF - prefs.js..extensions.enabledAddons: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledAddons: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/22 09:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012/05/03 09:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/14 09:20:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 09:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/09 13:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/22 09:16:38 | 000,000,000 | ---D | M]

[2010/05/12 20:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Extensions
[2012/08/22 09:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\extensions
[2010/05/12 14:16:11 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/06/24 16:30:17 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\extensions\ChoiceGuard@Microsoft
[2012/08/22 09:23:19 | 000,222,566 | ---- | M] () (No name found) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2011/10/16 15:54:02 | 000,372,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/03/19 13:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/14 09:20:24 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2011/06/24 10:39:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/10 09:33:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/03/01 15:28:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/10 09:33:29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/10 09:33:29 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2012/09/13 21:10:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120626170340.dll (McAfee, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [AnySync] C:\Program Files\AnySync\SyncLauncher.exe (iAnywhere Solutions, Inc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Dawn\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMidi] C:\WINDOWS\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMidi] C:\WINDOWS\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Dawn\Start Menu\Programs\Startup\SharePort Utility.lnk = C:\Program Files\D-Link\SharePort Utility\Connect.exe (D-Link Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264613689078 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264613670796 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCA468CE-1E68-486B-82C1-084A7A8F4B87}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/26 14:06:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 06:40:11 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dawn\Desktop\OTL.exe
[2012/09/14 09:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/09/14 09:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/14 09:11:41 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/14 09:11:41 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/14 09:11:35 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/14 09:11:35 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/14 09:10:01 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Dawn\Desktop\jxpiinstall.exe
[2012/09/13 21:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Application Data\WTouch
[2012/09/13 20:59:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/13 20:59:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/13 10:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/13 10:14:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/13 10:14:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/13 10:13:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/13 10:11:55 | 004,750,981 | R--- | C] (Swearware) -- C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
[2012/09/13 06:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Desktop\RK_Quarantine
[2012/09/12 09:51:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dawn\Desktop\dds.com
[2012/09/11 14:25:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/09/11 14:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/09/11 12:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/11 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/11 11:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Application Data\Vyete
[2012/09/11 11:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dawn\Application Data\Ridum
[2012/09/10 19:08:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dawn\Recent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/15 06:39:58 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dawn\Desktop\OTL.exe
[2012/09/14 11:36:19 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10061102}.rfx
[2012/09/14 11:36:19 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-10061102}.rfx
[2012/09/14 11:36:19 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10061102}.rfx
[2012/09/14 11:36:19 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10061102}.rfx
[2012/09/14 11:36:19 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-10061102}.rfx
[2012/09/14 10:02:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/09/14 09:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/14 09:16:28 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/09/14 09:16:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 09:16:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/14 09:16:19 | 3219,968,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 09:14:47 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10061102}.CDF
[2012/09/14 09:14:47 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10061102}.BAK
[2012/09/14 09:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 09:11:22 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/14 09:11:16 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/14 09:11:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/14 09:11:16 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/14 09:11:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/14 09:11:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/14 09:11:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/14 09:10:01 | 000,894,952 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Dawn\Desktop\jxpiinstall.exe
[2012/09/13 21:10:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/13 10:11:59 | 004,750,981 | R--- | M] (Swearware) -- C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
[2012/09/13 06:45:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/13 06:34:01 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\RogueKiller(1).exe
[2012/09/13 06:33:51 | 000,512,399 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\adwcleaner.exe
[2012/09/12 10:01:53 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe
[2012/09/12 09:51:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dawn\Desktop\dds.com
[2012/09/12 09:39:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dawn\defogger_reenable
[2012/09/12 09:39:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dawn\Desktop\Defogger.exe
[2012/09/11 17:12:32 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/09/11 15:19:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/11 14:24:51 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2012/09/11 14:24:51 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/09/11 14:24:51 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/09/11 11:09:37 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\aiwcroii
[2012/09/10 19:08:44 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\aqlbfosc
[2012/09/10 18:55:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/16 08:02:40 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/13 10:14:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/13 10:14:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/13 10:14:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/13 10:14:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/13 10:14:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/13 06:34:01 | 001,378,816 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\RogueKiller(1).exe
[2012/09/13 06:33:51 | 000,512,399 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\adwcleaner.exe
[2012/09/12 10:01:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\v969x0qd.exe
[2012/09/12 09:39:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dawn\defogger_reenable
[2012/09/12 09:39:15 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dawn\Desktop\Defogger.exe
[2012/09/11 11:24:32 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10061102}.BAK
[2012/09/11 11:09:37 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\aiwcroii
[2012/09/10 19:08:44 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\aqlbfosc
[2012/05/10 11:23:07 | 000,401,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/06 13:16:23 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/02/15 07:32:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/15 09:47:32 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/12/15 09:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/11/13 12:29:58 | 000,056,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/22 08:29:19 | 000,207,042 | ---- | C] () -- C:\WINDOWS\hpoins35.dat
[2011/04/22 08:29:19 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat
[2011/03/16 09:46:53 | 000,019,099 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/03/10 12:25:08 | 000,099,049 | ---- | C] () -- C:\WINDOWS\hpiins04.dat
[2011/03/10 12:25:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl04.dat
[2010/12/13 11:50:28 | 000,077,373 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/09 10:12:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/07 08:52:47 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Dawn\Application Data\default.pls
[2010/02/20 11:30:45 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 14:46:46 | 000,003,230 | ---- | C] () -- C:\Documents and Settings\Dawn\Application Data\wklnhst.dat
[2010/01/27 09:41:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\fusioncache.dat
[2010/01/26 22:29:40 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2010/01/26 16:06:36 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Dawn\.rnd
[2010/01/26 15:42:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\FASTWiz.html

< End of report >
I had an interesting pop up after this scan. "IE search provider default" A program on this computer has corrupted your default search for IE. IE has reset to Live search. - So I am guessing it was Babylon?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:39 AM

Posted 15 September 2012 - 07:58 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1275210071-2049760794-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/10/16 15:54:02 | 000,372,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\ln8j4nbg.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
    [2012/09/11 11:09:37 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\aiwcroii
    [2012/09/10 19:08:44 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\aqlbfosc
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users