Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Some Problems: Re-directing & Program Based Updating/Connecting


  • Please log in to reply

#1
Valis33

Valis33

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

I've recently started experiencing some problems with re-directs in Google, and when typing URLs directly into the address bar. In addition to this, programs, such as anti-virus applications, as well as video game applications such as Steam, have problems connecting to the internet when trying to update (in the anti-virus case) or connecting at all (in Steam's case).

I have tied scanning with TrendMicro's Housecall (when it was still functioning, now, unable to connect), SpySweeper, Avast!, and PandaSecurity, all to no avail.


Many thanks to any of you who will donate some of your time to save much of mine; thanks!
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Valis33

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
Valis33

Valis33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTListIT.Txt



OTListIt logfile created on: 2009-04-13 14:22:40 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = L:\Documents and Settings\Main\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1023.23 Mb Total Physical Memory | 425.43 Mb Available Physical Memory | 41.58% Memory free
2.90 Gb Paging File | 2.42 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): L:\pagefile.sys 2046 4092;

%SystemDrive% = L: | %SystemRoot% = L:\WINDOWS | %ProgramFiles% = L:\Program Files
C: Drive not present or media not loaded
Drive D: | 13.97 Gb Total Space | 1.75 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 43.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 34.18 Gb Total Space | 3.90 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Drive M: | 63.47 Gb Total Space | 37.37 Gb Free Space | 58.89% Space Free | Partition Type: FAT32
Drive S: | 78.28 Gb Total Space | 73.98 Gb Free Space | 94.51% Space Free | Partition Type: NTFS

Computer Name: ADAM
Current User Name: Main
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - L:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe (Panda Security, S.L.)
PRC - L:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - L:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe (Panda Security, S.L.)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe (Panda Security, S.L.)
PRC - L:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
PRC - L:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe (Panda Security S.L.)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe (Panda Security, S.L.)
PRC - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - L:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe (Panda Security, S.L.)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE (Panda Security, S.L.)
PRC - l:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE (Panda Software International)
PRC - L:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - L:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - L:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - L:\Program Files\Live365\Radio365\Radio365TrayAgent.exe (Live365)
PRC - L:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - L:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe (Panda Security, S.L.)
PRC - L:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - L:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - D:\hl2\Steam.exe (Valve Corporation)
PRC - L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - L:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - L:\Documents and Settings\Main\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- L:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- L:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- L:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Bonjour Service [Disabled | Stopped]) -- L:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- L:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- L:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (Gwmsrv [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\Gwmsrv.dll (Panda Security, S.L.)
SRV - (helpsvc [Auto | Running]) -- L:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- L:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- L:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- L:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (O&O Defrag [Auto | Running]) -- L:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (ose [On_Demand | Stopped]) -- L:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Panda Software Controller [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe (Panda Security, S.L.)
SRV - (PavPrSrv [Auto | Running]) -- L:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (PAVSRV [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe (Panda Security, S.L.)
SRV - (PSHost [Auto | Running]) -- l:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE (Panda Software International)
SRV - (PSIMSVC [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe (Panda Security S.L.)
SRV - (PskSvcRetail [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe (Panda Security, S.L.)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (TPSrv [Auto | Running]) -- L:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe (Panda Security, S.L.)
SRV - (uploadmgr [Auto | Stopped]) -- L:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- L:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- L:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- L:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (APPFLT [System | Running]) -- L:\WINDOWS\system32\Drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (ati2mtag [On_Demand | Running]) -- L:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATIAVAIW [On_Demand | Running]) -- L:\WINDOWS\system32\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV - (atksgt [Auto | Running]) -- L:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (AvFlt [On_Demand | Running]) -- File not found
DRV - (DSAFLT [System | Running]) -- L:\WINDOWS\system32\Drivers\DSAFLT.SYS (Panda Security, S.L.)
DRV - (FNETMON [System | Running]) -- L:\WINDOWS\system32\Drivers\fnetmon.SYS (Panda Security, S.L.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- L:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (IDSFLT [System | Running]) -- L:\WINDOWS\system32\Drivers\IDSFLT.SYS (Panda Security, S.L.)
DRV - (lirsgt [Auto | Running]) -- L:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (motmodem [On_Demand | Stopped]) -- L:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (MPE [On_Demand | Stopped]) -- L:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (NETFLTDI [System | Running]) -- L:\WINDOWS\system32\Drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060034 [On_Demand | Running]) -- L:\WINDOWS\system32\DRIVERS\neti1634.sys (Panda Security, S.L.)
DRV - (pavboot [Boot | Running]) -- L:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PAVDRV [Auto | Running]) -- L:\WINDOWS\system32\DRIVERS\pavdrv51.sys (Panda Security, S.L.)
DRV - (PavProc [Auto | Running]) -- L:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Security, S.L.)
DRV - (PavSRK.sys [On_Demand | Running]) -- File not found
DRV - (PavTPK.sys [On_Demand | Running]) -- File not found
DRV - (PQNTDrv [System | Running]) -- L:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Ptilink [On_Demand | Running]) -- L:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SAMFILT [On_Demand | Running]) -- L:\WINDOWS\SYSTEM32\drivers\samfilt.sys (Dolphin, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- L:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- L:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- L:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync04 [Boot | Running]) -- L:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- L:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (ShldDrv [System | Running]) -- L:\WINDOWS\system32\Drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (SISAGP [Boot | Running]) -- L:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC [On_Demand | Running]) -- L:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SiSRaid [Boot | Running]) -- L:\WINDOWS\system32\drivers\SiSRaid.sys (Silicon Integrated Systems)
DRV - (smwdm [On_Demand | Running]) -- L:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (UdfReadr [System | Running]) -- L:\WINDOWS\System32\drivers\udfreadr.sys (Roxio)
DRV - (USBAAPL [On_Demand | Stopped]) -- L:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (WNMFLT [System | Running]) -- L:\WINDOWS\system32\Drivers\WNMFLT.SYS (Panda Security, S.L.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = L:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.395
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: L:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-03-31 22:24:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: L:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-03-29 22:59:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: L:\PROGRAM FILES\BITDEFENDER 2008\TBEXTENSION [2008-03-23 10:51:04 | 00,000,000 | ---D | M]

[2008-07-17 19:38:35 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\mozilla\Extensions
[2008-07-17 19:38:35 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-12 12:29:35 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\mozilla\Firefox\Profiles\s8nkzrqv.default\extensions
[2008-07-21 20:11:07 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\mozilla\Firefox\Profiles\s8nkzrqv.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2008-10-04 11:59:03 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\mozilla\Firefox\Profiles\s8nkzrqv.default\extensions\[email protected]
[2009-04-12 12:44:04 | 00,000,000 | ---D | M] -- L:\Program Files\mozilla firefox\extensions
[2009-03-29 22:59:35 | 00,000,000 | ---D | M] -- L:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-09-15 14:28:48 | 00,000,000 | ---D | M] -- L:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007-11-11 01:12:00 | 00,000,000 | ---D | M] -- L:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008-08-17 16:15:26 | 00,000,000 | ---D | M] -- L:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009-03-29 22:59:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- L:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-03-29 22:59:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- L:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-11-13 23:32:33 | 00,211,456 | ---- | M] () -- L:\Program Files\mozilla firefox\components\srff.dll
[2008-07-02 11:31:38 | 00,001,394 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008-07-02 11:31:38 | 00,002,193 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008-07-02 11:31:38 | 00,001,534 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008-11-14 01:32:10 | 00,002,343 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008-07-02 11:31:38 | 00,001,706 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\google.xml
[2008-07-02 11:31:38 | 00,001,178 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008-07-02 11:31:38 | 00,000,792 | ---- | M] () -- L:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (738 bytes) - L:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {E3957EE5-F9B9-4A61-AAF9-DAC0B6CE541F} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - L:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - L:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AppleSyncNotifier] "L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] "L:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s (Panda Security, S.L.)
O4 - HKLM..\Run: [iTunesHelper] "L:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [SCANINICIO] "L:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe" (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] "L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] "L:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] "L:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [ctfmon.exe] L:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Radio365Agent] "L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe" (Live365)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - L:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - L:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - L:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - L:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - L:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - L:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231818559359 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...433/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Filter: - application/octet-stream - L:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - L:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - L:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - L:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - L:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - L:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - L:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - L:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - L:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - L:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (L:\WINDOWS\system32\userinit.exe) - L:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - L:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - L:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - L:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - L:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - L:\WINDOWS\system32\avldr.dll (Panda Security, S.L.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - L:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - L:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - L:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - L:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - L:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - L:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - L:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - L:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - L:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - L:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - L:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - L:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - L:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - L:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - L:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - L:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - L:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - L:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - L:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - L:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - L:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - L:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - L:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - L:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - L:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - L:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - L:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - L:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (ra) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - J:\autorun.inf () - [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - L:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - L:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

========== Files/Folders - Created Within 30 Days ==========

[3 L:\WINDOWS\System32\*.tmp files]
[4 L:\WINDOWS\*.tmp files]
[2009-04-13 14:20:47 | 00,501,248 | ---- | C] (OldTimer Tools) -- L:\Documents and Settings\Main\Desktop\OTListIt2.exe
[2009-04-13 14:03:17 | 00,060,416 | ---- | C] () -- L:\WINDOWS\System32\drivers\Combo-Fix.sys
[2009-04-13 14:03:15 | 00,053,248 | ---- | C] (Sysinternals) -- L:\WINDOWS\PSEXESVC.EXE
[2009-04-12 13:58:40 | 00,219,648 | ---- | C] () -- L:\WINDOWS\vFind.exe
[2009-04-12 13:58:40 | 00,212,480 | ---- | C] (SteelWerX) -- L:\WINDOWS\SWXCACLS.exe
[2009-04-12 13:58:40 | 00,161,792 | ---- | C] (SteelWerX) -- L:\WINDOWS\SWREG.exe
[2009-04-12 13:58:40 | 00,136,704 | ---- | C] (SteelWerX) -- L:\WINDOWS\SWSC.exe
[2009-04-12 13:58:40 | 00,098,816 | ---- | C] () -- L:\WINDOWS\sed.exe
[2009-04-12 13:58:40 | 00,080,412 | ---- | C] () -- L:\WINDOWS\grep.exe
[2009-04-12 13:58:40 | 00,068,096 | ---- | C] () -- L:\WINDOWS\zip.exe
[2009-04-12 13:58:40 | 00,029,696 | ---- | C] (NirSoft) -- L:\WINDOWS\NIRCMD.exe
[2009-04-12 13:58:34 | 00,388,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\CF26466.exe
[2009-04-12 13:58:34 | 00,000,000 | ---D | C] -- L:\WINDOWS\ERDNT
[2009-04-12 13:58:34 | 00,000,000 | ---D | C] -- L:\ComboFix
[2009-04-12 13:58:31 | 00,000,000 | ---D | C] -- L:\Qoobox
[2009-04-12 13:57:18 | 00,440,104 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\RootRepeal.zip
[2009-04-12 13:55:29 | 00,286,208 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\gmer.exe
[2009-04-12 13:53:38 | 00,278,161 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\gmer.zip
[2009-04-12 13:52:14 | 03,080,882 | R--- | C] () -- L:\Documents and Settings\Main\Desktop\ComboFix.exe
[2009-04-12 12:50:40 | 00,013,880 | ---- | C] () -- L:\WINDOWS\System32\drivers\COMFiltr.sys
[2009-04-12 12:50:27 | 00,000,000 | ---D | C] -- L:\Documents and Settings\Main\Local Settings\Application Data\Panda Security
[2009-04-12 12:47:33 | 00,084,024 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\pavdrv51.sys
[2009-04-12 12:47:32 | 00,000,261 | ---- | C] () -- L:\WINDOWS\System32\PavCPL.dat
[2009-04-12 12:47:31 | 00,214,188 | ---- | C] () -- L:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2009-04-12 12:47:31 | 00,214,188 | ---- | C] () -- L:\WINDOWS\System32\drivers\APPFCONT.DAT
[2009-04-12 12:47:31 | 00,001,132 | ---- | C] () -- L:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2009-04-12 12:47:31 | 00,001,132 | ---- | C] () -- L:\WINDOWS\System32\drivers\APPFLTR.CFG
[2009-04-12 12:47:26 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\idsflt.sys
[2009-04-12 12:47:26 | 00,052,992 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\dsaflt.sys
[2009-04-12 12:47:26 | 00,046,720 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\wnmflt.sys
[2009-04-12 12:47:18 | 00,158,848 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\NETFLTDI.SYS
[2009-04-12 12:47:18 | 00,073,728 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\APPFLT.SYS
[2009-04-12 12:47:18 | 00,022,072 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\fnetmon.sys
[2009-04-12 12:47:16 | 00,000,000 | ---D | C] -- L:\Documents and Settings\All Users\Application Data\Backup
[2009-04-12 12:47:03 | 00,054,832 | ---- | C] (Panda Software) -- L:\WINDOWS\System32\pavcpl.cpl
[2009-04-12 12:46:53 | 00,446,464 | ---- | C] (eHelp Corporation.) -- L:\WINDOWS\System32\HHActiveX.dll
[2009-04-12 12:46:49 | 00,193,280 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\TpUtil.dll
[2009-04-12 12:46:49 | 00,107,568 | ---- | C] (Panda Software) -- L:\WINDOWS\System32\SYSTOOLS.DLL
[2009-04-12 12:46:49 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\PavLspHook.dll
[2009-04-12 12:46:49 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\pavipc.dll
[2009-04-12 12:46:48 | 00,520,448 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\PavSHook.dll
[2009-04-12 12:46:46 | 00,197,888 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\neti1634.sys
[2009-04-12 12:46:45 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\avldr.dll
[2009-04-12 12:46:45 | 00,000,000 | ---D | C] -- L:\WINDOWS\System32\PAV
[2009-04-12 12:46:44 | 00,000,000 | ---D | C] -- L:\Documents and Settings\Main\Application Data\Panda Security
[2009-04-12 12:46:44 | 00,000,000 | ---D | C] -- L:\Documents and Settings\All Users\Application Data\Panda Security
[2009-04-12 12:43:50 | 00,179,640 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\PavProc.sys
[2009-04-12 12:43:50 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\ShlDrv51.sys
[2009-04-12 12:39:52 | 00,000,000 | ---D | C] -- L:\Program Files\Common Files\Panda Security
[2009-04-12 12:36:56 | 86,240,656 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\IS09promo.exe
[2009-04-12 12:18:15 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- L:\WINDOWS\System32\drivers\pavboot.sys
[2009-04-12 12:17:26 | 00,175,504 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\activescan2_en.exe
[2009-04-08 22:44:48 | 00,000,000 | ---D | C] -- L:\Documents and Settings\Main\Desktop\New Folder (2)
[2009-04-08 18:27:40 | 00,000,000 | ---D | C] -- L:\Documents and Settings\Main\Desktop\New Folder
[2009-04-08 18:26:18 | 00,000,000 | ---D | C] -- L:\WINDOWS\Prefetch
[2009-04-08 18:23:05 | 00,003,151 | ---- | C] () -- L:\WINDOWS\System32\spupdsvc.inf
[2009-04-07 23:36:22 | 00,000,000 | ---D | C] -- L:\WINDOWS\System32\scripting
[2009-04-07 23:36:18 | 00,000,000 | ---D | C] -- L:\WINDOWS\l2schemas
[2009-04-07 23:36:16 | 00,000,000 | ---D | C] -- L:\WINDOWS\System32\en
[2009-04-07 23:24:56 | 00,033,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sprecovr.exe
[2009-04-07 23:22:47 | 00,086,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msxml6r.dll
[2009-04-07 23:22:46 | 00,655,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mstscax.dll
[2009-04-07 23:22:46 | 00,443,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\html.iec
[2009-04-07 23:22:46 | 00,407,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mstsc.exe
[2009-04-07 23:22:46 | 00,118,272 | ---- | C] () -- L:\WINDOWS\System32\mpeg2data.ax
[2009-04-07 23:22:45 | 00,716,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\windowscodecs.dll
[2009-04-07 23:22:45 | 00,412,160 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\photometadatahandler.dll
[2009-04-07 23:22:45 | 00,352,256 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\windowscodecsext.dll
[2009-04-07 23:22:45 | 00,351,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xpsp3res.dll
[2009-04-07 23:22:45 | 00,276,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wmphoto.dll
[2009-04-07 23:22:45 | 00,121,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xmllite.dll
[2009-04-07 23:22:45 | 00,062,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tzchange.exe
[2009-04-07 23:22:45 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\verclsid.exe
[2009-04-07 23:22:43 | 02,113,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dxdiagn.dll
[2009-04-07 23:22:43 | 00,110,592 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bthprops.cpl
[2009-04-07 23:22:43 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdukx.dll
[2009-04-07 23:22:41 | 00,059,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\logman.exe
[2009-04-07 23:22:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsprpres.dll
[2009-04-07 23:22:37 | 00,380,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\irprops.cpl
[2009-04-07 23:22:37 | 00,013,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wscntfy.exe
[2009-04-07 23:22:36 | 00,148,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wscui.cpl
[2009-04-07 23:22:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\w3ssl.dll
[2009-04-07 23:22:35 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bitsprx2.dll
[2009-04-07 23:22:35 | 00,007,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdsmsno.dll
[2009-04-07 23:22:34 | 00,080,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\firewall.cpl
[2009-04-07 23:22:34 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdfi1.dll
[2009-04-07 23:22:33 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netsetup.cpl
[2009-04-07 23:22:33 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\spupdwxp.exe
[2009-04-07 23:22:32 | 00,159,232 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sbeio.dll
[2009-04-07 23:22:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdmlt47.dll
[2009-04-07 23:22:30 | 00,108,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wshbth.dll
[2009-04-07 23:22:29 | 00,118,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdadiag.dll
[2009-04-07 23:22:29 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\httpapi.dll
[2009-04-07 23:22:28 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\smbinst.exe
[2009-04-07 23:22:28 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hccoin.dll
[2009-04-07 23:22:27 | 00,060,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fwcfg.dll
[2009-04-07 23:22:26 | 01,689,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\d3d9.dll
[2009-04-07 23:22:26 | 00,009,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\proxycfg.exe
[2009-04-07 23:22:25 | 00,134,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mssap.dll
[2009-04-07 23:22:23 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdinmal.dll
[2009-04-07 23:22:22 | 00,937,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winbrand.dll
[2009-04-07 23:22:22 | 00,129,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xmlprov.dll
[2009-04-07 23:22:22 | 00,050,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xmlprovi.dll
[2009-04-07 23:22:22 | 00,044,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\twext.dll
[2009-04-07 23:22:22 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\spnpinst.exe
[2009-04-07 23:22:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdinbe1.dll
[2009-04-07 23:22:20 | 00,013,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmsetacl.dll
[2009-04-07 23:22:17 | 00,193,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fsquirt.exe
[2009-04-07 23:22:17 | 00,050,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\btpanui.dll
[2009-04-07 23:22:15 | 00,049,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\powercfg.exe
[2009-04-07 23:22:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bthci.dll
[2009-04-07 23:22:15 | 00,007,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdsmsfi.dll
[2009-04-07 23:22:14 | 00,351,232 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winhttp.dll
[2009-04-07 23:22:14 | 00,030,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bthserv.dll
[2009-04-07 23:22:13 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winshfhc.dll
[2009-04-07 23:22:13 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bitsprx3.dll
[2009-04-07 23:22:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\faxpatch.exe
[2009-04-07 23:22:11 | 00,081,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wscsvc.dll
[2009-04-07 23:22:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\encapi.dll
[2009-04-07 23:22:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdmlt48.dll
[2009-04-07 23:22:09 | 00,177,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msctfime.ime
[2009-04-07 23:22:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\auditusr.exe
[2009-04-07 23:22:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdno1.dll
[2009-04-07 23:22:07 | 00,438,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xpob2res.dll
[2009-04-07 23:22:07 | 00,071,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\blastcln.exe
[2009-04-07 23:22:06 | 00,075,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\strmfilt.dll
[2009-04-07 23:22:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wuauserv.dll
[2009-04-07 23:22:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdinben.dll
[2009-04-07 23:22:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdmaori.dll
[2009-04-07 23:22:03 | 00,100,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bthpan.sys
[2009-04-07 23:22:03 | 00,044,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\agpcpq.sys
[2009-04-07 23:22:03 | 00,042,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\alim1541.sys
[2009-04-07 23:22:03 | 00,042,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\agp440.sys
[2009-04-07 23:22:03 | 00,038,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bthmodem.sys
[2009-04-07 23:22:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\amdk7.sys
[2009-04-07 23:22:03 | 00,029,184 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sdhcinst.dll
[2009-04-07 23:22:03 | 00,017,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bthenum.sys
[2009-04-07 23:22:02 | 00,067,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sdbus.sys
[2009-04-07 23:22:02 | 00,059,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rfcomm.sys
[2009-04-07 23:22:02 | 00,046,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\gagp30kx.sys
[2009-04-07 23:22:02 | 00,036,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\intelppm.sys
[2009-04-07 23:22:02 | 00,035,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bthprint.sys
[2009-04-07 23:22:02 | 00,030,080 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rndismpx.sys
[2009-04-07 23:22:02 | 00,029,056 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ip6fw.sys
[2009-04-07 23:22:02 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\hidbth.sys
[2009-04-07 23:22:02 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bthusb.sys
[2009-04-07 23:22:02 | 00,015,488 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mssmbios.sys
[2009-04-07 23:22:02 | 00,015,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\hidir.sys
[2009-04-07 23:22:02 | 00,012,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mutohpen.sys
[2009-04-07 23:22:02 | 00,012,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tunmp.sys
[2009-04-07 23:22:02 | 00,011,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sffdisk.sys
[2009-04-07 23:22:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sffp_sd.sys
[2009-04-07 23:22:02 | 00,006,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\smbali.sys
[2009-04-07 23:22:01 | 00,382,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\qmgr.dll
[2009-04-07 23:22:01 | 00,078,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbvideo.sys
[2009-04-07 23:22:01 | 00,044,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\uagp35.sys
[2009-04-07 23:22:01 | 00,042,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\viaagp.sys
[2009-04-07 23:22:01 | 00,026,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbehci.sys
[2009-04-07 23:22:01 | 00,013,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\wacompen.sys
[2009-04-07 23:22:01 | 00,012,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usb8023x.sys
[2009-04-07 23:22:00 | 00,097,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpcdll.dll
[2009-04-07 23:22:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pidgen.dll
[2009-04-07 23:21:59 | 00,262,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\http.sys
[2009-04-07 23:21:59 | 00,104,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\p2pgasvc.dll
[2009-04-07 23:21:59 | 00,104,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\p2pgasvc.dll
[2009-04-07 23:21:59 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pnrpnsp.dll
[2009-04-07 23:21:59 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\pnrpnsp.dll
[2009-04-07 23:21:58 | 00,553,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\p2psvc.dll
[2009-04-07 23:21:58 | 00,553,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\p2psvc.dll
[2009-04-07 23:21:58 | 00,539,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msftedit.dll
[2009-04-07 23:21:58 | 00,539,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msftedit.dll
[2009-04-07 23:21:58 | 00,313,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\p2pgraph.dll
[2009-04-07 23:21:58 | 00,313,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\p2pgraph.dll
[2009-04-07 23:21:58 | 00,078,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ieencode.dll
[2009-04-07 23:21:58 | 00,078,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ieencode.dll
[2009-04-07 23:21:58 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fltlib.dll
[2009-04-07 23:21:58 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\fltlib.dll
[2009-04-07 23:21:57 | 00,764,868 | ---- | C] () -- L:\WINDOWS\System32\dllcache\apph_sp.sdb
[2009-04-07 23:21:57 | 00,272,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bthport.sys
[2009-04-07 23:21:57 | 00,272,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\bthport.sys
[2009-04-07 23:21:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\p2p.dll
[2009-04-07 23:21:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\p2p.dll
[2009-04-07 23:21:57 | 00,128,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\fltmgr.sys
[2009-04-07 23:21:57 | 00,128,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\fltmgr.sys
[2009-04-07 23:21:57 | 00,115,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\p2pnetsh.dll
[2009-04-07 23:21:57 | 00,115,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\p2pnetsh.dll
[2009-04-07 23:21:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vidcap.ax
[2009-04-07 23:21:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\vidcap.ax
[2009-04-07 23:21:57 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fltmc.exe
[2009-04-07 23:21:57 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\fltmc.exe
[2009-04-07 23:21:54 | 02,897,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xpsp2res.dll
[2009-04-07 23:21:54 | 00,187,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xpsp1res.dll
[2009-04-07 23:21:46 | 00,256,512 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agentsvr.exe
[2009-04-07 23:21:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agentdpv.dll
[2009-04-07 23:21:46 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agentdp2.dll
[2009-04-07 23:21:46 | 00,022,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0408.dll
[2009-04-07 23:21:46 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt040c.dll
[2009-04-07 23:21:46 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0407.dll
[2009-04-07 23:21:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0413.dll
[2009-04-07 23:21:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0410.dll
[2009-04-07 23:21:46 | 00,019,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt040e.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0412.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0411.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt040d.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt040b.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0409.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0406.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0405.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0404.dll
[2009-04-07 23:21:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0401.dll
[2009-04-07 23:21:45 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0816.dll
[2009-04-07 23:21:45 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0c0a.dll
[2009-04-07 23:21:45 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0416.dll
[2009-04-07 23:21:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0804.dll
[2009-04-07 23:21:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt041f.dll
[2009-04-07 23:21:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt041d.dll
[2009-04-07 23:21:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0419.dll
[2009-04-07 23:21:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0415.dll
[2009-04-07 23:21:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\agt0414.dll
[2009-04-07 23:21:44 | 00,217,118 | ---- | C] () -- L:\WINDOWS\System32\dllcache\apphelp.sdb
[2009-04-07 23:21:44 | 00,198,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\cintime.dll
[2009-04-07 23:21:44 | 00,173,568 | ---- | C] () -- L:\WINDOWS\System32\dllcache\chtskf.dll
[2009-04-07 23:21:44 | 00,097,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\chtmbx.dll
[2009-04-07 23:21:44 | 00,086,528 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\directdb.dll
[2009-04-07 23:21:44 | 00,056,320 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\chtskdic.dll
[2009-04-07 23:21:44 | 00,005,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\comrereg.exe
[2009-04-07 23:21:43 | 13,463,552 | ---- | C] () -- L:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009-04-07 23:21:43 | 00,716,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imjpcus.dll
[2009-04-07 23:21:43 | 00,368,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imjpcic.dll
[2009-04-07 23:21:43 | 00,315,452 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imskf.dll
[2009-04-07 23:21:43 | 00,274,489 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imjputyc.dll
[2009-04-07 23:21:43 | 00,106,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imekrcic.dll
[2009-04-07 23:21:43 | 00,102,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imlang.dll
[2009-04-07 23:21:43 | 00,086,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009-04-07 23:21:43 | 00,081,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imjpdct.dll
[2009-04-07 23:21:42 | 02,136,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009-04-07 23:21:42 | 02,057,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009-04-07 23:21:42 | 02,015,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009-04-07 23:21:42 | 01,314,816 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msoe.dll
[2009-04-07 23:21:42 | 00,536,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msado15.dll
[2009-04-07 23:21:42 | 00,200,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msadox.dll
[2009-04-07 23:21:42 | 00,180,224 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msadomd.dll
[2009-04-07 23:21:42 | 00,111,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mtstocom.exe
[2009-04-07 23:21:42 | 00,102,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msjro.dll
[2009-04-07 23:21:41 | 02,180,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009-04-07 23:21:41 | 00,175,104 | ---- | C] () -- L:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009-04-07 23:21:41 | 00,070,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\pintlphr.exe
[2009-04-07 23:21:41 | 00,067,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\pmigrate.dll
[2009-04-07 23:21:41 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009-04-07 23:21:41 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- L:\WINDOWS\System32\dllcache\rw330ext.dll
[2009-04-07 23:21:41 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rw001ext.dll
[2009-04-07 23:21:41 | 00,015,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\padrs404.dll
[2009-04-07 23:21:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\padrs804.dll
[2009-04-07 23:21:40 | 01,197,294 | ---- | C] () -- L:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-04-07 23:21:40 | 00,510,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wab32.dll
[2009-04-07 23:21:40 | 00,426,041 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\voicepad.dll
[2009-04-07 23:21:40 | 00,086,073 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\voicesub.dll
[2009-04-07 23:21:40 | 00,085,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wabimp.dll
[2009-04-07 23:21:40 | 00,032,256 | ---- | C] (SiS Corporation) -- L:\WINDOWS\System32\dllcache\sisnic.sys
[2009-04-07 23:21:40 | 00,010,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\tmigrate.dll
[2009-04-07 23:21:36 | 00,259,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\comsetup.dll
[2009-04-07 23:21:36 | 00,115,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imsinsnt.dll
[2009-04-07 23:21:36 | 00,082,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msdtcstp.dll
[2009-04-07 23:21:33 | 01,033,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\explorer.exe
[2009-04-07 23:21:33 | 01,033,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\explorer.exe
[2009-04-07 23:21:33 | 00,146,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\regedit.exe
[2009-04-07 23:21:33 | 00,010,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\hh.exe
[2009-04-07 23:21:32 | 00,283,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\winhlp32.exe
[2009-04-07 23:21:32 | 00,050,688 | ---- | C] (Twain Working Group) -- L:\WINDOWS\twain_32.dll
[2009-04-07 23:21:32 | 00,028,160 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msoobe.exe
[2009-04-07 23:21:31 | 00,263,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\adsnt.dll
[2009-04-07 23:21:31 | 00,194,048 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\activeds.dll
[2009-04-07 23:21:31 | 00,183,808 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\accwiz.exe
[2009-04-07 23:21:31 | 00,175,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\adsldp.dll
[2009-04-07 23:21:31 | 00,143,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\adsldpc.dll
[2009-04-07 23:21:31 | 00,114,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\aclui.dll
[2009-04-07 23:21:31 | 00,101,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\actxprxy.dll
[2009-04-07 23:21:31 | 00,100,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\6to4svc.dll
[2009-04-07 23:21:31 | 00,100,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\6to4svc.dll
[2009-04-07 23:21:31 | 00,098,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ahui.exe
[2009-04-07 23:21:31 | 00,068,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\access.cpl
[2009-04-07 23:21:31 | 00,068,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\adsmsext.dll
[2009-04-07 23:21:31 | 00,044,544 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\alg.exe
[2009-04-07 23:21:31 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\alrsvc.dll
[2009-04-07 23:21:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\actmovie.exe
[2009-04-07 23:21:30 | 00,580,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\autofmt.exe
[2009-04-07 23:21:30 | 00,549,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\appwiz.cpl
[2009-04-07 23:21:30 | 00,126,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\apphelp.dll
[2009-04-07 23:21:30 | 00,114,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\asctrls.ocx
[2009-04-07 23:21:30 | 00,065,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\asycfilt.dll
[2009-04-07 23:21:30 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\atl.dll
[2009-04-07 23:21:30 | 00,056,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\authz.dll
[2009-04-07 23:21:30 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\audiosrv.dll
[2009-04-07 23:21:30 | 00,030,208 | ---- | C] (Adobe Systems) -- L:\WINDOWS\System32\atmlib.dll
[2009-04-07 23:21:30 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\at.exe
[2009-04-07 23:21:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\attrib.exe
[2009-04-07 23:21:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\autolfn.exe
[2009-04-07 23:21:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\attrib.exe
[2009-04-07 23:21:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\atmadm.exe
[2009-04-07 23:21:30 | 00,007,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\asferror.dll
[2009-04-07 23:21:30 | 00,007,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\asferror.dll
[2009-04-07 23:21:29 | 01,022,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\browseui.dll
[2009-04-07 23:21:29 | 01,022,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\browseui.dll
[2009-04-07 23:21:29 | 00,225,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\catsrv.dll
[2009-04-07 23:21:29 | 00,218,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\c_g18030.dll
[2009-04-07 23:21:29 | 00,218,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\c_g18030.dll
[2009-04-07 23:21:29 | 00,142,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\capesnpn.dll
[2009-04-07 23:21:29 | 00,142,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\capesnpn.dll
[2009-04-07 23:21:29 | 00,084,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\avifil32.dll
[2009-04-07 23:21:29 | 00,084,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cabview.dll
[2009-04-07 23:21:29 | 00,078,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\browsewm.dll
[2009-04-07 23:21:29 | 00,077,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\browser.dll
[2009-04-07 23:21:29 | 00,063,488 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\browselc.dll
[2009-04-07 23:21:29 | 00,059,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cabinet.dll
[2009-04-07 23:21:29 | 00,052,736 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\basesrv.dll
[2009-04-07 23:21:29 | 00,050,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\camocx.dll
[2009-04-07 23:21:29 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\batmeter.dll
[2009-04-07 23:21:29 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009-04-07 23:21:29 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bdaplgin.ax
[2009-04-07 23:21:29 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\bidispl.dll
[2009-04-07 23:21:29 | 00,008,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\batt.dll
[2009-04-07 23:21:28 | 02,067,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cdosys.dll
[2009-04-07 23:21:28 | 00,625,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\catsrvut.dll
[2009-04-07 23:21:28 | 00,498,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\clbcatq.dll
[2009-04-07 23:21:28 | 00,457,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\certmgr.dll
[2009-04-07 23:21:28 | 00,194,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\certcli.dll
[2009-04-07 23:21:28 | 00,151,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\cdfview.dll
[2009-04-07 23:21:28 | 00,151,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cdfview.dll
[2009-04-07 23:21:28 | 00,110,080 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\clbcatex.dll
[2009-04-07 23:21:28 | 00,109,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\cic.dll
[2009-04-07 23:21:28 | 00,109,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cic.dll
[2009-04-07 23:21:28 | 00,085,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\catsrvps.dll
[2009-04-07 23:21:28 | 00,078,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\chajei.ime
[2009-04-07 23:21:28 | 00,078,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\chajei.ime
[2009-04-07 23:21:28 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ciodm.dll
[2009-04-07 23:21:28 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ciodm.dll
[2009-04-07 23:21:28 | 00,064,000 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cleanmgr.exe
[2009-04-07 23:21:28 | 00,038,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cfgbkend.dll
[2009-04-07 23:21:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009-04-07 23:21:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cintlgnt.ime
[2009-04-07 23:21:28 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cfgmgr32.dll
[2009-04-07 23:21:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cisvc.exe
[2009-04-07 23:21:27 | 00,343,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmdial32.dll
[2009-04-07 23:21:27 | 00,229,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\compstui.dll
[2009-04-07 23:21:27 | 00,185,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmprops.dll
[2009-04-07 23:21:27 | 00,102,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\clipbrd.exe
[2009-04-07 23:21:27 | 00,097,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\comrepl.dll
[2009-04-07 23:21:27 | 00,097,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comrepl.dll
[2009-04-07 23:21:27 | 00,077,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cliconfg.dll
[2009-04-07 23:21:27 | 00,063,488 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmstp.exe
[2009-04-07 23:21:27 | 00,060,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\colbact.dll
[2009-04-07 23:21:27 | 00,057,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\clusapi.dll
[2009-04-07 23:21:27 | 00,047,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cnbjmon.dll
[2009-04-07 23:21:27 | 00,047,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmdl32.exe
[2009-04-07 23:21:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmutil.dll
[2009-04-07 23:21:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmmon32.exe
[2009-04-07 23:21:27 | 00,033,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\clipsrv.exe
[2009-04-07 23:21:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\comaddin.dll
[2009-04-07 23:21:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comaddin.dll
[2009-04-07 23:21:27 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cliconfg.rll
[2009-04-07 23:21:27 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cliconfg.exe
[2009-04-07 23:21:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmcfg32.dll
[2009-04-07 23:21:26 | 01,267,200 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comsvcs.dll
[2009-04-07 23:21:26 | 00,792,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comres.dll
[2009-04-07 23:21:26 | 00,597,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\crypt32.dll
[2009-04-07 23:21:26 | 00,540,160 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comuid.dll
[2009-04-07 23:21:26 | 00,512,512 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cryptui.dll
[2009-04-07 23:21:26 | 00,345,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\confmsp.dll
[2009-04-07 23:21:26 | 00,345,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\confmsp.dll
[2009-04-07 23:21:26 | 00,163,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\credui.dll
[2009-04-07 23:21:26 | 00,147,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\comsnap.dll
[2009-04-07 23:21:26 | 00,147,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comsnap.dll
[2009-04-07 23:21:26 | 00,101,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cscdll.dll
[2009-04-07 23:21:26 | 00,074,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cryptdlg.dll
[2009-04-07 23:21:26 | 00,063,488 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cryptnet.dll
[2009-04-07 23:21:26 | 00,060,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cryptsvc.dll
[2009-04-07 23:21:26 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cryptext.dll
[2009-04-07 23:21:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cryptdll.dll
[2009-04-07 23:21:26 | 00,027,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\conime.exe
[2009-04-07 23:21:26 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\corpol.dll
[2009-04-07 23:21:26 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\corpol.dll
[2009-04-07 23:21:25 | 01,179,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\d3d8.dll
[2009-04-07 23:21:25 | 01,054,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\danim.dll
[2009-04-07 23:21:25 | 01,054,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\danim.dll
[2009-04-07 23:21:25 | 00,825,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\d3dim700.dll
[2009-04-07 23:21:25 | 00,640,000 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dbghelp.dll
[2009-04-07 23:21:25 | 00,326,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cscui.dll
[2009-04-07 23:21:25 | 00,153,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\daxctle.ocx
[2009-04-07 23:21:25 | 00,152,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\datime.dll
[2009-04-07 23:21:25 | 00,152,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\datime.dll
[2009-04-07 23:21:25 | 00,098,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cscript.exe
[2009-04-07 23:21:25 | 00,078,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dayi.ime
[2009-04-07 23:21:25 | 00,078,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dayi.ime
[2009-04-07 23:21:25 | 00,054,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dataclen.dll
[2009-04-07 23:21:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dbmsrpcn.dll
[2009-04-07 23:21:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\davclnt.dll
[2009-04-07 23:21:25 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ctfmon.exe
[2009-04-07 23:21:25 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\d3d8thk.dll
[2009-04-07 23:21:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\csrss.exe
[2009-04-07 23:21:24 | 00,370,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dhcpmon.dll
[2009-04-07 23:21:24 | 00,370,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dhcpmon.dll
[2009-04-07 23:21:24 | 00,282,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\devmgr.dll
[2009-04-07 23:21:24 | 00,266,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ddraw.dll
[2009-04-07 23:21:24 | 00,123,904 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- L:\WINDOWS\System32\dfrgui.dll
[2009-04-07 23:21:24 | 00,111,104 | ---- | C] (Microsoft) -- L:\WINDOWS\System32\dgnet.dll
[2009-04-07 23:21:24 | 00,110,592 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dbnetlib.dll
[2009-04-07 23:21:24 | 00,104,960 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- L:\WINDOWS\System32\dfrgntfs.exe
[2009-04-07 23:21:24 | 00,082,432 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- L:\WINDOWS\System32\dfrgfat.exe
[2009-04-07 23:21:24 | 00,038,912 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- L:\WINDOWS\System32\dfrgsnap.dll
[2009-04-07 23:21:24 | 00,030,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ddeshare.exe
[2009-04-07 23:21:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dfsshlex.dll
[2009-04-07 23:21:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dbnmpntw.dll
[2009-04-07 23:21:24 | 00,027,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ddrawex.dll
[2009-04-07 23:21:24 | 00,025,088 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- L:\WINDOWS\System32\defrag.exe
[2009-04-07 23:21:24 | 00,008,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dciman32.dll
[2009-04-07 23:21:24 | 00,005,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2009-04-07 23:21:24 | 00,005,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dcomcnfg.exe
[2009-04-07 23:21:24 | 00,001,788 | ---- | C] () -- L:\WINDOWS\System32\dcache.bin
[2009-04-07 23:21:23 | 01,501,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\diskcopy.dll
[2009-04-07 23:21:23 | 01,501,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\diskcopy.dll
[2009-04-07 23:21:23 | 00,273,920 | ---- | C] (Microsoft Corp.) -- L:\WINDOWS\System32\dmdlgs.dll
[2009-04-07 23:21:23 | 00,273,920 | ---- | C] (Microsoft Corp.) -- L:\WINDOWS\System32\dllcache\dmdlgs.dll
[2009-04-07 23:21:23 | 00,224,768 | ---- | C] (Microsoft Corp., Veritas Software) -- L:\WINDOWS\System32\dmadmin.exe
[2009-04-07 23:21:23 | 00,200,704 | ---- | C] (Microsoft Corp.) -- L:\WINDOWS\System32\dmdskmgr.dll
[2009-04-07 23:21:23 | 00,181,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dinput8.dll
[2009-04-07 23:21:23 | 00,181,248 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmime.dll
[2009-04-07 23:21:23 | 00,163,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\diskpart.exe
[2009-04-07 23:21:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dinput.dll
[2009-04-07 23:21:23 | 00,085,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\diantz.exe
[2009-04-07 23:21:23 | 00,082,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmscript.dll
[2009-04-07 23:21:23 | 00,068,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\digest.dll
[2009-04-07 23:21:23 | 00,061,440 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmcompos.dll
[2009-04-07 23:21:23 | 00,045,083 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dispex.dll
[2009-04-07 23:21:23 | 00,045,083 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dispex.dll
[2009-04-07 23:21:23 | 00,035,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmloader.dll
[2009-04-07 23:21:23 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmband.dll
[2009-04-07 23:21:23 | 00,023,552 | ---- | C] (Microsoft Corp.) -- L:\WINDOWS\System32\dmserver.dll
[2009-04-07 23:21:23 | 00,015,872 | ---- | C] (Microsoft Corp.) -- L:\WINDOWS\System32\dmremote.exe
[2009-04-07 23:21:23 | 00,005,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllhost.exe
[2009-04-07 23:21:22 | 00,229,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dplayx.dll
[2009-04-07 23:21:22 | 00,147,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dnsapi.dll
[2009-04-07 23:21:22 | 00,147,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dnsapi.dll
[2009-04-07 23:21:22 | 00,105,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmstyle.dll
[2009-04-07 23:21:22 | 00,104,448 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmusic.dll
[2009-04-07 23:21:22 | 00,103,424 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dmsynth.dll
[2009-04-07 23:21:22 | 00,052,224 | ---- | C] (Microsoft Corp.) -- L:\WINDOWS\System32\dmutil.dll
[2009-04-07 23:21:22 | 00,048,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\docprop2.dll
[2009-04-07 23:21:22 | 00,045,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dnsrslvr.dll
[2009-04-07 23:21:22 | 00,045,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2009-04-07 23:21:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dplaysvr.exe
[2009-04-07 23:21:22 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpmodemx.dll
[2009-04-07 23:21:22 | 00,003,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpnaddr.dll
[2009-04-07 23:21:21 | 00,375,296 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpnet.dll
[2009-04-07 23:21:21 | 00,060,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpnhupnp.dll
[2009-04-07 23:21:21 | 00,035,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpnhpast.dll
[2009-04-07 23:21:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpvacm.dll
[2009-04-07 23:21:21 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpnsvr.exe
[2009-04-07 23:21:21 | 00,003,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpnlobby.dll
[2009-04-07 23:21:20 | 01,294,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsound3d.dll
[2009-04-07 23:21:20 | 00,367,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsound.dll
[2009-04-07 23:21:20 | 00,239,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsquery.dll
[2009-04-07 23:21:20 | 00,212,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpvoice.dll
[2009-04-07 23:21:20 | 00,181,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsdmo.dll
[2009-04-07 23:21:20 | 00,144,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dskquoui.dll
[2009-04-07 23:21:20 | 00,144,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dskquoui.dll
[2009-04-07 23:21:20 | 00,142,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsprop.dll
[2009-04-07 23:21:20 | 00,116,736 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpvvox.dll
[2009-04-07 23:21:20 | 00,092,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dskquota.dll
[2009-04-07 23:21:20 | 00,083,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpvsetup.exe
[2009-04-07 23:21:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsdmoprp.dll
[2009-04-07 23:21:20 | 00,057,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dpwsockx.dll
[2009-04-07 23:21:20 | 00,051,200 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dssec.dll
[2009-04-07 23:21:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ds32gt.dll
[2009-04-07 23:21:20 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drprov.dll
[2009-04-07 23:21:19 | 01,227,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dx8vb.dll
[2009-04-07 23:21:19 | 00,619,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dx7vb.dll
[2009-04-07 23:21:19 | 00,304,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\duser.dll
[2009-04-07 23:21:19 | 00,180,224 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dwwin.exe
[2009-04-07 23:21:19 | 00,137,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dssenh.dll
[2009-04-07 23:21:19 | 00,113,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dsuiext.dll
[2009-04-07 23:21:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dswave.dll
[2009-04-07 23:21:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dvdupgrd.exe
[2009-04-07 23:21:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dumprep.exe
[2009-04-07 23:21:18 | 01,298,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dxdiag.exe
[2009-04-07 23:21:18 | 01,082,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\esent.dll
[2009-04-07 23:21:18 | 00,498,742 | ---- | C] () -- L:\WINDOWS\System32\dllcache\dxmasf.dll
[2009-04-07 23:21:18 | 00,380,957 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\expsrv.dll
[2009-04-07 23:21:18 | 00,253,952 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\es.dll
[2009-04-07 23:21:18 | 00,253,952 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\es.dll
[2009-04-07 23:21:18 | 00,193,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\eudcedit.exe
[2009-04-07 23:21:18 | 00,183,296 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\els.dll
[2009-04-07 23:21:18 | 00,121,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\exts.dll
[2009-04-07 23:21:18 | 00,121,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\exts.dll
[2009-04-07 23:21:18 | 00,080,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\faultrep.dll
[2009-04-07 23:21:18 | 00,055,808 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\eventlog.dll
[2009-04-07 23:21:18 | 00,045,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\extrac32.exe
[2009-04-07 23:21:18 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ersvc.dll
[2009-04-07 23:21:18 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\feclient.dll
[2009-04-07 23:21:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\f3ahvoas.dll
[2009-04-07 23:21:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009-04-07 23:21:17 | 00,614,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\h323msp.dll
[2009-04-07 23:21:17 | 00,546,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hhctrl.ocx
[2009-04-07 23:21:17 | 00,546,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\hhctrl.ocx
[2009-04-07 23:21:17 | 00,382,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fontext.dll
[2009-04-07 23:21:17 | 00,337,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\filemgmt.dll
[2009-04-07 23:21:17 | 00,283,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\gdi32.dll
[2009-04-07 23:21:17 | 00,283,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\gdi32.dll
[2009-04-07 23:21:17 | 00,265,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\h323.tsp
[2009-04-07 23:21:17 | 00,155,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hdwwiz.cpl
[2009-04-07 23:21:17 | 00,122,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\glu32.dll
[2009-04-07 23:21:17 | 00,087,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fldrclnr.dll
[2009-04-07 23:21:17 | 00,080,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fontsub.dll
[2009-04-07 23:21:17 | 00,080,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\fontsub.dll
[2009-04-07 23:21:17 | 00,039,424 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\grpconv.exe
[2009-04-07 23:21:17 | 00,027,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\findstr.exe
[2009-04-07 23:21:17 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\fontview.exe
[2009-04-07 23:21:17 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\help.exe
[2009-04-07 23:21:17 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\help.exe
[2009-04-07 23:21:17 | 00,009,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\gpkrsrc.dll
[2009-04-07 23:21:17 | 00,009,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\framebuf.dll
[2009-04-07 23:21:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\forcedos.exe
[2009-04-07 23:21:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\forcedos.exe
[2009-04-07 23:21:16 | 00,344,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hnetcfg.dll
[2009-04-07 23:21:16 | 00,330,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hnetwiz.dll
[2009-04-07 23:21:16 | 00,254,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\icm32.dll
[2009-04-07 23:21:16 | 00,144,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hotplug.dll
[2009-04-07 23:21:16 | 00,120,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\idq.dll
[2009-04-07 23:21:16 | 00,119,808 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\iasrad.dll
[2009-04-07 23:21:16 | 00,080,384 | ---- | C] (Radius Inc.) -- L:\WINDOWS\System32\iccvid.dll
[2009-04-07 23:21:16 | 00,073,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\icwdial.dll
[2009-04-07 23:21:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hlink.dll
[2009-04-07 23:21:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\hlink.dll
[2009-04-07 23:21:16 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\icwphbk.dll
[2009-04-07 23:21:16 | 00,041,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\htui.dll
[2009-04-07 23:21:16 | 00,041,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hhsetup.dll
[2009-04-07 23:21:16 | 00,029,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hidphone.tsp
[2009-04-07 23:21:16 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hid.dll
[2009-04-07 23:21:16 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\icaapi.dll
[2009-04-07 23:21:16 | 00,003,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\icmp.dll
[2009-04-07 23:21:15 | 00,811,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imjp81k.dll
[2009-04-07 23:21:15 | 00,811,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imjp81k.dll
[2009-04-07 23:21:15 | 00,683,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\inetcomm.dll
[2009-04-07 23:21:15 | 00,683,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\inetcomm.dll
[2009-04-07 23:21:15 | 00,340,023 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imjp81.ime
[2009-04-07 23:21:15 | 00,340,023 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imjp81.ime
[2009-04-07 23:21:15 | 00,274,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\inetcfg.dll
[2009-04-07 23:21:15 | 00,150,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imapi.exe
[2009-04-07 23:21:15 | 00,135,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ifmon.dll
[2009-04-07 23:21:15 | 00,114,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\iexpress.exe
[2009-04-07 23:21:15 | 00,110,080 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imm32.dll
[2009-04-07 23:21:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imekr61.ime
[2009-04-07 23:21:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\imekr61.ime
[2009-04-07 23:21:15 | 00,081,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ils.dll
[2009-04-07 23:21:15 | 00,075,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\inetpp.dll
[2009-04-07 23:21:15 | 00,036,921 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imeshare.dll
[2009-04-07 23:21:15 | 00,033,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\inetmib1.dll
[2009-04-07 23:21:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imaadp32.acm
[2009-04-07 23:21:15 | 00,015,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\inetppui.dll
[2009-04-07 23:21:15 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\igmpagnt.dll
[2009-04-07 23:21:14 | 00,384,000 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipsmsnap.dll
[2009-04-07 23:21:14 | 00,349,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipsecsnp.dll
[2009-04-07 23:21:14 | 00,331,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipnathlp.dll
[2009-04-07 23:21:14 | 00,330,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ippromon.dll
[2009-04-07 23:21:14 | 00,182,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipsecsvc.dll
[2009-04-07 23:21:14 | 00,169,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\iprtrmgr.dll
[2009-04-07 23:21:14 | 00,169,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\iprtrmgr.dll
[2009-04-07 23:21:14 | 00,154,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipmontr.dll
[2009-04-07 23:21:14 | 00,154,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ipmontr.dll
[2009-04-07 23:21:14 | 00,147,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\initpki.dll
[2009-04-07 23:21:14 | 00,129,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\intl.cpl
[2009-04-07 23:21:14 | 00,123,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\input.dll
[2009-04-07 23:21:14 | 00,094,720 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\iphlpapi.dll
[2009-04-07 23:21:14 | 00,094,720 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\iphlpapi.dll
[2009-04-07 23:21:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipconfig.exe
[2009-04-07 23:21:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\inetres.dll
[2009-04-07 23:21:14 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipconf.tsp
[2009-04-07 23:21:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipsink.ax
[2009-04-07 23:21:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ipsink.ax
[2009-04-07 23:21:13 | 00,491,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\jscript.dll
[2009-04-07 23:21:13 | 00,491,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\jscript.dll
[2009-04-07 23:21:13 | 00,163,840 | ---- | C] (America Online) -- L:\WINDOWS\System32\jgdw400.dll
[2009-04-07 23:21:13 | 00,163,840 | ---- | C] (America Online) -- L:\WINDOWS\System32\dllcache\jgdw400.dll
[2009-04-07 23:21:13 | 00,155,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\itircl.dll
[2009-04-07 23:21:13 | 00,137,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\itss.dll
[2009-04-07 23:21:13 | 00,081,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\isign32.dll
[2009-04-07 23:21:13 | 00,068,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\joy.cpl
[2009-04-07 23:21:13 | 00,059,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipv6mon.dll
[2009-04-07 23:21:13 | 00,054,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ixsso.dll
[2009-04-07 23:21:13 | 00,053,248 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipv6.exe
[2009-04-07 23:21:13 | 00,047,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\iyuv_32.dll
[2009-04-07 23:21:13 | 00,047,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009-04-07 23:21:13 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- L:\WINDOWS\System32\jgpl400.dll
[2009-04-07 23:21:13 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- L:\WINDOWS\System32\dllcache\jgpl400.dll
[2009-04-07 23:21:13 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipxroute.exe
[2009-04-07 23:21:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ipxwan.dll
[2009-04-07 23:21:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ipxwan.dll
[2009-04-07 23:21:13 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdibm02.dll
[2009-04-07 23:21:13 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdax2.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbd106n.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbd106.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbd101.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbdax2.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbd106n.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbd106.dll
[2009-04-07 23:21:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbd101.dll
[2009-04-07 23:21:12 | 00,423,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\licdll.dll
[2009-04-07 23:21:12 | 00,399,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\lmrt.dll
[2009-04-07 23:21:12 | 00,295,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kerberos.dll
[2009-04-07 23:21:12 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- L:\WINDOWS\System32\l3codeca.acm
[2009-04-07 23:21:12 | 00,150,528 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\keymgr.dll
[2009-04-07 23:21:12 | 00,130,048 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ksproxy.ax
[2009-04-07 23:21:12 | 00,130,048 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ksproxy.ax
[2009-04-07 23:21:12 | 00,097,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\loadperf.dll
[2009-04-07 23:21:12 | 00,090,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kswdmcap.ax
[2009-04-07 23:21:12 | 00,090,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009-04-07 23:21:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kstvtune.ax
[2009-04-07 23:21:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kstvtune.ax
[2009-04-07 23:21:12 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\licwmi.dll
[2009-04-07 23:21:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ksxbar.ax
[2009-04-07 23:21:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ksxbar.ax
[2009-04-07 23:21:12 | 00,033,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kmddsp.tsp
[2009-04-07 23:21:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\linkinfo.dll
[2009-04-07 23:21:12 | 00,007,424 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kd1394.dll
[2009-04-07 23:21:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdnec.dll
[2009-04-07 23:21:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbdnec.dll
[2009-04-07 23:21:12 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdlk41a.dll
[2009-04-07 23:21:12 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009-04-07 23:21:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kbdlk41j.dll
[2009-04-07 23:21:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009-04-07 23:21:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ksuser.dll
[2009-04-07 23:21:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ksuser.dll
[2009-04-07 23:21:11 | 00,927,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mfc40u.dll
[2009-04-07 23:21:11 | 00,927,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mfc40u.dll
[2009-04-07 23:21:11 | 00,514,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\logonui.exe
[2009-04-07 23:21:11 | 00,221,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\localsec.dll
[2009-04-07 23:21:11 | 00,220,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\logon.scr
[2009-04-07 23:21:11 | 00,118,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mdminst.dll
[2009-04-07 23:21:11 | 00,085,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\makecab.exe
[2009-04-07 23:21:11 | 00,084,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mciavi32.dll
[2009-04-07 23:21:11 | 00,072,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\magnify.exe
[2009-04-07 23:21:11 | 00,072,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\magnify.exe
[2009-04-07 23:21:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mf3216.dll
[2009-04-07 23:21:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mf3216.dll
[2009-04-07 23:21:11 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mciwave.dll
[2009-04-07 23:21:11 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mciseq.dll
[2009-04-07 23:21:11 | 00,022,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\lpk.dll
[2009-04-07 23:21:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mcastmib.dll
[2009-04-07 23:21:11 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\lsass.exe
[2009-04-07 23:21:11 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\localui.dll
[2009-04-07 23:21:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\lprhelp.dll
[2009-04-07 23:21:10 | 01,192,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mmcndmgr.dll
[2009-04-07 23:21:10 | 01,028,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mfc42.dll
[2009-04-07 23:21:10 | 00,815,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mmc.exe
[2009-04-07 23:21:10 | 00,618,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mmsys.cpl
[2009-04-07 23:21:10 | 00,586,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mlang.dll
[2009-04-07 23:21:10 | 00,207,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mobsync.dll
[2009-04-07 23:21:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mmcbase.dll
[2009-04-07 23:21:10 | 00,060,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\miglibnt.dll
[2009-04-07 23:21:10 | 00,050,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mmcshext.dll
[2009-04-07 23:21:10 | 00,034,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mnmdd.dll
[2009-04-07 23:21:10 | 00,032,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mnmsrvc.exe
[2009-04-07 23:21:10 | 00,022,528 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mfcsubs.dll
[2009-04-07 23:21:10 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mimefilt.dll
[2009-04-07 23:21:10 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\midimap.dll
[2009-04-07 23:21:10 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mimefilt.dll
[2009-04-07 23:21:10 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mmfutil.dll
[2009-04-07 23:21:10 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\miniime.tpl
[2009-04-07 23:21:09 | 00,294,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msaud32.acm
[2009-04-07 23:21:09 | 00,262,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mpg4ds32.ax
[2009-04-07 23:21:09 | 00,221,184 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msadds32.ax
[2009-04-07 23:21:09 | 00,216,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\moricons.dll
[2009-04-07 23:21:09 | 00,153,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\modemui.dll
[2009-04-07 23:21:09 | 00,148,992 | ---- | C] () -- L:\WINDOWS\System32\mpg2splt.ax
[2009-04-07 23:21:09 | 00,143,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mobsync.exe
[2009-04-07 23:21:09 | 00,123,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mplay32.exe
[2009-04-07 23:21:09 | 00,087,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mprapi.dll
[2009-04-07 23:21:09 | 00,086,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msapsspc.dll
[2009-04-07 23:21:09 | 00,074,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mscms.dll
[2009-04-07 23:21:09 | 00,074,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mscms.dll
[2009-04-07 23:21:09 | 00,071,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msacm32.dll
[2009-04-07 23:21:09 | 00,059,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mpr.dll
[2009-04-07 23:21:09 | 00,057,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msasn1.dll
[2009-04-07 23:21:09 | 00,049,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mprdim.dll
[2009-04-07 23:21:09 | 00,049,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mprdim.dll
[2009-04-07 23:21:09 | 00,015,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\more.com
[2009-04-07 23:21:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msadp32.acm
[2009-04-07 23:21:09 | 00,003,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msafd.dll
[2009-04-07 23:21:08 | 00,994,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msgina.dll
[2009-04-07 23:21:08 | 00,956,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdtctm.dll
[2009-04-07 23:21:08 | 00,844,314 | ---- | C] () -- L:\WINDOWS\System32\msdxm.ocx
[2009-04-07 23:21:08 | 00,426,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdtcprx.dll
[2009-04-07 23:21:08 | 00,294,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msh263.drv
[2009-04-07 23:21:08 | 00,294,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msctf.dll
[2009-04-07 23:21:08 | 00,294,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msctf.dll
[2009-04-07 23:21:08 | 00,188,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msh261.drv
[2009-04-07 23:21:08 | 00,161,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdtcuiu.dll
[2009-04-07 23:21:08 | 00,151,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdart.dll
[2009-04-07 23:21:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msconf.dll
[2009-04-07 23:21:08 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msctfp.dll
[2009-04-07 23:21:08 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdtclog.dll
[2009-04-07 23:21:08 | 00,056,832 | ---- | C] () -- L:\WINDOWS\System32\msdvbnp.ax
[2009-04-07 23:21:08 | 00,056,832 | ---- | C] () -- L:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009-04-07 23:21:08 | 00,036,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mscpxl32.dll
[2009-04-07 23:21:08 | 00,012,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdatsrc.tlb
[2009-04-07 23:21:08 | 00,012,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mscpx32r.dll
[2009-04-07 23:21:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msdtc.exe
[2009-04-07 23:21:07 | 02,854,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msi.dll
[2009-04-07 23:21:07 | 00,884,736 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msimsg.dll
[2009-04-07 23:21:07 | 00,290,816 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msnsspc.dll
[2009-04-07 23:21:07 | 00,271,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msihnd.dll
[2009-04-07 23:21:07 | 00,252,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msoeacct.dll
[2009-04-07 23:21:07 | 00,248,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msieftp.dll
[2009-04-07 23:21:07 | 00,159,232 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msimtf.dll
[2009-04-07 23:21:07 | 00,151,583 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msjint40.dll
[2009-04-07 23:21:07 | 00,151,583 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msjint40.dll
[2009-04-07 23:21:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msoert2.dll
[2009-04-07 23:21:07 | 00,078,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msiexec.exe
[2009-04-07 23:21:07 | 00,051,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msident.dll
[2009-04-07 23:21:07 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mslbui.dll
[2009-04-07 23:21:07 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msorc32r.dll
[2009-04-07 23:21:07 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msisip.dll
[2009-04-07 23:21:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msidle.dll
[2009-04-07 23:21:07 | 00,004,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msimg32.dll
[2009-04-07 23:21:06 | 00,343,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mspaint.exe
[2009-04-07 23:21:06 | 00,143,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msorcl32.dll
[2009-04-07 23:21:06 | 00,048,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msprivs.dll
[2009-04-07 23:21:06 | 00,030,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mspatcha.dll
[2009-04-07 23:21:05 | 00,274,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mstask.dll
[2009-04-07 23:21:05 | 00,115,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mstlsapi.dll
[2009-04-07 23:21:05 | 00,102,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msscript.ocx
[2009-04-07 23:21:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msscds32.ax
[2009-04-07 23:21:05 | 00,012,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mstinit.exe
[2009-04-07 23:21:05 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msrle32.dll
[2009-04-07 23:21:04 | 01,428,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvidctl.dll
[2009-04-07 23:21:04 | 01,386,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvbvm60.dll
[2009-04-07 23:21:04 | 00,701,440 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msxml2.dll
[2009-04-07 23:21:04 | 00,506,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msxml.dll
[2009-04-07 23:21:04 | 00,413,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvcp60.dll
[2009-04-07 23:21:04 | 00,343,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvcrt.dll
[2009-04-07 23:21:04 | 00,245,248 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mswsock.dll
[2009-04-07 23:21:04 | 00,245,248 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mswsock.dll
[2009-04-07 23:21:04 | 00,204,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mswebdvd.dll
[2009-04-07 23:21:04 | 00,195,072 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msutb.dll
[2009-04-07 23:21:04 | 00,120,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvfw32.dll
[2009-04-07 23:21:04 | 00,072,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msw3prt.dll
[2009-04-07 23:21:04 | 00,066,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mtxclu.dll
[2009-04-07 23:21:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvcrt40.dll
[2009-04-07 23:21:04 | 00,054,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msvcirt.dll
[2009-04-07 23:21:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msyuv.dll
[2009-04-07 23:21:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\msyuv.dll
[2009-04-07 23:21:03 | 00,622,080 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netcfgx.dll
[2009-04-07 23:21:03 | 00,332,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netapi32.dll
[2009-04-07 23:21:03 | 00,332,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\netapi32.dll
[2009-04-07 23:21:03 | 00,124,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\net1.exe
[2009-04-07 23:21:03 | 00,091,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mtxoci.dll
[2009-04-07 23:21:03 | 00,090,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mydocs.dll
[2009-04-07 23:21:03 | 00,056,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ndptsp.tsp
[2009-04-07 23:21:03 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\narrator.exe
[2009-04-07 23:21:03 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\narrator.exe
[2009-04-07 23:21:03 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\net.exe
[2009-04-07 23:21:03 | 00,036,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ncobjapi.dll
[2009-04-07 23:21:03 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mtxlegih.dll
[2009-04-07 23:21:03 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mtxlegih.dll
[2009-04-07 23:21:03 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mtxdm.dll
[2009-04-07 23:21:03 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mtxdm.dll
[2009-04-07 23:21:03 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nddenb32.dll
[2009-04-07 23:21:03 | 00,017,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nddeapi.dll
[2009-04-07 23:21:03 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nddeapir.exe
[2009-04-07 23:21:03 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mtxex.dll
[2009-04-07 23:21:03 | 00,004,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mtxex.dll
[2009-04-07 23:21:02 | 01,708,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netshell.dll
[2009-04-07 23:21:02 | 00,875,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netplwiz.dll
[2009-04-07 23:21:02 | 00,407,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netlogon.dll
[2009-04-07 23:21:02 | 00,329,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netsetup.exe
[2009-04-07 23:21:02 | 00,248,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\newdev.dll
[2009-04-07 23:21:02 | 00,245,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netui1.dll
[2009-04-07 23:21:02 | 00,197,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netman.dll
[2009-04-07 23:21:02 | 00,139,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netid.dll
[2009-04-07 23:21:02 | 00,111,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netdde.exe
[2009-04-07 23:21:02 | 00,103,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nlhtml.dll
[2009-04-07 23:21:02 | 00,086,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netsh.exe
[2009-04-07 23:21:02 | 00,080,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netui0.dll
[2009-04-07 23:21:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\notepad.exe
[2009-04-07 23:21:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\notepad.exe
[2009-04-07 23:21:02 | 00,054,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\npptools.dll
[2009-04-07 23:21:02 | 00,036,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netstat.exe
[2009-04-07 23:21:02 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nmmkcert.dll
[2009-04-07 23:21:02 | 00,012,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\netrap.dll
[2009-04-07 23:21:01 | 00,488,448 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntmsmgr.dll
[2009-04-07 23:21:01 | 00,435,200 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntmssvc.dll
[2009-04-07 23:21:01 | 00,285,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\objsel.dll
[2009-04-07 23:21:01 | 00,266,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\oakley.dll
[2009-04-07 23:21:01 | 00,257,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nusrmgr.cpl
[2009-04-07 23:21:01 | 00,249,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbc32.dll
[2009-04-07 23:21:01 | 00,179,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntmsdba.dll
[2009-04-07 23:21:01 | 00,143,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntshrui.dll
[2009-04-07 23:21:01 | 00,118,784 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntmarta.dll
[2009-04-07 23:21:01 | 00,067,072 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntdsapi.dll
[2009-04-07 23:21:01 | 00,060,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ocmanage.dll
[2009-04-07 23:21:01 | 00,060,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ocmanage.dll
[2009-04-07 23:21:01 | 00,043,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntlanman.dll
[2009-04-07 23:21:01 | 00,040,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntmsapi.dll
[2009-04-07 23:21:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcad32.exe
[2009-04-07 23:21:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbc32gt.dll
[2009-04-07 23:21:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntvdmd.dll
[2009-04-07 23:21:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ntvdmd.dll
[2009-04-07 23:21:00 | 01,285,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ole32.dll
[2009-04-07 23:21:00 | 00,278,559 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcjt32.dll
[2009-04-07 23:21:00 | 00,147,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbctrac.dll
[2009-04-07 23:21:00 | 00,135,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcconf.dll
[2009-04-07 23:21:00 | 00,120,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\offfilt.dll
[2009-04-07 23:21:00 | 00,106,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbccp32.dll
[2009-04-07 23:21:00 | 00,094,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcint.dll
[2009-04-07 23:21:00 | 00,074,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\olecli32.dll
[2009-04-07 23:21:00 | 00,074,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\olecli32.dll
[2009-04-07 23:21:00 | 00,069,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcconf.exe
[2009-04-07 23:21:00 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbccu32.dll
[2009-04-07 23:21:00 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbccr32.dll
[2009-04-07 23:21:00 | 00,053,279 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcji32.dll
[2009-04-07 23:21:00 | 00,032,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbccp32.cpl
[2009-04-07 23:21:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcbcp.dll
[2009-04-07 23:21:00 | 00,020,511 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odtext32.dll
[2009-04-07 23:21:00 | 00,020,511 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\oddbse32.dll
[2009-04-07 23:21:00 | 00,020,510 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odpdx32.dll
[2009-04-07 23:21:00 | 00,020,510 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odfox32.dll
[2009-04-07 23:21:00 | 00,020,510 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odexl32.dll
[2009-04-07 23:21:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\odbcp32r.dll
[2009-04-07 23:21:00 | 00,004,310 | ---- | C] () -- L:\WINDOWS\System32\odbcconf.rsp
[2009-04-07 23:20:59 | 00,713,728 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\opengl32.dll
[2009-04-07 23:20:59 | 00,482,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pintlgnt.ime
[2009-04-07 23:20:59 | 00,482,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009-04-07 23:20:59 | 00,283,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pdh.dll
[2009-04-07 23:20:59 | 00,215,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\osk.exe
[2009-04-07 23:20:59 | 00,215,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\osk.exe
[2009-04-07 23:20:59 | 00,176,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\photowiz.dll
[2009-04-07 23:20:59 | 00,122,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\oledlg.dll
[2009-04-07 23:20:59 | 00,122,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\oledlg.dll
[2009-04-07 23:20:59 | 00,107,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\oleprn.dll
[2009-04-07 23:20:59 | 00,083,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\olepro32.dll
[2009-04-07 23:20:59 | 00,079,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\phon.ime
[2009-04-07 23:20:59 | 00,079,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\phon.ime
[2009-04-07 23:20:59 | 00,067,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\osuninst.dll
[2009-04-07 23:20:59 | 00,062,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pautoenr.dll
[2009-04-07 23:20:59 | 00,058,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\packager.exe
[2009-04-07 23:20:59 | 00,035,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pid.dll
[2009-04-07 23:20:59 | 00,034,816 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\perfproc.dll
[2009-04-07 23:20:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\perfdisk.dll
[2009-04-07 23:20:59 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\perfos.dll
[2009-04-07 23:20:59 | 00,017,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ping.exe
[2009-04-07 23:20:59 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\perfnet.dll
[2009-04-07 23:20:59 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\perfnet.dll
[2009-04-07 23:20:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\perfmon.exe
[2009-04-07 23:20:58 | 00,363,520 | ---- | C] () -- L:\WINDOWS\System32\psisdecd.dll
[2009-04-07 23:20:58 | 00,363,520 | ---- | C] () -- L:\WINDOWS\System32\dllcache\psisdecd.dll
[2009-04-07 23:20:58 | 00,114,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\powercfg.cpl
[2009-04-07 23:20:58 | 00,109,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\progman.exe
[2009-04-07 23:20:58 | 00,105,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\polstore.dll
[2009-04-07 23:20:58 | 00,096,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\psbase.dll
[2009-04-07 23:20:58 | 00,050,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\proquota.exe
[2009-04-07 23:20:58 | 00,043,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pstorec.dll
[2009-04-07 23:20:58 | 00,034,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pstorsvc.dll
[2009-04-07 23:20:58 | 00,033,280 | ---- | C] () -- L:\WINDOWS\System32\psisrndr.ax
[2009-04-07 23:20:58 | 00,033,280 | ---- | C] () -- L:\WINDOWS\System32\dllcache\psisrndr.ax
[2009-04-07 23:20:58 | 00,027,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\profmap.dll
[2009-04-07 23:20:58 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\psapi.dll
[2009-04-07 23:20:58 | 00,017,408 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\powrprof.dll
[2009-04-07 23:20:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\pjlmon.dll
[2009-04-07 23:20:57 | 01,435,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\query.dll
[2009-04-07 23:20:57 | 01,435,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\query.dll
[2009-04-07 23:20:57 | 01,287,680 | ---- | C] () -- L:\WINDOWS\System32\dllcache\quartz.dll
[2009-04-07 23:20:57 | 00,206,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasppp.dll
[2009-04-07 23:20:57 | 00,181,248 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasmans.dll
[2009-04-07 23:20:57 | 00,181,248 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rasmans.dll
[2009-04-07 23:20:57 | 00,112,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rastls.dll
[2009-04-07 23:20:57 | 00,077,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\quick.ime
[2009-04-07 23:20:57 | 00,077,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\quick.ime
[2009-04-07 23:20:57 | 00,069,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\raschap.dll
[2009-04-07 23:20:57 | 00,056,832 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasphone.exe
[2009-04-07 23:20:57 | 00,043,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\racpldlg.dll
[2009-04-07 23:20:57 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\qprocess.exe
[2009-04-07 23:20:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\qmgrprxy.dll
[2009-04-07 23:20:57 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rassapi.dll
[2009-04-07 23:20:57 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasadhlp.dll
[2009-04-07 23:20:57 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rasadhlp.dll
[2009-04-07 23:20:56 | 00,433,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\riched20.dll
[2009-04-07 23:20:56 | 00,433,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\riched20.dll
[2009-04-07 23:20:56 | 00,397,824 | ---- | C] (Microsoft) -- L:\WINDOWS\System32\regwizc.dll
[2009-04-07 23:20:56 | 00,147,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdchost.dll
[2009-04-07 23:20:56 | 00,102,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rcbdyctl.dll
[2009-04-07 23:20:56 | 00,092,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdpdd.dll
[2009-04-07 23:20:56 | 00,087,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdpwsx.dll
[2009-04-07 23:20:56 | 00,076,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\remotesp.tsp
[2009-04-07 23:20:56 | 00,067,072 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdshost.exe
[2009-04-07 23:20:56 | 00,062,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdpclip.exe
[2009-04-07 23:20:56 | 00,060,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\remotepg.dll
[2009-04-07 23:20:56 | 00,059,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\regsvc.dll
[2009-04-07 23:20:56 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\resutils.dll
[2009-04-07 23:20:56 | 00,050,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\reg.exe
[2009-04-07 23:20:56 | 00,049,664 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\regapi.dll
[2009-04-07 23:20:56 | 00,035,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rcimlby.exe
[2009-04-07 23:20:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\romanime.ime
[2009-04-07 23:20:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\romanime.ime
[2009-04-07 23:20:56 | 00,021,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rcp.exe
[2009-04-07 23:20:56 | 00,019,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdpsnd.dll
[2009-04-07 23:20:56 | 00,013,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rexec.exe
[2009-04-07 23:20:56 | 00,013,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rdsaddin.exe
[2009-04-07 23:20:56 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\regsvr32.exe
[2009-04-07 23:20:55 | 00,582,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rpcrt4.dll
[2009-04-07 23:20:55 | 00,582,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009-04-07 23:20:55 | 00,397,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rpcss.dll
[2009-04-07 23:20:55 | 00,313,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scesrv.dll
[2009-04-07 23:20:55 | 00,190,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\schedsvc.dll
[2009-04-07 23:20:55 | 00,180,224 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scecli.dll
[2009-04-07 23:20:55 | 00,171,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sccsccp.dll
[2009-04-07 23:20:55 | 00,152,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rsaenh.dll
[2009-04-07 23:20:55 | 00,090,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rsvpsp.dll
[2009-04-07 23:20:55 | 00,090,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rsvpsp.dll
[2009-04-07 23:20:55 | 00,077,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rtcshare.exe
[2009-04-07 23:20:55 | 00,069,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scarddlg.dll
[2009-04-07 23:20:55 | 00,045,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\safrslv.dll
[2009-04-07 23:20:55 | 00,044,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rtutils.dll
[2009-04-07 23:20:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\safrcdlg.dll
[2009-04-07 23:20:55 | 00,033,280 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rundll32.exe
[2009-04-07 23:20:55 | 00,031,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rtipxmib.dll
[2009-04-07 23:20:55 | 00,029,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\safrdm.dll
[2009-04-07 23:20:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rsmps.dll
[2009-04-07 23:20:55 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rsh.exe
[2009-04-07 23:20:55 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\runonce.exe
[2009-04-07 23:20:54 | 00,159,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scrobj.dll
[2009-04-07 23:20:54 | 00,151,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scrrun.dll
[2009-04-07 23:20:54 | 00,077,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sdbinst.exe
[2009-04-07 23:20:54 | 00,056,320 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\servdeps.dll
[2009-04-07 23:20:54 | 00,055,808 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\secur32.dll
[2009-04-07 23:20:54 | 00,055,296 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sendmail.dll
[2009-04-07 23:20:54 | 00,038,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sens.dll
[2009-04-07 23:20:54 | 00,031,232 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sethc.exe
[2009-04-07 23:20:54 | 00,029,184 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sendcmsg.dll
[2009-04-07 23:20:54 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sclgntfy.dll
[2009-04-07 23:20:54 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\seclogon.dll
[2009-04-07 23:20:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scrnsave.scr
[2009-04-07 23:20:54 | 00,006,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sensapi.dll
[2009-04-07 23:20:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\security.dll
[2009-04-07 23:20:53 | 08,460,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shell32.dll
[2009-04-07 23:20:53 | 08,460,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\shell32.dll
[2009-04-07 23:20:53 | 01,580,544 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sfcfiles.dll
[2009-04-07 23:20:53 | 01,497,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shdocvw.dll
[2009-04-07 23:20:53 | 01,497,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\shdocvw.dll
[2009-04-07 23:20:53 | 00,549,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shdoclc.dll
[2009-04-07 23:20:53 | 00,438,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shimgvw.dll
[2009-04-07 23:20:53 | 00,140,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sfc_os.dll
[2009-04-07 23:20:53 | 00,068,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shgina.dll
[2009-04-07 23:20:53 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shimeng.dll
[2009-04-07 23:20:53 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shfolder.dll
[2009-04-07 23:20:53 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\setup.exe
[2009-04-07 23:20:53 | 00,005,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sfc.dll
[2009-04-07 23:20:52 | 00,538,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\spider.exe
[2009-04-07 23:20:52 | 00,474,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shlwapi.dll
[2009-04-07 23:20:52 | 00,474,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\shlwapi.dll
[2009-04-07 23:20:52 | 00,363,008 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\smlogcfg.dll
[2009-04-07 23:20:52 | 00,182,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\snmpsnap.dll
[2009-04-07 23:20:52 | 00,151,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shmedia.dll
[2009-04-07 23:20:52 | 00,134,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shsvcs.dll
[2009-04-07 23:20:52 | 00,134,656 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\shsvcs.dll
[2009-04-07 23:20:52 | 00,131,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sndrec32.exe
[2009-04-07 23:20:52 | 00,098,304 | ---- | C] (Schlumberger Technology Corporation) -- L:\WINDOWS\System32\slbiop.dll
[2009-04-07 23:20:52 | 00,089,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\smlogsvc.exe
[2009-04-07 23:20:52 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- L:\WINDOWS\System32\sl_anet.acm
[2009-04-07 23:20:52 | 00,077,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shrpubw.exe
[2009-04-07 23:20:52 | 00,074,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\spoolss.dll
[2009-04-07 23:20:52 | 00,070,144 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sigverif.exe
[2009-04-07 23:20:52 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shmgrate.exe
[2009-04-07 23:20:52 | 00,027,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shscrap.dll
[2009-04-07 23:20:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\skeys.exe
[2009-04-07 23:20:52 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\slayerxp.dll
[2009-04-07 23:20:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sort.exe
[2009-04-07 23:20:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\sort.exe
[2009-04-07 23:20:52 | 00,019,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\shutdown.exe
[2009-04-07 23:20:52 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\snmpapi.dll
[2009-04-07 23:20:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\simpdata.tlb
[2009-04-07 23:20:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sigtab.dll
[2009-04-07 23:20:51 | 00,704,512 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ss3dfo.scr
[2009-04-07 23:20:51 | 00,679,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sstext3d.scr
[2009-04-07 23:20:51 | 00,610,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sspipes.scr
[2009-04-07 23:20:51 | 00,442,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sqlsrv32.dll
[2009-04-07 23:20:51 | 00,393,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssflwbox.scr
[2009-04-07 23:20:51 | 00,239,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\srrstr.dll
[2009-04-07 23:20:51 | 00,180,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sqlunirl.dll
[2009-04-07 23:20:51 | 00,170,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\srsvc.dll
[2009-04-07 23:20:51 | 00,090,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sqlsrv32.rll
[2009-04-07 23:20:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssdpsrv.dll
[2009-04-07 23:20:51 | 00,067,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\srclient.dll
[2009-04-07 23:20:51 | 00,057,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\spoolsv.exe
[2009-04-07 23:20:51 | 00,054,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\stclient.dll
[2009-04-07 23:20:51 | 00,054,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\stclient.dll
[2009-04-07 23:20:51 | 00,047,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssmypics.scr
[2009-04-07 23:20:51 | 00,034,816 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssdpapi.dll
[2009-04-07 23:20:51 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssmarque.scr
[2009-04-07 23:20:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssbezier.scr
[2009-04-07 23:20:51 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssmyst.scr
[2009-04-07 23:20:51 | 00,017,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\stdole2.tlb
[2009-04-07 23:20:51 | 00,017,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\stdole2.tlb
[2009-04-07 23:20:51 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ssstars.scr
[2009-04-07 23:20:50 | 00,136,704 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sti_ci.dll
[2009-04-07 23:20:50 | 00,121,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\stobject.dll
[2009-04-07 23:20:50 | 00,074,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\storprop.dll
[2009-04-07 23:20:50 | 00,067,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sti.dll
[2009-04-07 23:20:50 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\stimon.exe
[2009-04-07 23:20:49 | 00,858,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tapi3.dll
[2009-04-07 23:20:49 | 00,713,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sxs.dll
[2009-04-07 23:20:49 | 00,713,216 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\sxs.dll
[2009-04-07 23:20:49 | 00,218,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sysmon.ocx
[2009-04-07 23:20:49 | 00,191,488 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\syncui.dll
[2009-04-07 23:20:49 | 00,181,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tapi32.dll
[2009-04-07 23:20:49 | 00,118,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\t2embed.dll
[2009-04-07 23:20:49 | 00,105,984 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sysocmgr.exe
[2009-04-07 23:20:49 | 00,057,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\synceng.dll
[2009-04-07 23:20:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\svchost.exe
[2009-04-07 23:20:48 | 00,571,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tintlgnt.ime
[2009-04-07 23:20:48 | 00,571,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009-04-07 23:20:48 | 00,385,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\themeui.dll
[2009-04-07 23:20:48 | 00,358,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\termmgr.dll
[2009-04-07 23:20:48 | 00,347,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tourstart.exe
[2009-04-07 23:20:48 | 00,295,424 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\termsrv.dll
[2009-04-07 23:20:48 | 00,249,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tapisrv.dll
[2009-04-07 23:20:48 | 00,135,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\taskmgr.exe
[2009-04-07 23:20:48 | 00,101,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\txflog.dll
[2009-04-07 23:20:48 | 00,094,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\timedate.cpl
[2009-04-07 23:20:48 | 00,093,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tscfgwmi.dll
[2009-04-07 23:20:48 | 00,090,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\trkwks.dll
[2009-04-07 23:20:48 | 00,075,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\telnet.exe
[2009-04-07 23:20:48 | 00,045,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tcpmon.dll
[2009-04-07 23:20:48 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\udhisapi.dll
[2009-04-07 23:20:48 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tcpmib.dll
[2009-04-07 23:20:48 | 00,012,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tracert.exe
[2009-04-07 23:20:48 | 00,012,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tsddd.dll
[2009-04-07 23:20:48 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tree.com
[2009-04-07 23:20:47 | 00,577,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\user32.dll
[2009-04-07 23:20:47 | 00,577,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\user32.dll
[2009-04-07 23:20:47 | 00,239,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\upnpui.dll
[2009-04-07 23:20:47 | 00,206,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\unimdm.tsp
[2009-04-07 23:20:47 | 00,185,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\upnphost.dll
[2009-04-07 23:20:47 | 00,185,344 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\upnphost.dll
[2009-04-07 23:20:47 | 00,132,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\upnp.dll
[2009-04-07 23:20:47 | 00,123,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\umpnpmgr.dll
[2009-04-07 23:20:47 | 00,076,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\uniime.dll
[2009-04-07 23:20:47 | 00,076,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\uniime.dll
[2009-04-07 23:20:47 | 00,074,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\usbui.dll
[2009-04-07 23:20:47 | 00,074,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\unimdmat.dll
[2009-04-07 23:20:47 | 00,065,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\unicdime.ime
[2009-04-07 23:20:47 | 00,065,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\unicdime.ime
[2009-04-07 23:20:47 | 00,035,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\umandlg.dll
[2009-04-07 23:20:47 | 00,035,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\umandlg.dll
[2009-04-07 23:20:47 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ups.exe
[2009-04-07 23:20:47 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\usbmon.dll
[2009-04-07 23:20:47 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\upnpcont.exe
[2009-04-07 23:20:47 | 00,013,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\uniplat.dll
[2009-04-07 23:20:46 | 00,723,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\userenv.dll
[2009-04-07 23:20:46 | 00,430,592 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vssapi.dll
[2009-04-07 23:20:46 | 00,413,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vbscript.dll
[2009-04-07 23:20:46 | 00,413,696 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\vbscript.dll
[2009-04-07 23:20:46 | 00,406,528 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\usp10.dll
[2009-04-07 23:20:46 | 00,289,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vssvc.exe
[2009-04-07 23:20:46 | 00,218,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\uxtheme.dll
[2009-04-07 23:20:46 | 00,208,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wavemsp.dll
[2009-04-07 23:20:46 | 00,208,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wavemsp.dll
[2009-04-07 23:20:46 | 00,174,592 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\w32time.dll
[2009-04-07 23:20:46 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vfwwdm32.dll
[2009-04-07 23:20:46 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009-04-07 23:20:46 | 00,051,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vdmredir.dll
[2009-04-07 23:20:46 | 00,050,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\utilman.exe
[2009-04-07 23:20:46 | 00,050,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\utilman.exe
[2009-04-07 23:20:46 | 00,049,152 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wdigest.dll
[2009-04-07 23:20:46 | 00,030,749 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vbajet32.dll
[2009-04-07 23:20:46 | 00,030,720 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vbisurf.ax
[2009-04-07 23:20:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\vdmdbg.dll
[2009-04-07 23:20:46 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wdmaud.drv
[2009-04-07 23:20:46 | 00,023,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wdmaud.drv
[2009-04-07 23:20:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\version.dll
[2009-04-07 23:20:46 | 00,017,664 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\watchdog.sys
[2009-04-07 23:20:46 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\verifier.dll
[2009-04-07 23:20:46 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\verifier.dll
[2009-04-07 23:20:45 | 00,764,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winntbbu.dll
[2009-04-07 23:20:45 | 00,589,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiashext.dll
[2009-04-07 23:20:45 | 00,502,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winlogon.exe
[2009-04-07 23:20:45 | 00,463,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiadefui.dll
[2009-04-07 23:20:45 | 00,433,664 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiaacmgr.exe
[2009-04-07 23:20:45 | 00,333,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiaservc.dll
[2009-04-07 23:20:45 | 00,333,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wiaservc.dll
[2009-04-07 23:20:45 | 00,176,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winmm.dll
[2009-04-07 23:20:45 | 00,156,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winpy.ime
[2009-04-07 23:20:45 | 00,156,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\winpy.ime
[2009-04-07 23:20:45 | 00,135,680 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\webvw.dll
[2009-04-07 23:20:45 | 00,124,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiadss.dll
[2009-04-07 23:20:45 | 00,111,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiavideo.dll
[2009-04-07 23:20:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winar30.ime
[2009-04-07 23:20:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\winar30.ime
[2009-04-07 23:20:45 | 00,075,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wiascr.dll
[2009-04-07 23:20:45 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wingb.ime
[2009-04-07 23:20:45 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wingb.ime
[2009-04-07 23:20:45 | 00,068,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\webclnt.dll
[2009-04-07 23:20:45 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winime.ime
[2009-04-07 23:20:45 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wextract.exe
[2009-04-07 23:20:45 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\winime.ime
[2009-04-07 23:20:45 | 00,032,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winipsec.dll
[2009-04-07 23:20:44 | 00,303,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wmstream.dll
[2009-04-07 23:20:44 | 00,292,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winsrv.dll
[2009-04-07 23:20:44 | 00,292,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\winsrv.dll
[2009-04-07 23:20:44 | 00,278,559 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wmv8ds32.ax
[2009-04-07 23:20:44 | 00,264,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wow32.dll
[2009-04-07 23:20:44 | 00,258,048 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wmvds32.ax
[2009-04-07 23:20:44 | 00,176,640 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wintrust.dll
[2009-04-07 23:20:44 | 00,172,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wldap32.dll
[2009-04-07 23:20:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winzm.ime
[2009-04-07 23:20:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winsp.ime
[2009-04-07 23:20:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\winzm.ime
[2009-04-07 23:20:44 | 00,156,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\winsp.ime
[2009-04-07 23:20:44 | 00,115,200 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wmsdmoe.dll
[2009-04-07 23:20:44 | 00,099,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winscard.dll
[2009-04-07 23:20:44 | 00,092,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wlnotify.dll
[2009-04-07 23:20:44 | 00,053,760 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winsta.dll
[2009-04-07 23:20:44 | 00,032,256 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wpnpinst.exe
[2009-04-07 23:20:44 | 00,032,256 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wpabaln.exe
[2009-04-07 23:20:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winrnr.dll
[2009-04-07 23:20:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wmi.dll
[2009-04-07 23:20:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winver.exe
[2009-04-07 23:20:43 | 00,378,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wzcdlg.dll
[2009-04-07 23:20:43 | 00,359,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wzcsvc.dll
[2009-04-07 23:20:43 | 00,337,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\zipfldr.dll
[2009-04-07 23:20:43 | 00,114,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wscript.exe
[2009-04-07 23:20:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wshom.ocx
[2009-04-07 23:20:43 | 00,091,648 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xactsrv.dll
[2009-04-07 23:20:43 | 00,082,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ws2_32.dll
[2009-04-07 23:20:43 | 00,065,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wshext.dll
[2009-04-07 23:20:43 | 00,051,712 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wzcsapi.dll
[2009-04-07 23:20:43 | 00,050,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wstdecod.dll
[2009-04-07 23:20:43 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wsnmp32.dll
[2009-04-07 23:20:43 | 00,030,720 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xcopy.exe
[2009-04-07 23:20:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wshcon.dll
[2009-04-07 23:20:43 | 00,022,528 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wsock32.dll
[2009-04-07 23:20:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wshtcpip.dll
[2009-04-07 23:20:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ws2help.dll
[2009-04-07 23:20:43 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wtsapi32.dll
[2009-04-07 23:20:43 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wship6.dll
[2009-04-07 23:20:43 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\xolehlp.dll
[2009-04-07 23:20:43 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wshrm.dll
[2009-04-07 23:20:42 | 00,616,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\advapi32.dll
[2009-04-07 23:20:42 | 00,588,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\autochk.exe
[2009-04-07 23:20:41 | 00,984,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\kernel32.dll
[2009-04-07 23:20:41 | 00,984,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kernel32.dll
[2009-04-07 23:20:41 | 00,721,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\lsasrv.dll
[2009-04-07 23:20:41 | 00,721,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-07 23:20:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\comctl32.dll
[2009-04-07 23:20:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comctl32.dll
[2009-04-07 23:20:41 | 00,602,624 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\autoconv.exe
[2009-04-07 23:20:41 | 00,388,608 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cmd.exe
[2009-04-07 23:20:41 | 00,341,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\localspl.dll
[2009-04-07 23:20:41 | 00,276,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\comdlg32.dll
[2009-04-07 23:20:41 | 00,249,270 | ---- | C] () -- L:\WINDOWS\System32\locale.nls
[2009-04-07 23:20:41 | 00,144,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\imagehlp.dll
[2009-04-07 23:20:41 | 00,135,168 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\desk.cpl
[2009-04-07 23:20:41 | 00,111,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dhcpcsvc.dll
[2009-04-07 23:20:41 | 00,111,616 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dhcpcsvc.dll
[2009-04-07 23:20:41 | 00,075,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\locator.exe
[2009-04-07 23:20:41 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ftp.exe
[2009-04-07 23:20:41 | 00,032,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\csrsrv.dll
[2009-04-07 23:20:41 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\format.com
[2009-04-07 23:20:41 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\cacls.exe
[2009-04-07 23:20:41 | 00,018,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\cacls.exe
[2009-04-07 23:20:41 | 00,013,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\lmhsvc.dll
[2009-04-07 23:20:41 | 00,001,323 | ---- | C] () -- L:\WINDOWS\System32\sqlsodbc.chm
[2009-04-07 23:20:41 | 00,001,024 | ---- | C] () -- L:\WINDOWS\lhoa.dxs
[2009-04-07 23:20:40 | 00,708,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntdll.dll
[2009-04-07 23:20:40 | 00,657,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasdlg.dll
[2009-04-07 23:20:40 | 00,560,640 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\printui.dll
[2009-04-07 23:20:40 | 00,550,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\oleaut32.dll
[2009-04-07 23:20:40 | 00,550,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\oleaut32.dll
[2009-04-07 23:20:40 | 00,419,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntvdm.exe
[2009-04-07 23:20:40 | 00,236,544 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasapi32.dll
[2009-04-07 23:20:40 | 00,142,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nwprovau.dll
[2009-04-07 23:20:40 | 00,142,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\nwprovau.dll
[2009-04-07 23:20:40 | 00,129,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msv1_0.dll
[2009-04-07 23:20:40 | 00,091,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntprint.dll
[2009-04-07 23:20:40 | 00,089,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasauto.dll
[2009-04-07 23:20:40 | 00,076,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\nslookup.exe
[2009-04-07 23:20:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\perfctrs.dll
[2009-04-07 23:20:40 | 00,037,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\olecnv32.dll
[2009-04-07 23:20:40 | 00,037,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\olecnv32.dll
[2009-04-07 23:20:40 | 00,033,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\msgsvc.dll
[2009-04-07 23:20:40 | 00,014,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\mgmtapi.dll
[2009-04-07 23:20:40 | 00,008,192 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntlsapi.dll
[2009-04-07 23:20:39 | 00,984,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\syssetup.dll
[2009-04-07 23:20:39 | 00,983,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\setupapi.dll
[2009-04-07 23:20:39 | 00,415,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\samsrv.dll
[2009-04-07 23:20:39 | 00,316,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\untfs.dll
[2009-04-07 23:20:39 | 00,298,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sysdm.cpl
[2009-04-07 23:20:39 | 00,275,456 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ulib.dll
[2009-04-07 23:20:39 | 00,144,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\schannel.dll
[2009-04-07 23:20:39 | 00,144,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\schannel.dll
[2009-04-07 23:20:39 | 00,140,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\sessmgr.exe
[2009-04-07 23:20:39 | 00,108,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\services.exe
[2009-04-07 23:20:39 | 00,096,768 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\srvsvc.dll
[2009-04-07 23:20:39 | 00,095,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\scardsvr.exe
[2009-04-07 23:20:39 | 00,064,000 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\samlib.dll
[2009-04-07 23:20:39 | 00,061,440 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rasman.dll
[2009-04-07 23:20:39 | 00,058,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rastapi.dll
[2009-04-07 23:20:39 | 00,050,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\smss.exe
[2009-04-07 23:20:39 | 00,045,568 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\tcpmonui.dll
[2009-04-07 23:20:39 | 00,039,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\rshx32.dll
[2009-04-07 23:20:39 | 00,022,040 | ---- | C] () -- L:\WINDOWS\System32\sorttbls.nls
[2009-04-07 23:20:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\savedump.exe
[2009-04-07 23:20:38 | 01,846,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\win32k.sys
[2009-04-07 23:20:38 | 01,846,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\win32k.sys
[2009-04-07 23:20:38 | 00,187,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\acpi.sys
[2009-04-07 23:20:38 | 00,146,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\winspool.drv
[2009-04-07 23:20:38 | 00,146,432 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System\winspool.drv
[2009-04-07 23:20:38 | 00,142,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\aec.sys
[2009-04-07 23:20:38 | 00,142,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\aec.sys
[2009-04-07 23:20:38 | 00,138,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\afd.sys
[2009-04-07 23:20:38 | 00,138,368 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\afd.sys
[2009-04-07 23:20:38 | 00,132,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\wkssvc.dll
[2009-04-07 23:20:38 | 00,132,096 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wkssvc.dll
[2009-04-07 23:20:38 | 00,101,888 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\win32spl.dll
[2009-04-07 23:20:38 | 00,095,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\atapi.sys
[2009-04-07 23:20:38 | 00,071,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bridge.sys
[2009-04-07 23:20:38 | 00,063,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\cdfs.sys
[2009-04-07 23:20:38 | 00,060,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\arp1394.sys
[2009-04-07 23:20:38 | 00,059,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\atmarpc.sys
[2009-04-07 23:20:38 | 00,055,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\atmlane.sys
[2009-04-07 23:20:38 | 00,049,664 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\classpnp.sys
[2009-04-07 23:20:38 | 00,049,536 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\cdrom.sys
[2009-04-07 23:20:38 | 00,036,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\amdk6.sys
[2009-04-07 23:20:38 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\userinit.exe
[2009-04-07 23:20:38 | 00,017,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ccdecode.sys
[2009-04-07 23:20:38 | 00,017,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ccdecode.sys
[2009-04-07 23:20:38 | 00,014,336 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\asyncmac.sys
[2009-04-07 23:20:38 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\bdasup.sys
[2009-04-07 23:20:38 | 00,011,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\bdasup.sys
[2009-04-07 23:20:37 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- L:\WINDOWS\System32\drivers\dmboot.sys
[2009-04-07 23:20:37 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- L:\WINDOWS\System32\drivers\dmio.sys
[2009-04-07 23:20:37 | 00,143,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\fastfat.sys
[2009-04-07 23:20:37 | 00,071,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\dxg.sys
[2009-04-07 23:20:37 | 00,060,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\drmk.sys
[2009-04-07 23:20:37 | 00,060,288 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\drmk.sys
[2009-04-07 23:20:37 | 00,052,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\dmusic.sys
[2009-04-07 23:20:37 | 00,052,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\dmusic.sys
[2009-04-07 23:20:37 | 00,052,736 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\i8042prt.sys
[2009-04-07 23:20:37 | 00,041,856 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\imapi.sys
[2009-04-07 23:20:37 | 00,036,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\crusoe.sys
[2009-04-07 23:20:37 | 00,036,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\disk.sys
[2009-04-07 23:20:37 | 00,036,224 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\hidclass.sys
[2009-04-07 23:20:37 | 00,034,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\fips.sys
[2009-04-07 23:20:37 | 00,034,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\fips.sys
[2009-04-07 23:20:37 | 00,027,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\fdc.sys
[2009-04-07 23:20:37 | 00,024,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\hidparse.sys
[2009-04-07 23:20:37 | 00,020,480 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\flpydisk.sys
[2009-04-07 23:20:37 | 00,014,208 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\diskdump.sys
[2009-04-07 23:20:37 | 00,002,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\drmkaud.sys
[2009-04-07 23:20:37 | 00,002,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\drmkaud.sys
[2009-04-07 23:20:36 | 00,453,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mrxsmb.sys
[2009-04-07 23:20:36 | 00,453,632 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009-04-07 23:20:36 | 00,179,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mrxdav.sys
[2009-04-07 23:20:36 | 00,179,584 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mrxdav.sys
[2009-04-07 23:20:36 | 00,172,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\kmixer.sys
[2009-04-07 23:20:36 | 00,172,416 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\kmixer.sys
[2009-04-07 23:20:36 | 00,140,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ks.sys
[2009-04-07 23:20:36 | 00,140,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ks.sys
[2009-04-07 23:20:36 | 00,134,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ipnat.sys
[2009-04-07 23:20:36 | 00,092,032 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ksecdd.sys
[2009-04-07 23:20:36 | 00,074,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ipsec.sys
[2009-04-07 23:20:36 | 00,063,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mf.sys
[2009-04-07 23:20:36 | 00,042,240 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mountmgr.sys
[2009-04-07 23:20:36 | 00,035,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\isapnp.sys
[2009-04-07 23:20:36 | 00,035,072 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\msgpc.sys
[2009-04-07 23:20:36 | 00,030,080 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\modem.sys
[2009-04-07 23:20:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\kbdclass.sys
[2009-04-07 23:20:36 | 00,023,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mouclass.sys
[2009-04-07 23:20:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ipinip.sys
[2009-04-07 23:20:36 | 00,019,072 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\msfs.sys
[2009-04-07 23:20:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mpe.sys
[2009-04-07 23:20:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mpe.sys
[2009-04-07 23:20:36 | 00,011,264 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\irenum.sys
[2009-04-07 23:20:36 | 00,007,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mskssrv.sys
[2009-04-07 23:20:36 | 00,007,552 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mskssrv.sys
[2009-04-07 23:20:35 | 00,574,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ntfs.sys
[2009-04-07 23:20:35 | 00,574,464 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ntfs.sys
[2009-04-07 23:20:35 | 00,182,912 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ndis.sys
[2009-04-07 23:20:35 | 00,162,816 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\netbt.sys
[2009-04-07 23:20:35 | 00,107,904 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mup.sys
[2009-04-07 23:20:35 | 00,091,776 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ndiswan.sys
[2009-04-07 23:20:35 | 00,088,448 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\nwlnkipx.sys
[2009-04-07 23:20:35 | 00,085,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\nabtsfec.sys
[2009-04-07 23:20:35 | 00,085,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009-04-07 23:20:35 | 00,080,128 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\parport.sys
[2009-04-07 23:20:35 | 00,061,824 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\nic1394.sys
[2009-04-07 23:20:35 | 00,042,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\p3.sys
[2009-04-07 23:20:35 | 00,040,320 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\nmnt.sys
[2009-04-07 23:20:35 | 00,038,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ndproxy.sys
[2009-04-07 23:20:35 | 00,038,016 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ndproxy.sys
[2009-04-07 23:20:35 | 00,034,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\netbios.sys
[2009-04-07 23:20:35 | 00,030,848 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\npfs.sys
[2009-04-07 23:20:35 | 00,018,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\partmgr.sys
[2009-04-07 23:20:35 | 00,018,688 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\partmgr.sys
[2009-04-07 23:20:35 | 00,012,928 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ndisuio.sys
[2009-04-07 23:20:35 | 00,010,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ndisip.sys
[2009-04-07 23:20:35 | 00,010,880 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ndisip.sys
[2009-04-07 23:20:35 | 00,009,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\ndistapi.sys
[2009-04-07 23:20:35 | 00,009,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\ndistapi.sys
[2009-04-07 23:20:35 | 00,005,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mstee.sys
[2009-04-07 23:20:35 | 00,005,504 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mstee.sys
[2009-04-07 23:20:35 | 00,005,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mspclock.sys
[2009-04-07 23:20:35 | 00,005,376 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mspclock.sys
[2009-04-07 23:20:35 | 00,004,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\mspqm.sys
[2009-04-07 23:20:35 | 00,004,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\mspqm.sys
[2009-04-07 23:20:34 | 00,145,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\portcls.sys
[2009-04-07 23:20:34 | 00,145,792 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\portcls.sys
[2009-04-07 23:20:34 | 00,119,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\pcmcia.sys
[2009-04-07 23:20:34 | 00,069,120 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\psched.sys
[2009-04-07 23:20:34 | 00,068,224 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\pci.sys
[2009-04-07 23:20:34 | 00,051,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rasl2tp.sys
[2009-04-07 23:20:34 | 00,035,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\processr.sys
[2009-04-07 23:20:34 | 00,025,088 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\pciidex.sys
[2009-04-07 23:20:33 | 00,333,184 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\srv.sys
[2009-04-07 23:20:33 | 00,333,184 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\srv.sys
[2009-04-07 23:20:33 | 00,202,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rmcast.sys
[2009-04-07 23:20:33 | 00,202,752 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rmcast.sys
[2009-04-07 23:20:33 | 00,196,864 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rdpdr.sys
[2009-04-07 23:20:33 | 00,174,592 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rdbss.sys
[2009-04-07 23:20:33 | 00,174,592 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\rdbss.sys
[2009-04-07 23:20:33 | 00,139,528 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rdpwd.sys
[2009-04-07 23:20:33 | 00,096,256 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\scsiport.sys
[2009-04-07 23:20:33 | 00,073,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sr.sys
[2009-04-07 23:20:33 | 00,064,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\serial.sys
[2009-04-07 23:20:33 | 00,057,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\redbook.sys
[2009-04-07 23:20:33 | 00,048,384 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\raspptp.sys
[2009-04-07 23:20:33 | 00,041,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\raspppoe.sys
[2009-04-07 23:20:33 | 00,030,080 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\rndismp.sys
[2009-04-07 23:20:33 | 00,025,472 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sonydcam.sys
[2009-04-07 23:20:33 | 00,015,488 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\serenum.sys
[2009-04-07 23:20:33 | 00,011,392 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sfloppy.sys
[2009-04-07 23:20:33 | 00,011,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\slip.sys
[2009-04-07 23:20:33 | 00,011,136 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\slip.sys
[2009-04-07 23:20:33 | 00,006,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\splitter.sys
[2009-04-07 23:20:33 | 00,006,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\splitter.sys
[2009-04-07 23:20:32 | 00,364,160 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\update.sys
[2009-04-07 23:20:32 | 00,364,160 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\update.sys
[2009-04-07 23:20:32 | 00,360,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tcpip.sys
[2009-04-07 23:20:32 | 00,360,960 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\tcpip.sys
[2009-04-07 23:20:32 | 00,225,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tcpip6.sys
[2009-04-07 23:20:32 | 00,225,920 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\tcpip6.sys
[2009-04-07 23:20:32 | 00,066,176 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\udfs.sys
[2009-04-07 23:20:32 | 00,060,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\sysaudio.sys
[2009-04-07 23:20:32 | 00,060,800 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\sysaudio.sys
[2009-04-07 23:20:32 | 00,057,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbhub.sys
[2009-04-07 23:20:32 | 00,054,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\swmidi.sys
[2009-04-07 23:20:32 | 00,054,272 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\swmidi.sys
[2009-04-07 23:20:32 | 00,048,640 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\stream.sys
[2009-04-07 23:20:32 | 00,048,640 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\stream.sys
[2009-04-07 23:20:32 | 00,040,840 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\termdd.sys
[2009-04-07 23:20:32 | 00,023,936 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbcamd2.sys
[2009-04-07 23:20:32 | 00,023,808 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbcamd.sys
[2009-04-07 23:20:32 | 00,021,896 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tdtcp.sys
[2009-04-07 23:20:32 | 00,018,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tdi.sys
[2009-04-07 23:20:32 | 00,016,000 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbintel.sys
[2009-04-07 23:20:32 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\streamip.sys
[2009-04-07 23:20:32 | 00,015,360 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\streamip.sys
[2009-04-07 23:20:32 | 00,014,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tape.sys
[2009-04-07 23:20:32 | 00,012,672 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usb8023.sys
[2009-04-07 23:20:32 | 00,012,040 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\tdpipe.sys
[2009-04-07 23:20:32 | 00,004,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\swenum.sys
[2009-04-07 23:20:31 | 02,136,064 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntoskrnl.exe
[2009-04-07 23:20:31 | 02,015,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\ntkrnlpa.exe
[2009-04-07 23:20:31 | 00,142,976 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbport.sys
[2009-04-07 23:20:31 | 00,134,400 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\hal.dll
[2009-04-07 23:20:31 | 00,082,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\wdmaud.sys
[2009-04-07 23:20:31 | 00,082,944 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wdmaud.sys
[2009-04-07 23:20:31 | 00,079,744 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\videoprt.sys
[2009-04-07 23:20:31 | 00,052,352 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\volsnap.sys
[2009-04-07 23:20:31 | 00,034,560 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\wanarp.sys
[2009-04-07 23:20:31 | 00,026,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbstor.sys
[2009-04-07 23:20:31 | 00,026,496 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\usbstor.sys
[2009-04-07 23:20:31 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbser.sys
[2009-04-07 23:20:31 | 00,025,600 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\usbser.sys
[2009-04-07 23:20:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\vga.sys
[2009-04-07 23:20:31 | 00,019,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\wstcodec.sys
[2009-04-07 23:20:31 | 00,019,328 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\wstcodec.sys
[2009-04-07 23:20:31 | 00,017,024 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbohci.sys
[2009-04-07 23:20:31 | 00,015,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\drivers\usbscan.sys
[2009-04-07 23:20:31 | 00,015,104 | ---- | C] (Microsoft Corporation) -- L:\WINDOWS\System32\dllcache\usbscan.sys
[2009-04-07 22:34:15 | 00,000,000 | ---D | C] -- L:\Program Files\Trend Micro
[2009-04-07 22:12:42 | 00,000,000 | ---D | C] -- L:\Avenger
[2009-04-07 22:05:57 | 00,731,136 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\avenger.exe
[2009-03-31 22:42:36 | 00,000,000 | ---D | C] -- L:\Documents and Settings\All Users\Application Data\ATI
[2009-03-31 22:38:45 | 00,593,920 | ---- | C] () -- L:\WINDOWS\System32\ati2sgag.exe
[2009-03-31 21:07:09 | 40,113,160 | ---- | C] (Webroot Software, Inc. ) -- L:\Documents and Settings\Main\Desktop\SpySweeperRegSetup_EN.exe
[2009-03-24 23:11:16 | 00,200,704 | ---- | C] (Roxio) -- L:\WINDOWS\System32\drivers\udfreadr.sys
[2009-03-24 23:11:16 | 00,090,112 | ---- | C] (Roxio) -- L:\WINDOWS\System32\udfrunin.exe
[2009-03-24 23:11:05 | 00,000,769 | ---- | C] () -- L:\Documents and Settings\Main\Desktop\DVR-Viewer.LNK
[2009-03-24 23:11:02 | 00,000,000 | ---D | C] -- L:\Program Files\DVR
[2009-03-24 23:10:59 | 00,065,536 | ---- | C] () -- L:\WINDOWS\IFinst27.exe
[2009-03-15 22:38:35 | 00,000,000 | ---D | C] -- L:\Documents and Settings\Main\Desktop\project
[2009-01-11 00:47:52 | 00,000,010 | ---- | C] () -- L:\WINDOWS\WININIT.INI
[2008-11-14 03:00:08 | 00,012,694 | ---- | C] () -- L:\WINDOWS\upobofu.dll
[2008-11-11 00:48:26 | 00,015,408 | ---- | C] () -- L:\WINDOWS\sygagepyb.dll
[2008-11-11 00:48:26 | 00,011,261 | ---- | C] () -- L:\WINDOWS\sedyja.dll
[2008-11-11 00:48:26 | 00,011,117 | ---- | C] () -- L:\WINDOWS\agikasyr.sys
[2008-11-11 00:48:26 | 00,010,062 | ---- | C] () -- L:\WINDOWS\gugyja.sys
[2008-10-18 01:05:42 | 00,019,410 | ---- | C] () -- L:\WINDOWS\aveju.dll
[2008-10-18 01:05:42 | 00,017,482 | ---- | C] () -- L:\WINDOWS\ohuluwi.dll
[2008-10-18 01:05:42 | 00,015,662 | ---- | C] () -- L:\WINDOWS\xoxafuqofy.dll
[2008-10-18 01:05:42 | 00,015,624 | ---- | C] () -- L:\WINDOWS\jujo.sys
[2008-10-18 01:05:42 | 00,014,379 | ---- | C] () -- L:\WINDOWS\cohagyzyzo.sys
[2008-09-19 16:57:34 | 03,596,288 | ---- | C] () -- L:\WINDOWS\System32\qt-dx331.dll
[2008-09-19 16:55:10 | 00,000,416 | ---- | C] () -- L:\WINDOWS\System32\dtu100.dll.manifest
[2008-09-19 16:55:10 | 00,000,416 | ---- | C] () -- L:\WINDOWS\System32\dpl100.dll.manifest
[2008-09-19 16:54:18 | 00,012,288 | ---- | C] () -- L:\WINDOWS\System32\DivXWMPExtType.dll
[2008-08-10 20:16:02 | 00,027,648 | ---- | C] () -- L:\WINDOWS\System32\AVSredirect.dll
[2008-03-23 10:52:15 | 00,000,121 | ---- | C] () -- L:\WINDOWS\bdagent.INI
[2008-02-11 10:39:26 | 00,253,952 | ---- | C] () -- L:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008-02-11 10:39:18 | 00,237,568 | ---- | C] () -- L:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008-02-08 14:53:46 | 00,110,592 | ---- | C] () -- L:\WINDOWS\System32\OnlineScannerLang.dll
[2008-01-09 16:01:48 | 00,000,453 | ---- | C] () -- L:\WINDOWS\bdoscandellang.ini
[2007-12-03 00:25:40 | 00,000,000 | ---- | C] () -- L:\WINDOWS\MSDraw.ini
[2007-11-23 01:27:07 | 00,598,016 | ---- | C] () -- L:\WINDOWS\System32\viscomqtde.dll
[2007-11-23 01:27:07 | 00,262,144 | ---- | C] () -- L:\WINDOWS\System32\lame_enc.dll
[2007-08-06 13:07:30 | 00,008,784 | ---- | C] () -- L:\WINDOWS\System32\ractrlkeyhook.dll
[2007-07-27 15:49:02 | 00,225,355 | ---- | C] () -- L:\WINDOWS\System32\lnod32apiW.dll
[2007-07-27 15:49:02 | 00,196,683 | ---- | C] () -- L:\WINDOWS\System32\lnod32apiA.dll
[2007-06-30 01:48:29 | 00,000,116 | ---- | C] () -- L:\WINDOWS\NeroDigital.ini
[2007-05-20 22:47:06 | 00,271,360 | ---- | C] () -- L:\WINDOWS\System32\drivers\atksgt.sys
[2007-05-20 22:47:06 | 00,018,048 | ---- | C] () -- L:\WINDOWS\System32\drivers\lirsgt.sys
[2007-04-29 17:22:40 | 00,684,032 | ---- | C] () -- L:\WINDOWS\System32\libeay32.dll
[2007-04-29 17:22:40 | 00,155,648 | ---- | C] () -- L:\WINDOWS\System32\ssleay32.dll
[2007-01-23 22:55:32 | 00,000,376 | ---- | C] () -- L:\WINDOWS\ODBC.INI
[2006-11-01 10:20:55 | 00,000,029 | ---- | C] () -- L:\WINDOWS\atid.ini
[2006-11-01 02:29:54 | 00,032,768 | ---- | C] () -- L:\WINDOWS\SIS_LIB.DLL
[2006-11-01 02:23:31 | 00,000,044 | ---- | C] () -- L:\WINDOWS\System32\msssc.dll
[2006-11-01 02:22:40 | 00,002,286 | ---- | C] () -- L:\WINDOWS\Ascd_tmp.ini
[2006-11-01 02:22:39 | 00,005,824 | ---- | C] () -- L:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005-12-05 20:25:22 | 00,139,264 | ---- | C] () -- L:\WINDOWS\System32\lnod32umc.dll
[2005-12-05 13:37:10 | 00,106,496 | ---- | C] () -- L:\WINDOWS\System32\lnod32upd.dll
[2003-12-26 05:58:36 | 00,135,168 | ---- | C] () -- L:\WINDOWS\System32\Property.dll
[2001-08-18 07:00:00 | 00,000,686 | ---- | C] () -- L:\WINDOWS\win.ini
[2001-08-18 07:00:00 | 00,000,227 | ---- | C] () -- L:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[3 L:\WINDOWS\System32\*.tmp files]
[4 L:\WINDOWS\*.tmp files]
[2009-04-13 14:20:47 | 00,501,248 | ---- | M] (OldTimer Tools) -- L:\Documents and Settings\Main\Desktop\OTListIt2.exe
[2009-04-13 14:11:58 | 00,214,188 | ---- | M] () -- L:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2009-04-13 14:11:58 | 00,214,188 | ---- | M] () -- L:\WINDOWS\System32\drivers\APPFCONT.DAT
[2009-04-13 14:11:35 | 00,013,002 | ---- | M] () -- L:\WINDOWS\System32\wpa.dbl
[2009-04-13 14:11:20 | 00,000,056 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2009-04-13 14:11:20 | 00,000,056 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2009-04-13 14:11:19 | 00,001,132 | ---- | M] () -- L:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2009-04-13 14:11:19 | 00,001,132 | ---- | M] () -- L:\WINDOWS\System32\drivers\APPFLTR.CFG
[2009-04-13 14:11:19 | 00,000,252 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2009-04-13 14:11:19 | 00,000,252 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2009-04-13 14:11:19 | 00,000,068 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2009-04-13 14:11:19 | 00,000,068 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2009-04-13 14:11:19 | 00,000,068 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2009-04-13 14:11:19 | 00,000,056 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2009-04-13 14:11:19 | 00,000,056 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2009-04-13 14:11:16 | 00,013,880 | ---- | M] () -- L:\WINDOWS\System32\drivers\COMFiltr.sys
[2009-04-13 14:11:14 | 00,000,088 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2009-04-13 14:11:14 | 00,000,060 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2009-04-13 14:11:14 | 00,000,060 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2009-04-13 14:10:46 | 00,000,006 | -H-- | M] () -- L:\WINDOWS\tasks\SA.DAT
[2009-04-13 14:10:44 | 00,002,048 | --S- | M] () -- L:\WINDOWS\bootstat.dat
[2009-04-13 14:10:37 | 00,295,656 | ---- | M] () -- L:\WINDOWS\System32\OODBS.lor
[2009-04-13 14:03:17 | 00,060,416 | ---- | M] () -- L:\WINDOWS\System32\drivers\Combo-Fix.sys
[2009-04-13 14:03:15 | 00,053,248 | ---- | M] (Sysinternals) -- L:\WINDOWS\PSEXESVC.EXE
[2009-04-13 14:00:39 | 00,000,088 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2009-04-12 13:58:29 | 00,388,608 | ---- | M] (Microsoft Corporation) -- L:\WINDOWS\System32\CF26466.exe
[2009-04-12 13:57:18 | 00,440,104 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\RootRepeal.zip
[2009-04-12 13:53:39 | 00,278,161 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\gmer.zip
[2009-04-12 13:52:24 | 03,080,882 | R--- | M] () -- L:\Documents and Settings\Main\Desktop\ComboFix.exe
[2009-04-12 12:54:26 | 00,526,710 | ---- | M] () -- L:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-12 12:54:26 | 00,444,528 | ---- | M] () -- L:\WINDOWS\System32\perfh009.dat
[2009-04-12 12:54:26 | 00,072,152 | ---- | M] () -- L:\WINDOWS\System32\perfc009.dat
[2009-04-12 12:51:04 | 00,000,686 | ---- | M] () -- L:\WINDOWS\win.ini
[2009-04-12 12:50:51 | 00,000,068 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2009-04-12 12:50:49 | 00,331,900 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2009-04-12 12:50:49 | 00,331,900 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2009-04-12 12:47:32 | 00,000,261 | ---- | M] () -- L:\WINDOWS\System32\PavCPL.dat
[2009-04-12 12:42:15 | 00,000,738 | ---- | M] () -- L:\WINDOWS\System32\drivers\etc\HOSTS
[2009-04-12 12:38:32 | 86,240,656 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\IS09promo.exe
[2009-04-12 12:17:26 | 00,175,504 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\activescan2_en.exe
[2009-04-11 03:23:33 | 00,000,116 | ---- | M] () -- L:\WINDOWS\NeroDigital.ini
[2009-04-10 23:30:54 | 00,150,016 | ---- | M] () -- L:\Documents and Settings\Main\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-08 18:28:50 | 00,023,392 | ---- | M] () -- L:\WINDOWS\System32\nscompat.tlb
[2009-04-08 18:28:50 | 00,016,832 | ---- | M] () -- L:\WINDOWS\System32\amcompat.tlb
[2009-04-08 18:23:15 | 00,003,151 | ---- | M] () -- L:\WINDOWS\System32\spupdsvc.inf
[2009-04-08 00:38:05 | 00,044,032 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\Finance....xls
[2009-04-07 21:37:28 | 00,000,227 | ---- | M] () -- L:\WINDOWS\system.ini
[2009-03-31 22:32:07 | 00,000,010 | ---- | M] () -- L:\WINDOWS\WININIT.INI
[2009-03-31 21:11:07 | 40,113,160 | ---- | M] (Webroot Software, Inc. ) -- L:\Documents and Settings\Main\Desktop\SpySweeperRegSetup_EN.exe
[2009-03-31 20:50:33 | 00,002,577 | ---- | M] () -- L:\WINDOWS\System32\CONFIG.NT
[2009-03-27 16:36:48 | 00,286,208 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\gmer.exe
[2009-03-24 23:11:17 | 00,200,704 | ---- | M] (Roxio) -- L:\WINDOWS\System32\drivers\udfreadr.sys
[2009-03-24 23:11:05 | 00,000,769 | ---- | M] () -- L:\Documents and Settings\Main\Desktop\DVR-Viewer.LNK
[2009-03-24 23:10:59 | 00,065,536 | ---- | M] () -- L:\WINDOWS\IFinst27.exe
[2009-03-16 00:38:29 | 01,576,312 | -H-- | M] () -- L:\Documents and Settings\Main\Local Settings\Application Data\IconCache.db

========== LOP Check ==========

[2009-04-12 12:47:16 | 00,000,000 | RH-D | M] -- L:\Documents and Settings\All Users\Application Data
[2008-12-24 15:37:11 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008-11-27 15:54:50 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\acccore
[2007-12-20 10:10:51 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Adobe
[2007-06-28 20:09:45 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Ahead
[2008-03-02 19:06:12 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\AOL
[2008-11-27 11:44:52 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\AOL Downloads
[2006-12-16 15:29:57 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\AOL OCP
[2008-03-29 15:13:21 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Apple
[2006-12-26 22:34:58 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Apple Computer
[2009-03-31 22:42:36 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\ATI
[2007-07-08 14:23:55 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Avanquest Software
[2009-04-12 12:47:16 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Backup
[2007-07-08 14:28:41 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\BVRP Software
[2007-12-29 11:54:02 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Intuit
[2008-11-17 21:30:09 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\McAfee
[2007-01-23 22:49:55 | 00,000,000 | --SD | M] -- L:\Documents and Settings\All Users\Application Data\Microsoft
[2009-04-12 12:46:44 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Panda Security
[2008-10-14 22:30:36 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008-03-20 21:52:28 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Trymedia
[2007-11-12 10:16:11 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Viewpoint
[2006-10-31 22:40:46 | 00,000,000 | ---D | M] -- L:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009-04-13 14:02:03 | 00,000,000 | RH-D | M] -- L:\Documents and Settings\Main\Application Data
[2006-11-01 10:23:38 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\acccore
[2008-01-31 20:59:20 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Adobe
[2007-12-25 22:41:13 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\AdobeUM
[2007-07-06 18:59:57 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Ahead
[2008-07-31 22:31:01 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Apple Computer
[2007-11-30 00:28:27 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\ATI
[2007-12-12 22:27:43 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Bullzip
[2006-11-13 17:31:18 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\DivX
[2008-01-14 21:06:50 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Help
[2008-11-10 21:50:16 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\HouseCall 6.6
[2006-10-31 22:25:38 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Identities
[2008-08-10 20:00:02 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\ImTOO Software Studio
[2007-07-08 14:24:06 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\InstallShield
[2006-11-01 20:45:16 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\JAMS
[2006-11-01 11:03:33 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Macromedia
[2007-12-03 00:25:39 | 00,000,000 | --SD | M] -- L:\Documents and Settings\Main\Application Data\Microsoft
[2008-07-17 19:38:35 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Mozilla
[2009-04-12 12:46:44 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Panda Security
[2007-08-17 22:49:38 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Real
[2006-11-14 13:04:20 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Sun
[2008-10-14 22:30:26 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\SUPERAntiSpyware.com
[2007-11-24 13:52:34 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Systweak
[2007-01-23 22:46:09 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Template
[2009-02-14 13:29:37 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\uTorrent
[2006-11-01 11:58:42 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Ventrilo
[2007-02-12 18:58:20 | 00,000,000 | ---D | M] -- L:\Documents and Settings\Main\Application Data\Viewpoint
[2001-08-18 07:00:00 | 00,000,065 | RH-- | M] () -- L:\WINDOWS\Tasks\desktop.ini
[2009-04-13 14:10:46 | 00,000,006 | -H-- | M] () -- L:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >
  • 0

#4
Valis33

Valis33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Extras.Txt



OTListIt Extras logfile created on: 2009-04-13 14:22:40 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = L:\Documents and Settings\Main\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1023.23 Mb Total Physical Memory | 425.43 Mb Available Physical Memory | 41.58% Memory free
2.90 Gb Paging File | 2.42 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): L:\pagefile.sys 2046 4092;

%SystemDrive% = L: | %SystemRoot% = L:\WINDOWS | %ProgramFiles% = L:\Program Files
C: Drive not present or media not loaded
Drive D: | 13.97 Gb Total Space | 1.75 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 43.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 34.18 Gb Total Space | 3.90 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Drive M: | 63.47 Gb Total Space | 37.37 Gb Free Space | 58.89% Space Free | Partition Type: FAT32
Drive S: | 78.28 Gb Total Space | 73.98 Gb Free Space | 94.51% Space Free | Partition Type: NTFS

Computer Name: ADAM
Current User Name: Main
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- L:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"52548:TCP" = 52548:TCP:*:Enabled:eMule
"8573:UDP" = 8573:UDP:*:Enabled:eMule UDP
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
L:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
L:\Program Files\Common Files\AOL\1162394596\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
L:\Program Files\Common Files\AOL\1162394596\ee\aim6.exe:*:Enabled:AIM File not found
L:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk Messenger 8.5 (AVM Software Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
I:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader File not found
C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC File not found
D:\Asheron's Call\aclauncher.exe:*:Enabled:AC Launcher File not found
D:\Asheron's Call\acclient.exe:*:Enabled:acclient File not found
D:\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\Asheron's Call\2\aclauncher.exe:*:Enabled:AC Launcher File not found
D:\Asheron's Call\2\acclient.exe:*:Enabled:acclient File not found
D:\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
D:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader File not found
H:\hl2\SteamApps\valis33\counter-strike source\hl2.exe:*:Enabled:hl2 File not found
L:\Documents and Settings\Main\Desktop\utorrent.exe:*:Enabled:µTorrent File not found
I:\utorrent.exe:*:Enabled:µTorrent File not found
H:\hl2\Steam.exe:*:Enabled:Steam File not found
L:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
D:\Act of War\ACTOFWAR.EXE:*:Disabled:ACTOFWAR File not found
L:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
D:\hl2\SteamApps\richardmcbride\team fortress 2\hl2.exe:*:Enabled:hl2 ()
L:\Program Files\eMule\emule.exe:*:Enabled:eMule (http://www.emule-project.net)
L:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
L:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
D:\hl2\SteamApps\richardmcbride\counter-strike source\hl2.exe:*:Enabled:hl2 ()
L:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour (Apple Inc.)
L:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
L:\Documents and Settings\Main\Desktop\Terran_Demo_ESRB_XVid.avi-downloader.exe:*:Enabled:Blizzard Downloader File not found
L:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{522274C2-C8C5-11D5-8F1C-004F4902DE08}" = Asheron's Call Dual Client Utility
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}_is1" = Advanced System Optimizer 2.01
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{642BF531-FDFD-4035-A068-E277924D57D4}" = LifeTank XI
"{65B7ECC2-DA56-4557-B1FA-475488FE7112}" = Panda Internet Security 2009
"{68192F10-CBA6-4CE0-B2E7-09359BFA8350}" = Quack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77FB26DF-10D9-45FF-BA74-6278DB55130F}" = Delete FXP Files
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2009
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF455208-C302-4FB3-B21D-F7CBB03DDE5A}" = Asheron's Call: Throne of Destiny
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AIM Gadgets 2.8" = AIM Gadgets 2.8
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Another World" = Another World 1.1c
"ATI Display Driver" = ATI Display Driver
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 3.0.0.352
"Config" = VADIS Config
"DivX2Mp4" = DivX2Mp4 1.6
"DVR-Viewer" = DVR-Viewer
"Easy Video Joiner_is1" = Easy Video Joiner 5.01
"Easy Video Splitter_is1" = Easy Video Splitter 1.26
"eMule" = eMule
"EsetOnlineScanner" = ESET Online Scanner
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.2)
"Free Fast Mpeg Cut_is1" = Free Fast Mpeg Cut version 2.4
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"IsoBuster_is1" = IsoBuster 2.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = Paltalk Messenger
"PokerStars" = PokerStars
"Radio365 1.2" = Radio365 1.2
"RealPlayer 6.0" = RealPlayer
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Video Fixer 3.21_is1" = Video Fixer 3.21
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-02-17 10:02:58 | Computer Name = ADAM | Source = ESENT | ID = 439
Description = wuauclt (2916) Unable to write a shadowed header for file L:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1808.

Error - 2009-03-14 00:50:16 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0da2209d.

Error - 2009-03-20 01:15:05 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Hanging application Joiner.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009-03-25 00:29:20 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3334, faulting module
npRACtrl.dll, version 1.0.0.395, fault address 0x000eed08.

Error - 2009-04-07 23:59:24 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-04-08 19:29:39 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 2009-04-10 23:43:07 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 2009-04-11 05:18:38 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 2009-04-11 14:28:58 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 2009-04-11 14:33:06 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

[ System Events ]
Error - 2009-04-12 13:41:54 | Computer Name = ADAM | Source = Service Control Manager | ID = 7034
Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 2009-04-12 13:41:56 | Computer Name = ADAM | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2009-04-12 13:42:01 | Computer Name = ADAM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSFS0BBC\0000 disappeared from the system without
first being prepared for removal.

Error - 2009-04-12 13:42:01 | Computer Name = ADAM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSHRMD\0000 disappeared from the system without
first being prepared for removal.

Error - 2009-04-12 13:42:01 | Computer Name = ADAM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSIDRV\0000 disappeared from the system without
first being prepared for removal.

Error - 2009-04-12 13:50:18 | Computer Name = ADAM | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2009-04-12 13:50:50 | Computer Name = ADAM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 2009-04-13 15:11:09 | Computer Name = ADAM | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2009-04-13 15:11:09 | Computer Name = ADAM | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2009-04-13 15:11:20 | Computer Name = ADAM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >
  • 0

#5
Valis33

Valis33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Gmer pt1



GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-13 15:36:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \??\L:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xAFEF6A30]
SSDT \??\L:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateThread [0xAFEF5E50]

---- Kernel code sections - GMER 1.0.15 ----

? L:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !
? L:\WINDOWS\system32\PavSRK.sys The system cannot find the file specified. !
? system32\drivers\av5flt.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\Viewpoint\Common\ViewpointService.exe[192] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [65, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [86, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [68, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [89, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [6B, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [71, 5F] {JNO 0x61}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [74, 5F] {JZ 0x61}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [77, 5F] {JA 0x61}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [8C, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [7A, 5F] {JP 0x61}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [8F, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [80, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [83, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F520F5A
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F5B0F5A
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F550F5A
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FD60F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5FB50F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FC70F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5FB20F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FC10F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FCA0F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5FAF0F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [BF, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5FB80F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [D1, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FD30F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FD90F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5FAC0F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FCD0F5A
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [BC, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FC40F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F310F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F430F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F340F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F400F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F490F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F460F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F4C0F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F4F0F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F250F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F280F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F2B0F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F2E0F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F370F5A
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [3B, 5F]
.text L:\WINDOWS\system32\oodag.exe[828] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F3D0F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text L:\WINDOWS\system32\oodag.exe[828] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text L:\WINDOWS\system32\oodag.exe[828] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5FA90F5A
.text L:\WINDOWS\system32\oodag.exe[828] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5FA60F5A
.text L:\WINDOWS\system32\oodag.exe[828] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5FA30F5A
.text L:\WINDOWS\system32\oodag.exe[828] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5FA00F5A
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [65, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [86, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [68, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [89, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [6B, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [71, 5F] {JNO 0x61}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [74, 5F] {JZ 0x61}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [77, 5F] {JA 0x61}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [8C, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [7A, 5F] {JP 0x61}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [8F, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [80, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [83, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F520F5A
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F5B0F5A
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F550F5A
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F310F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F430F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F340F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F400F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F490F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F460F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F4C0F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F4F0F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F250F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F280F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F2B0F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F2E0F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F370F5A
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [3B, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F3D0F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FD00F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5FAF0F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FC10F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5FAC0F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FBB0F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FC40F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5FA90F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [B9, 5F]
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5FB20F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [CB, 5F] {RETF ; POP EDI}
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FCD0F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FD30F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5FA60F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FC70F5A
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text L:\WINDOWS\Explorer.EXE[1780] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FBE0F5A
.text L:\WINDOWS\Explorer.EXE[1780] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5FA30F5A
.text L:\WINDOWS\Explorer.EXE[1780] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5FA00F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text L:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [65, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [86, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [68, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [89, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [6B, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [8C, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [8F, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [80, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [83, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F520F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F5B0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F550F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5F100F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5F040F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!send 71AB428A 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5F160F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5F070F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5F220F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5F190F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5F130F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F310F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F430F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F340F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F400F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F490F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F460F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F4C0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F4F0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F250F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F280F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F370F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [3B, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F3D0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FD60F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5FB50F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FC70F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5FB20F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FC10F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FCA0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5FAF0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [BF, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5FB80F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [D1, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FD30F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FD90F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FCD0F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [BC, 5F]
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FC40F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5FA90F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5FA60F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5FA30F5A
.text L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1836] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5FA00F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1848] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\iPod\bin\iPodService.exe[2224] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\iPod\bin\iPodService.exe[2224] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\AIM6\aolsoftware.exe[2348] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5FC70F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5FC10F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5FBB0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!send 71AB428A 6 Bytes JMP 5FC40F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5FCD0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5FBE0F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5FD30F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5FD90F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5FD00F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5FD60F5A
.text L:\Program Files\AIM6\aolsoftware.exe[2348] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5FCA0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2388] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5FC70F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5FC10F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5FBB0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!send 71AB428A 6 Bytes JMP 5FC40F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5FCD0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5FBE0F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5FD30F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5FD90F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5FD00F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5FD60F5A
.text L:\Program Files\iTunes\iTunesHelper.exe[2508] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5FCA0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!DispatchMessageW
  • 0

#6
Valis33

Valis33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Gmer pt2



.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5FC70F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5FC10F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5FBB0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!send 71AB428A 6 Bytes JMP 5FC40F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5FCD0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5FBE0F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5FD30F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5FD90F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5FD00F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5FD60F5A
.text L:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2808] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5FCA0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\AIM6\aim6.exe[3108] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\AIM6\aim6.exe[3108] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\AIM6\aim6.exe[3108] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5FC70F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5FC10F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5FBB0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!send 71AB428A 6 Bytes JMP 5FC40F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5FCD0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5FBE0F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5FD30F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5FD90F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5FD00F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5FD60F5A
.text L:\Program Files\AIM6\aim6.exe[3108] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5FCA0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\Program Files\Common Files\Real\Update_OB\realsched.exe[3436] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\Program Files\Messenger\msmsgs.exe[3452] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FAF0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F8E0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA00F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F8B0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F9A0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA30F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F880F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F910F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [AA, 5F] {STOSB ; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FAC0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB20F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F850F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FA60F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text L:\Program Files\Messenger\msmsgs.exe[3452] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F9D0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5FC10F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5FBB0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5FB50F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!send 71AB428A 6 Bytes JMP 5FBE0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5FC70F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5FB80F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5FCD0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5FD30F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5FCA0F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5FD00F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5FC40F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\Program Files\Messenger\msmsgs.exe[3452] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text D:\hl2\Steam.exe[3468] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text D:\hl2\Steam.exe[3468] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text D:\hl2\Steam.exe[3468] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text D:\hl2\Steam.exe[3468] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text D:\hl2\Steam.exe[3468] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text D:\hl2\Steam.exe[3468] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP 5FC70F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!recvfrom 71AB2D0F 6 Bytes JMP 5FC10F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!connect 71AB406A 6 Bytes JMP 5FBB0F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!send 71AB428A 6 Bytes JMP 5FC40F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 5FCD0F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!recv 71AB615A 6 Bytes JMP 5FBE0F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 5FD30F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!closesocket 71AB9639 6 Bytes JMP 5FD90F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!WSARecvFrom 71ABF652 6 Bytes JMP 5FD00F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!WSASendTo 71AC0A95 6 Bytes JMP 5FD60F5A
.text D:\hl2\Steam.exe[3468] WS2_32.dll!WSAConnect 71AC0C69 6 Bytes JMP 5FCA0F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text D:\hl2\Steam.exe[3468] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text D:\hl2\Steam.exe[3468] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text D:\hl2\Steam.exe[3468] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text D:\hl2\Steam.exe[3468] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text D:\hl2\Steam.exe[3468] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text D:\hl2\Steam.exe[3468] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text D:\hl2\Steam.exe[3468] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text D:\hl2\Steam.exe[3468] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text D:\hl2\Steam.exe[3468] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text D:\hl2\Steam.exe[3468] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [65, 5F]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDeleteFile 7C90D88F 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDeleteFile + 4 7C90D893 2 Bytes [68, 5F]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDuplicateObject 7C90D90D 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtDuplicateObject + 4 7C90D911 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtEnumerateKey + 4 7C90D950 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [7D, 5F] {JGE 0x61}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6B, 5F]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtQueryMultipleValueKey 7C90E0AE 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtQueryMultipleValueKey + 4 7C90E0B2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtQueryValueKey 7C90E1FE 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtQueryValueKey + 4 7C90E202 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtReadFile 7C90E27C 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtReadFile + 4 7C90E280 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtSetContextThread 7C90E4F2 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtSetContextThread + 4 7C90E4F6 2 Bytes [7A, 5F] {JP 0x61}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [71, 5F] {JNO 0x61}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtUnloadKey 7C90E90C 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtUnloadKey + 4 7C90E910 2 Bytes [62, 5F]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [74, 5F] {JZ 0x61}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [77, 5F] {JA 0x61}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [3E, 5F]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!CloseServiceHandle 77DE5E4D 6 Bytes JMP 5F100F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!OpenServiceW 77DE6165 6 Bytes JMP 5F220F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!ControlService 77DEB635 6 Bytes JMP 5F130F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!OpenServiceA 77DEB88C 6 Bytes JMP 5F1F0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!StartServiceW 77DEBBAC 6 Bytes JMP 5F280F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!StartServiceA 77DF3238 6 Bytes JMP 5F250F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!LsaAddAccountRights 77E1A9A1 6 Bytes JMP 5F2B0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F2E0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 6 Bytes JMP 5F040F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 6 Bytes JMP 5F070F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 6 Bytes JMP 5F0A0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 6 Bytes JMP 5F0D0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F160F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!CreateServiceW 77E37209 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!CreateServiceW + 4 77E3720D 2 Bytes [1A, 5F]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ADVAPI32.dll!DeleteService 77E37311 6 Bytes JMP 5F1C0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB50F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5FA60F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5FA00F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!PostMessageA 7E41CB85 6 Bytes JMP 5FA90F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!BeginDeferWindowPos 7E41D907 6 Bytes JMP 5F8E0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F970F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!CreateAcceleratorTableW 7E42D3C1 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!CreateAcceleratorTableW + 4 7E42D3C5 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5FB20F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!SetClipboardData 7E430F5E 6 Bytes JMP 5FB80F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F8B0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5FAC0F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!AttachThreadInput 7E431E12 3 Bytes [FF, 25, 1E]
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!AttachThreadInput + 4 7E431E16 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5FA30F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F880F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ole32.dll!CoGetClassObject 77515DB2 6 Bytes JMP 5F850F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ole32.dll!CLSIDFromProgID 775242CC 6 Bytes JMP 5F820F5A
.text L:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe[3744] ole32.dll!CLSIDFromProgIDEx 775561FE 6 Bytes JMP 5F7F0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aolsoftware.exe[2348] @ L:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT L:\Program Files\AIM6\aim6.exe[3108] @ L:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] L:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys

Device \FileSystem\Fastfat \FatCdrom ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\SiSRaid \Device\Scsi\SiSRaid1Port2Path0Target0Lun0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \FileSystem\Fastfat \Fat ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Fastfat \Fat pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \FileSystem\Fastfat \Fat av5flt.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\TDSSpaxt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\drivers\TDSSpaxt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSoeqh.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSScfub.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSsbhc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\[email protected] \systemroot\system32\TDSStkdv.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 02F31D8CFEA82E46BD2CD2EC90AF46AEA84142763243274DD2C2860D1DF5BF4FC65BAD4743C909550669880610655BEC1156
09D4B89D566383CD321E21CBD65DBE3D94B4CE7BFB47239FDCA3E85BC08CDBA57253CA8D9E28B69F2880A93AC70013BF79FDC
37BEA12582ED64B26948AF003E206F6FAF9650C3FDD92D4EFAC69D30EA0478226DCBB9F8983C2BA3568D16F26D39178C02214
F192445EF194E5156721302E545D86DB4CBF27FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74
CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A6A0AC4980AC79335858
4A382513DF43C65D72A581F573C3AFF75AA3CD0240D5C7AB8FC32D3211514A7BEFADD75AFEBEB5AEE2845FCFE5E21B6017A00
6E8F423FE6CD61BA14A4438419D6C1F987D00A5A5348E19E264A694D6B8E8AC23F24D6E90A2AEFCCBBA014E43CD37C55846AC
40DBBAB5430ECB15588A277BE9DA2161092671C7F23290BA5A9ACA2B2F0DEFEFEBE440FD34E98BB6BE21895AD064E96FD8AD3
2B8595E5107BAD58D89BEB3A959970FF6ED74012334EB4C6DF72D7DB6D9595871FA61DCF3215D46BC7328C7989D496EC6F25D
6302DB1A7F18A89EE5E5A6191AEFEE10BFE169C381B7F0F5CDD415175A485E9EA40E1C18F27F2798E3497E38AD2155BC1EFA6
007640FEE864DE
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

---- EOF - GMER 1.0.15 ----
  • 0

#7
Valis33

Valis33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
TIA for your help
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi please delete your version of Combofix and do the following:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#9
Valis33

Valis33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ran ComboFix; the first time it found some items and removed them, but I've gotten stuck twice on the "[Now rebooting Windows]" screen. I let it sit there for 40 minutes and no movement (clock was moving forward so system wasn't completely frozen).


Most of the major symptoms are gone, but twice Panda has blocked a "[program from accessing the internet]".


Is there anything else I can try, or another strategy perhaps?



Thanks!
Valis
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
DId it run on reboot?
See if there is a log here C:\Combofix.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP