After running all the tests, the computer seems to be working better now. Has been since I ran the first one. MBAM? One thing I also want to note is that Google Chrome won't work on my computer. I've tried all of their listed fixes and I'm wondering if it's because of a virus/malware that it's recognizing that IE and Firefox aren't picking up. Anyways, here's the report.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4294
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
7/8/2010 11:37:22 PM
mbam-log-2010-07-08 (23-37-22).txt
Scan type: Quick scan
Objects scanned: 147513
Time elapsed: 15 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And here's the Rootkit log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-09 07:19:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\kxldykog.sys
---- System - GMER 1.0.15 ----
SSDT 88BF5109 ZwCreateThread
---- User code sections - GMER 1.0.15 ----
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 73000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 6D000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 70000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 6A000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 76000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 46000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 5B000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 5E000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 4C000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 49000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 3A000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 43000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 61000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 55000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 3D000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 52000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 4F000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 58000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 40000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 28000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 2E000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 37000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!send 71AB4C27 8 Bytes JMP 34000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 64000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 2B000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!recv 71AB676F 8 Bytes JMP 67000025
.text C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe[180] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 31000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 45000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3F000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 42000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 3C000025
.text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 48000025
.text C:\WINDOWS\system32\ctfmon.exe[200] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F9000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP FF000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 08000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!send 71AB4C27 8 Bytes JMP 05000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 36000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP FC000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!recv 71AB676F 8 Bytes JMP 39000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 02000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 17000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 2C000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 2F000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 1D000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 1A000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 0B000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 14000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 32000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 26000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 0E000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 23000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 20000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 29000025
.text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 11000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 3F000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 39000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 3C000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 36000025
.text C:\WINDOWS\system32\wscntfy.exe[204] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 42000025
.text C:\WINDOWS\system32\wscntfy.exe[204] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F2000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP F8000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 03000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!send 71AB4C27 8 Bytes JMP FF000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 30000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F5000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!recv 71AB676F 8 Bytes JMP 33000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP FB000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 12000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 27000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 2A000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 18000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 15000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 06000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 0F000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 2D000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 21000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 09000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 1E000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 1B000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 24000025
.text C:\WINDOWS\system32\wscntfy.exe[204] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 0C000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP CE000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C8000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP CB000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP C5000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP D1000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 83000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 89000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 92000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!send 71AB4C27 8 Bytes JMP 8F000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP BF000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 86000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!recv 71AB676F 8 Bytes JMP C2000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 8C000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP A1000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP B6000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP B9000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP A7000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP A4000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 95000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 9E000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP BC000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP B0000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 98000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP AD000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP AA000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP B3000025
.text C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe[320] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 9B000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 7F000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 79000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 7C000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 76000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 82000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 34000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 3A000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 43000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!send 71AB4C27 8 Bytes JMP 40000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 70000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 37000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!recv 71AB676F 8 Bytes JMP 73000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 3D000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 52000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 67000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 6A000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 58000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 55000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 46000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 4F000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 6D000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 61000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 49000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 5E000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 5B000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 64000025
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[508] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 4C000025
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP B0000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP AA000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP AD000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP A7000025
.text C:\WINDOWS\Explorer.EXE[564] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP B3000025
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 83000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 98000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 9B000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 89000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 86000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 0C75FFD0
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 80000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 9E000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 92000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 7A000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 8F000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 8C000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 95000025
.text C:\WINDOWS\Explorer.EXE[564] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP F1FFEEEE
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 65000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 6B000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 74000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!send 71AB4C27 8 Bytes JMP 71000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP A1000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!gethostbyname 71AB5355 8 Bytes [55, 90, FF, 25, 00, 00, 68, ...] {PUSH EBP; NOP ; JMP [0x1680000]}
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!recv 71AB676F 8 Bytes JMP A4000025
.text C:\WINDOWS\Explorer.EXE[564] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 6E000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP B8000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B2000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP B5000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP AF000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP BB000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 3C000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 42000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 7C000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!send 71AB4C27 8 Bytes JMP 79000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP A9000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 3F000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!recv 71AB676F 8 Bytes JMP AC000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 76000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 8B000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A0000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP A3000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 91000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 8E000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 7F000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 88000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP A6000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 9A000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 82000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 97000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 94000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 9D000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 85000025
.text C:\PROGRA~1\Webshots\315~1.761\webshots.scr[664] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 9A000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 94000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 97000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 91000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 9D000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 4F000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 55000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 5E000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!send 71AB4C27 8 Bytes JMP 5B000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 8B000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 52000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!recv 71AB676F 8 Bytes JMP 8E000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 58000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 6D000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 82000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 85000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 73000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 70000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 61000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 6A000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 88000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 7C000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 64000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 79000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 76000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 7F000025
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[744] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 67000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP BE000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B8000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BB000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B5000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C1000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 73000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 79000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 82000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!send 71AB4C27 8 Bytes JMP 7F000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP AF000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 76000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!recv 71AB676F 8 Bytes JMP B2000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 7C000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 91000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A6000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP A9000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 97000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 94000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 85000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 8E000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP AC000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A0000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 88000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 9D000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9A000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A3000025
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[908] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 8B000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C4000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP BE000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP C1000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP BB000025
.text C:\WINDOWS\system32\hkcmd.exe[940] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C7000025
.text C:\WINDOWS\system32\hkcmd.exe[940] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 37000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 3D000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 87000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!send 71AB4C27 8 Bytes JMP 84000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B5000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 3A000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!recv 71AB676F 8 Bytes JMP B8000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 81000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 96000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP AB000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP AE000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 9C000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 99000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 8A000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 93000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP B1000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A5000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 8D000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP A2000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9F000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A8000025
.text C:\WINDOWS\system32\hkcmd.exe[940] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 90000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP CB000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C5000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP C8000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP C2000025
.text C:\WINDOWS\system32\igfxpers.exe[948] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP CE000025
.text C:\WINDOWS\system32\igfxpers.exe[948] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 67006E00
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 44000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 8E000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!send 71AB4C27 8 Bytes JMP 8B000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP BC000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 41000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!recv 71AB676F 8 Bytes JMP BF000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 88000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 9D000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP B2000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP B5000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP A3000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP A0000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 91000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 9A000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP B8000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP AC000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 94000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP A9000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP A6000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP AF000025
.text C:\WINDOWS\system32\igfxpers.exe[948] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 97000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C6000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C0000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP C3000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP BD000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C9000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F5000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 81000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 8A000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!send 71AB4C27 8 Bytes JMP 87000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B7000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F8000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!recv 71AB676F 8 Bytes JMP BA000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 84000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 99000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP AE000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP B1000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 9F000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 9C000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 8D000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 96000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP B4000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A8000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 90000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP A5000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP A2000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP AB000025
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[956] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 93000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP D8000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP D2000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP D5000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP CF000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP DB000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 8D000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 93000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 9C000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!send 71AB4C27 8 Bytes JMP 99000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP C9000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 90000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!recv 71AB676F 8 Bytes JMP CC000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 96000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP AB000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP C0000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP C3000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP B1000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP AE000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 9F000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP A8000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP C6000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP BA000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP A2000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP B7000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP B4000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP BD000025
.text C:\Program Files\HP\QuickPlay\QPService.exe[960] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP A5000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 45000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 42000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 3C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 48000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP B9000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP BF000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 09000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!send 71AB4C27 8 Bytes JMP 06000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 36000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP BC000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!recv 71AB676F 8 Bytes JMP 39000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 03000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 18000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 2D000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 30000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 1E000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 1B000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 0C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 15000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 33000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 27000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 0F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 24000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 21000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 2A000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[964] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 12000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP AE000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP A8000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP AB000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP A5000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP B1000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 63000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 69000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 72000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!send 71AB4C27 8 Bytes JMP 6F000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 9F000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 66000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!recv 71AB676F 8 Bytes JMP A2000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 6C000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 81000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 96000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 99000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 87000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 84000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 75000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 7E000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 9C000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 90000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 78000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 8D000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 8A000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 93000025
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[996] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 7B000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP DB000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP D5000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP D8000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP D2000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP DE000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 90000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 96000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 9F000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!send 71AB4C27 8 Bytes JMP 9C000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP CC000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 93000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!recv 71AB676F 8 Bytes JMP CF000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 99000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP AE000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP C3000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP C6000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP B4000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP B1000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP A2000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP AB000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP C9000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP BD000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP A5000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP BA000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP B7000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP C0000025
.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1060] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP A8000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP E4000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP DE000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP E1000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP DB000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP E7000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 99000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 9F000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP A8000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!send 71AB4C27 8 Bytes JMP A5000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP D5000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 9C000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!recv 71AB676F 8 Bytes JMP D8000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP A2000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP B7000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP CC000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP CF000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP BD000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP BA000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP AB000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP B4000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP D2000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP C6000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP AE000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP C3000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP C0000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP C9000025
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1116] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP B1000025
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1160] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 7E000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 78000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 7B000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 75000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 81000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 33000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 39000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 42000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!send 71AB4C27 8 Bytes JMP 3F000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 6F000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 36000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!recv 71AB676F 8 Bytes JMP 72000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 3C000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetCloseHandle 3D944261 6 Bytes JMP 51000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetCloseHandle + 7 3D944268 1 Byte [01]
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 66000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 69000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 57000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 54000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 45000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 4E000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 6C000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 60000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 48000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 5D000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 5A000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 63000025
.text C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe[1328] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 4B000025
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1388] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP BF000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B9000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BC000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B6000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C2000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 74000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 7A000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 83000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!send 71AB4C27 8 Bytes JMP 80000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B0000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 0C75FFD0
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!recv 71AB676F 8 Bytes JMP B3000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP F1FFEEEE
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 92000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A7000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP AA000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 98000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 95000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 86000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 8F000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP AD000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A1000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 89000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 9E000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9B000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A4000025
.text C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe[1508] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 8C000025
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 63000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 5D000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 60000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 5A000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 66000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 18000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 1E000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 27000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!send 71AB4C27 8 Bytes JMP 24000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 54000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 1B000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!recv 71AB676F 8 Bytes JMP 57000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 21000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 36000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 4B000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 4E000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 3C000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 39000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 2A000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 33000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 51000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 45000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 2D000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 42000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 3F000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 48000025
.text C:\Program Files\QuickTime\QTTask.exe[1616] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 30000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 0E000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 23000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 26000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 14000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 11000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestA 3D953558 8 Bytes [55, 90, FF, 25, 00, 00, 02, ...] {PUSH EBP; NOP ; JMP [0xa020000]}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 0B000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 29000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 1D000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes [55, 90, FF, 25, 00, 00, 05, ...] {PUSH EBP; NOP ; JMP [0xa050000]}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 1A000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 17000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 20000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes [55, 90, FF, 25, 00, 00, 08, ...] {PUSH EBP; NOP ; JMP [0xa080000]}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 3B000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 35000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 38000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 32000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 67006E00 C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F0000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP F6000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP FF000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!send 71AB4C27 8 Bytes JMP FC000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 2C000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP F3000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!recv 71AB676F 8 Bytes JMP 2F000025
.text C:\Program Files\iTunes\iTunesHelper.exe[1624] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP F9000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 4D000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 47000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 4A000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 44000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 50000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 02000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 08000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 11000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!send 71AB4C27 8 Bytes JMP 0E000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 67006E00
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 05000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!recv 71AB676F 8 Bytes JMP 41000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 0B000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 20000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 35000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 38000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 26000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 23000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 14000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 1D000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 3B000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 2F000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 17000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 2C000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 29000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 32000025
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1652] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 1A000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C0000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP BA000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP BD000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B7000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP C3000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 75000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 7B000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 84000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!send 71AB4C27 8 Bytes JMP 81000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP B1000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 78000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!recv 71AB676F 8 Bytes JMP B4000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 7E000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 93000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A8000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP AB000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 99000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 96000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 87000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 90000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP AE000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP A2000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 8A000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 9F000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 9C000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP A5000025
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1720] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 8D000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!GetMessageW 7E4191C6 8 Bytes [55, 90, FF, 25, 00, 00, 6C, ...] {PUSH EBP; NOP ; JMP [0x26c0000]}
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 66000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 69000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 63000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 6F000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 20000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 26000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 2F000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!send 71AB4C27 8 Bytes JMP 2C000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 5C000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 23000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!recv 71AB676F 8 Bytes JMP 60000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 29000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 67006E00
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 53000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 56000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 44000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 41000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 32000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 3B000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 59000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 4D000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 35000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 4A000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 47000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 50000025
.text C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe[1780] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 38000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 59000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 53000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 56000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 50000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 5C000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 0E000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 14000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 1D000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!send 71AB4C27 8 Bytes JMP 1A000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 4A000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!gethostbyname 71AB5355 8 Bytes [55, 90, FF, 25, 00, 00, 11, ...] {PUSH EBP; NOP ; JMP [0x5110000]}
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!recv 71AB676F 8 Bytes JMP 4D000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 17000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 2C000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP 41000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP 44000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 32000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 2F000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP C4815B5E
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 29000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP 47000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 3B000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 23000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 38000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 35000025
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 67006E00
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2224] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 26000025
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2412] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 63000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 69000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP 72000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!send 71AB4C27 8 Bytes JMP 6F000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP 7C000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 66000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!recv 71AB676F 8 Bytes JMP 7F000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 6C000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 8E000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 88000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP 8B000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP 85000025
.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP 91000025
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[3404] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[3548] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP BA000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP B4000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!GetMessageA 7E42772B 8 Bytes JMP B7000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!PeekMessageA 7E42A340 8 Bytes JMP B1000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] USER32.dll!GetClipboardData 7E430DBA 8 Bytes JMP BD000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 6E000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!inet_addr 71AB2EE1 8 Bytes JMP 74000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!sendto 71AB2F51 8 Bytes JMP F1FFEEEE
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!send 71AB4C27 8 Bytes JMP 7A000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!WSARecv 71AB4CB5 8 Bytes JMP AA000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!gethostbyname 71AB5355 8 Bytes JMP 71000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!recv 71AB676F 8 Bytes JMP AE000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WS2_32.dll!WSASend 71AB68FA 8 Bytes JMP 77000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetCloseHandle 3D944261 8 Bytes JMP 8C000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpOpenRequestA 3D94AA7B 8 Bytes JMP A1000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpOpenRequestW 3D94C49A 8 Bytes JMP A4000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetReadFile 3D9513D4 8 Bytes JMP 92000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetQueryDataAvailable 3D951615 8 Bytes JMP 8F000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestA 3D953558 8 Bytes JMP 80000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestExW 3D958C49 8 Bytes JMP 89000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetWriteFile 3D958D5C 8 Bytes JMP A7000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!CommitUrlCacheEntryA 3D95E9AA 8 Bytes JMP 9B000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestW 3D95FDF9 8 Bytes JMP 83000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetReadFileExW 3D96334C 8 Bytes JMP 98000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!InternetReadFileExA 3D963384 8 Bytes JMP 95000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!CommitUrlCacheEntryW 3D976F94 8 Bytes JMP 9E000025
.text C:\DOCUME~1\Jocelyn\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[4848] WININET.dll!HttpSendRequestExA 3D9AA92E 8 Bytes JMP 86000025
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WININET.dll!InternetReadFile 3D9513D4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WININET.dll!InternetOpenA 3D953081 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[6096] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 88F26FC5
AttachedDevice \FileSystem\Ntfs \Ntfs CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat CtxSbx.sys (Citrix Application Isolation Environment Driver/Citrix Systems, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:572] 88F267CA
Thread System [4:596] 88F2657C
Thread System [4:600] 88F2757D
---- EOF - GMER 1.0.15 ----
And the OTL info:
OTL logfile created on: 7/9/2010 7:24:09 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Jocelyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.14 Gb Total Space | 3.62 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 1.52 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOCELYNSLAPTOP
Current User Name: Jocelyn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe
PRC - [2009/03/23 10:47:10 | 003,458,376 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7613\Webshots.scr
PRC - [2008/12/09 13:37:02 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
PRC - [2006/05/12 13:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/12 13:32:14 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/11 19:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe
PRC - [2004/09/22 20:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2004/08/06 03:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 03:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2003/10/07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 10:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
========== Modules (SafeList) ==========
MOD - [2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/12 13:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/29 11:00:50 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.0\AGCoreService.exe -- (AGCoreService)
SRV - [2008/12/09 13:37:02 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/07/05 15:56:00 | 000,237,568 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc)
SRV - [2007/05/24 15:40:40 | 000,180,224 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 15:15:53 | 000,295,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AAAAAAA.sys -- (AAAAAAA)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/05 16:50:20 | 000,161,352 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx)
DRV - [2007/07/05 15:45:36 | 000,020,424 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/24 15:40:18 | 000,022,968 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv)
DRV - [2007/03/22 15:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/17 00:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/05/12 13:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 13:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 13:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 13:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/03/14 14:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/22 20:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 23:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 21:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/08/22 12:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 12:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 12:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/18 20:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)
DRV - [2004/10/15 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2004/09/22 20:00:00 | 000,108,256 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 21:22:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 21:19:04 | 000,000,000 | ---D | M]
[2009/03/29 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Extensions
[2009/03/29 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Extensions\[email protected]
[2010/07/08 23:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions
[2009/04/27 12:27:03 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/08/23 10:05:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/03 00:10:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\gzrtjsc2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/08 21:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\rvvezany.coyotehunnie\extensions
[2010/07/08 21:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\rvvezany.coyotehunnie\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/08 23:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/21 19:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 19:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 19:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/06/21 19:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/07/05 16:36:14 | 000,015,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nprade.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/06/21 19:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
O1 HOSTS File: ([2010/07/08 21:47:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Jocelyn\Start Menu\Programs\StartUp\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/06 20:37:59 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465003472846848)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/08 23:31:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
[2010/07/08 23:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Application Data\Malwarebytes
[2010/07/08 23:21:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 23:21:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 23:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/08 23:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 23:20:19 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jocelyn\My Documents\mbam-setup.exe
[2010/07/08 23:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/08 23:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/08 23:19:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jocelyn\My Documents\erunt_setup.exe
[2010/07/08 23:07:10 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\My Documents\TFC.exe
[2010/07/08 22:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 22:47:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jocelyn\Recent
[2010/07/08 22:44:34 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jocelyn\My Documents\ccsetup233.exe
[2010/07/08 21:37:36 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/07/08 21:37:36 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/07/08 21:37:36 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/07/08 21:37:36 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/07/08 21:37:36 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/07/08 21:37:36 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/07/08 21:37:35 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/07/08 21:37:35 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/07/08 21:37:35 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/07/08 21:37:35 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/07/08 21:37:35 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/07/08 21:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Desktop\SmitfraudFix
[2010/07/08 21:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/08 21:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\afreeCodecVT
[2010/07/08 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2010/07/08 21:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/07/08 21:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TiVo Shared
[2010/07/08 21:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/07/08 21:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/08 21:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/07/08 21:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Application Data\Viewpoint
[2010/07/07 20:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\My Documents\Downloads
[2010/07/07 18:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\afreeCodecVT
[2010/07/07 08:36:26 | 002,833,691 | ---- | C] (convertavitomp3.com ) -- C:\Documents and Settings\Jocelyn\My Documents\convertavitomp4_setup.exe
[2010/05/08 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jocelyn\Desktop\102ND200
[2010/05/07 09:44:54 | 024,184,872 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Jocelyn\My Documents\LimeWireWin(4).exe
[2010/04/18 22:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/04/18 22:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
========== Files - Modified Within 90 Days ==========
[2010/07/09 07:06:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 06:47:14 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
[2010/07/08 23:47:05 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
[2010/07/08 23:43:33 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\Google Chrome.lnk
[2010/07/08 23:43:33 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/08 23:40:28 | 000,001,591 | ---- | M] () -- C:\hpqp.ini
[2010/07/08 23:40:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 23:39:39 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/08 23:38:59 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/07/08 23:38:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/08 23:38:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/08 23:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 23:38:43 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 23:31:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\Desktop\OTL.exe
[2010/07/08 23:23:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\gmer.zip
[2010/07/08 23:21:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 23:20:54 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jocelyn\My Documents\mbam-setup.exe
[2010/07/08 23:19:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\NTREGOPT.lnk
[2010/07/08 23:19:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\ERUNT.lnk
[2010/07/08 23:19:07 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jocelyn\My Documents\erunt_setup.exe
[2010/07/08 23:06:37 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jocelyn\My Documents\TFC.exe
[2010/07/08 22:56:36 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\HiJackThis.lnk
[2010/07/08 22:52:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\HiJackThis.msi
[2010/07/08 22:45:15 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\CCleaner.lnk
[2010/07/08 22:44:37 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jocelyn\My Documents\ccsetup233.exe
[2010/07/08 22:40:03 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/07/08 22:23:48 | 004,583,424 | ---- | M] () -- C:\Documents and Settings\Jocelyn\NTUSER.DAT
[2010/07/08 22:23:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jocelyn\ntuser.ini
[2010/07/08 21:47:20 | 000,006,012 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 21:19:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 21:19:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 00:44:44 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\TD homers [bleep].doc
[2010/07/07 18:40:35 | 002,915,212 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\afreeCodecVT2_Setup.exe
[2010/07/07 18:39:02 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 08:36:32 | 002,833,691 | ---- | M] (convertavitomp3.com ) -- C:\Documents and Settings\Jocelyn\My Documents\convertavitomp4_setup.exe
[2010/07/04 03:05:57 | 000,254,384 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\WebshotsDesktopSetup(2).exe
[2010/07/04 02:49:47 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Start Menu\Programs\StartUp\Webshots.lnk
[2010/06/23 20:39:48 | 000,519,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 20:39:48 | 000,454,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 20:39:48 | 000,075,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 22:23:56 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 21:08:56 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/29 10:34:46 | 002,323,239 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\espn stuff for auction.JPG
[2010/05/26 19:51:22 | 000,052,402 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo.jpg
[2010/05/25 22:15:26 | 000,014,923 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\orange shirt.jpg
[2010/05/25 22:14:56 | 000,012,173 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen cropped.jpg
[2010/05/25 22:14:04 | 000,013,836 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\standing up.jpg
[2010/05/25 22:12:54 | 000,048,924 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and ness.jpg
[2010/05/25 22:11:52 | 000,034,580 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\kevin's close up.jpg
[2010/05/25 22:11:23 | 000,067,825 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen.jpg
[2010/05/23 20:36:12 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\bachelorette party cost.xls
[2010/05/22 11:33:48 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ChaLEAN Extreme.xls
[2010/05/16 19:10:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/13 21:03:20 | 000,053,379 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo 5.11.10.jpg
[2010/05/08 19:55:57 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/05/07 09:45:52 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Jocelyn\Desktop\LimeWire 5.5.8.lnk
[2010/05/07 09:45:07 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Jocelyn\My Documents\LimeWireWin(4).exe
[2010/04/30 21:26:26 | 000,104,887 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\Bruins tickets Game 2 Home.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 11:30:41 | 000,436,736 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo designs with ivy.doc
[2010/04/24 10:14:32 | 000,101,792 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 5.jpg
[2010/04/24 10:14:18 | 000,112,680 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 4.jpg
[2010/04/24 10:14:02 | 000,111,257 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 3.jpg
[2010/04/24 10:13:25 | 000,036,667 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design2.jpg
[2010/04/24 10:13:06 | 000,030,497 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design.jpg
[2010/04/18 22:35:44 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/04/18 22:27:59 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
[2010/04/18 22:27:59 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/04/18 22:27:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/04/18 22:27:00 | 058,723,112 | ---- | M] () -- C:\Documents and Settings\Jocelyn\My Documents\BejeweledBlitzSetup_FB.exe
[2010/04/14 19:14:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
========== Files Created - No Company Name ==========
[2010/07/08 23:43:33 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\Google Chrome.lnk
[2010/07/08 23:43:33 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/08 23:42:19 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005UA.job
[2010/07/08 23:42:19 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1252877270-681193528-834207150-1005Core.job
[2010/07/08 23:23:55 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\gmer.zip
[2010/07/08 23:21:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 23:19:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\NTREGOPT.lnk
[2010/07/08 23:19:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\ERUNT.lnk
[2010/07/08 22:53:36 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\HiJackThis.lnk
[2010/07/08 22:52:33 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\HiJackThis.msi
[2010/07/08 22:31:32 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 21:38:05 | 000,006,012 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 21:37:35 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/07/08 21:37:35 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/07/08 21:37:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/07/08 00:44:44 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\TD homers [bleep].doc
[2010/07/07 18:40:11 | 002,915,212 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\afreeCodecVT2_Setup.exe
[2010/07/04 03:06:02 | 000,254,384 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\WebshotsDesktopSetup(2).exe
[2010/05/29 10:34:46 | 002,323,239 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\espn stuff for auction.JPG
[2010/05/26 19:51:22 | 000,052,402 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo.jpg
[2010/05/25 22:14:56 | 000,012,173 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen cropped.jpg
[2010/05/25 22:14:04 | 000,013,836 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\standing up.jpg
[2010/05/25 22:12:53 | 000,048,924 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and ness.jpg
[2010/05/25 22:11:52 | 000,034,580 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\kevin's close up.jpg
[2010/05/25 22:11:22 | 000,067,825 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\me and jen.jpg
[2010/05/25 22:10:03 | 000,014,923 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\orange shirt.jpg
[2010/05/16 19:10:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 13:34:06 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\bachelorette party cost.xls
[2010/05/13 21:03:20 | 000,053,379 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo 5.11.10.jpg
[2010/05/08 19:50:20 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2010/05/07 09:45:52 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Jocelyn\Desktop\LimeWire 5.5.8.lnk
[2010/04/30 21:26:26 | 000,104,887 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\Bruins tickets Game 2 Home.pdf
[2010/04/24 11:30:41 | 000,436,736 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\tattoo designs with ivy.doc
[2010/04/24 10:14:32 | 000,101,792 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 5.jpg
[2010/04/24 10:14:18 | 000,112,680 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 4.jpg
[2010/04/24 10:14:02 | 000,111,257 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design 3.jpg
[2010/04/24 10:13:25 | 000,036,667 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design2.jpg
[2010/04/24 10:13:06 | 000,030,497 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\ivy design.jpg
[2010/04/18 22:27:59 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
[2010/04/18 22:27:59 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/04/18 22:27:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/18 22:27:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/18 22:24:01 | 058,723,112 | ---- | C] () -- C:\Documents and Settings\Jocelyn\My Documents\BejeweledBlitzSetup_FB.exe
[2010/03/11 08:55:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/30 23:09:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/08/24 12:06:30 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/09/14 15:29:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/08 14:41:06 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/08 14:36:34 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/08 14:22:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 14:17:49 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/12 13:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/05/10 17:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 17:01:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 16:57:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2008/11/19 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/11/07 13:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2006/09/16 15:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/18 22:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/08 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/08 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/21 15:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/15 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/21 19:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/14 15:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\acccore
[2009/11/09 00:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\AGI
[2006/09/14 16:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Aim
[2008/07/21 12:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\ICAClient
[2010/07/08 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Viewpoint
[2006/09/14 16:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jocelyn\Application Data\Webshots
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/15 01:02:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/07/26 17:33:04 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/07/08 23:38:43 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 23:40:28 | 000,001,591 | ---- | M] () -- C:\hpqp.ini
[2006/09/14 10:18:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/19 21:50:18 | 000,001,629 | -H-- | M] () -- C:\IPH.PH
[2006/09/14 10:18:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/07/13 17:33:32 | 000,001,111 | ---- | M] () -- C:\net_save.dna
[2004/08/04 17:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/08/30 14:27:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/01 20:56:37 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/06/01 20:56:37 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/07/08 23:38:35 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/07/08 21:51:35 | 000,002,133 | ---- | M] () -- C:\rapport.txt
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/07/08 23:38:59 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2007/08/11 20:19:22 | 000,000,146 | ---- | M] () -- C:\YServer.txt
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
[2005/09/24 11:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
< %systemroot%\Fonts\*.ini >
[2006/12/19 14:04:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/05/10 09:27:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/10 09:27:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 00:41:03
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
And the extras
OTL Extras logfile created on: 7/9/2010 7:24:09 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Jocelyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.14 Gb Total Space | 3.62 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 1.52 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOCELYNSLAPTOP
Current User Name: Jocelyn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune -- (Sony Pictures Digital Networks Inc.)
"E:\install.exe" = E:\install.exe:*:Enabled:install -- File not found
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1158262354\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Disabled:Framework Service -- (Network Associates, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 B1
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5A5F02DA-D200-4E6E-B469-45866D5CB207}" = Citrix Streaming Client 1.1 for Windows
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a454c267-70b9-3bfc-af15-628bcc82d578}" = Webshots Desktop
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afreeCodecVT2" = afreeCodecVT
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audit Support Center" = Audit Support Center 1.0
"Bejeweled Blitz" = Bejeweled Blitz
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B2m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"home box office" = home box office Screen Saver
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"PROSet" = Intel® PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 7/8/2010 11:09:09 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.
Error - 7/8/2010 11:09:09 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053
Error - 7/8/2010 11:09:39 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Bluetooth Service service
to connect.
Error - 7/8/2010 11:09:39 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Service service failed to start due to the following
error: %%1053
Error - 7/8/2010 11:10:12 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 7/8/2010 11:13:09 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Network Associates McShield service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/8/2010 11:16:59 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7038
Description = The RadeSvc service was unable to log on as .\Ctx_StreamingSvc with
the currently configured password due to the following error: %%1326 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).
Error - 7/8/2010 11:16:59 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Citrix Streaming Service service failed to start due to the following
error: %%1069
Error - 7/8/2010 11:39:54 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7038
Description = The RadeSvc service was unable to log on as .\Ctx_StreamingSvc with
the currently configured password due to the following error: %%1326 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).
Error - 7/8/2010 11:39:54 PM | Computer Name = JOCELYNSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Citrix Streaming Service service failed to start due to the following
error: %%1069
< End of report >
Edited by coyotehunnie, 09 July 2010 - 06:15 AM.
removed email. --ST