Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

When I click on link it occasionally takes me to another sit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 11th, 2009, 4:29 am

Hijack log listed below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23:10, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe
C:\Program Files\Common Files\eMail ID\IconixService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Documents and Settings\Antnee.WE-R-1\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.madisonmission.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1214440339-1957994488-1060284298-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent ... Status.CAB
O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Conf ... rsetup.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7872019361
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/fr ... eecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7871987845
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/downlo ... ctxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/Acti ... ontrol.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2 ... Player.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://online.invokesolutions.com/event ... mpTest.ocx
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://online.invokesolutions.com/event ... MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://survey3.spss-asp.com/images/p999 ... d_ocx.jpeg
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: c:\program,files\permissionresearch\prai.dll,c:\program,files\permissionresearch\prai.dll,C:\program,files\permissionresearch\prai.dll,C:\program files\permissionresearch\prai.dll
O20 - Winlogon Notify: dbbaefffbadffb - C:\WINDOWS\system32\dbbaefffbadffb.dll
O20 - Winlogon Notify: ffdbfaffeaaaddba - C:\WINDOWS\system32\ffdbfaffeaaaddba.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\eMail ID\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 13606 bytes
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am
Advertisement
Register to Remove

Re: When I click on link it occasionally takes me to another sit

Unread postby Dakeyras » January 12th, 2009, 8:10 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi cat4arby and welcome to Malware Removal :).

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe.

Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

In the meantime could you please post back a Uninstall list from HijackThis as follows, thank you:

Run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 12th, 2009, 11:20 pm

32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Convert XLS
DeductionPro 2007
Dell Driver Reset Tool
Dell Modem-On-Hold
Dell ResourceCD
ExamForce Engine Installation CM 7.7
FastAccess® DSL Help Center 4.2
Form Fill (Windows Live Toolbar)
FTDI USB Serial Converter Drivers
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet All-In-One Software 9.0
HP Driver Diagnostics
Intel(R) PROSet
InterActual Player
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
JumpStart Music
JumpStart Numbers
JumpStart Reading for Kindergartners
Logitech QuickCam
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser and SDK
MobileMe Control Panel
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
O2Micro Smartcard Driver
OneCare Advisor (Windows Live Toolbar)
PaperPort 7.0
PayPal Plug-In
PC Pitstop Exterminate2 2.0
PCFriendly
PCTEL 2304WT V.9x MDC Modem Drivers
PdfEdit995 (installed by TaxCut)
Photo Story 3 for Windows
Popup Blocker (Windows Live Toolbar)
QuickSet
QuickTime
RapidPlayer v4.0 ActiveX Control
RealPlayer Basic
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Shoppers' Hotline Control Center
SigmaTel AC97 Audio Drivers
Signature995
Smart Menus (Windows Live Toolbar)
Spybot - Search & Destroy
Tabbed Browsing (Windows Live Toolbar)
TaxCut Alabama 2007
TaxCut Deluxe 2005
TaxCut Premium + State 2007
TaxCut Premium 2006
Time Zone Data Update Tool for Microsoft Office Outlook
Trend Micro RUBotted
Trend Micro™ eMail ID
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebCyberCoach 3.2 Dell
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby Dakeyras » January 13th, 2009, 6:34 pm

Hi :)

Very Important!:

You appear to have no active Anti-Virus software installed and running apart from PC Pitstop Exterminate which has a Anti-Virus component.

If this is just the 30 day trial that has expired I advise you carry out the below and then we will uninstall this application. If this is not the case however and you have purchased it and it should be active inform myself straight away please and do not do anything else.

Anti-Virus Advice:

Note: Only to be carried out if PC Pitstop Exterminate has expired/not supposed to be active:

Is a very unsafe practice when accessing the internet, not to have a active Anti-Virus and most likely the cause of your malware problems. Download just one only of the two free anti-virus programs listed below please:

Install>> Update >> Carry Out a Complete Scan. Have it fix anything it finds:


Next:

We need to disable the registry guard feature of Spybot S&D as follows as it may interfere with the malware removal process.

Disable Spybot's TeaTimer:.

This is a two step process.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
    .

Second step, For Either Version:
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Next:

You have installed and active the Security application Trend Micro RUBotted. This is actually still in the Beta stage of development and will be prone to problems whilst still in the testing stage.

Because of this and the good chance it may cause a problem and or create a system conflict my advice is to uninstall this application until it has been fully tested and released as stand alone application as follows:

Please navigate to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Trend Micro RUBotted
PC Pitstop Exterminate <---Only uninstall this if it is inactive and the trial period has expired.

When completed the above, please post back the following:

  • How is you computer performing now, any problems encountered and or symptoms ?
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 14th, 2009, 1:10 am

Each time I clicked on AntiVir Free or Avast Home Edition the web pages closes.
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby Dakeyras » January 14th, 2009, 7:11 pm

Hi :)

A question first, in-case the need arises do you have a Flash/USB type drive and access to a known malware free computer with internet access at all ?

This is may be needed if we have encounter any further difficulty's downloading/installing security applications. As we may need to transfer them from a Flash/USB drive etc.

OK lets try this first as follows:

Please download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 15th, 2009, 12:49 am

combofix.txt

ComboFix 09-01-13.04 - Antnee 2009-01-14 22:22:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.284 [GMT -6:00]
Running from: c:\documents and settings\Antnee.WE-R-1\Desktop\Link1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Antnee.WE-R-1\Application Data\.#
C:\log.udt
c:\program files\Internet Explorer\msimg32.dll
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\319\Install.ini
c:\windows\Downloaded Program Files\MyWebEx\319\trace.txt
c:\windows\Downloaded Program Files\MyWebEx\319\xstatus.log
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-11 02:34 . 2007-10-22 21:04 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-09 09:20 . 2009-01-09 09:20 <DIR> d-------- c:\program files\eMail ID
2009-01-09 09:20 . 2009-01-09 09:20 <DIR> d-------- c:\program files\Common Files\eMail ID
2009-01-09 09:20 . 2009-01-09 09:22 <DIR> d-------- c:\documents and settings\Antnee.WE-R-1\Application Data\eMail ID
2009-01-09 09:20 . 2009-01-09 09:20 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\eMail ID
2009-01-09 00:09 . 2009-01-09 00:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop
2009-01-01 11:19 . 2009-01-01 11:19 <DIR> d-------- c:\program files\PayPal
2008-12-16 19:10 . 2008-12-16 19:10 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 04:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\WholeSecurity
2009-01-14 05:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-14 04:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 04:24 --------- d-----w c:\program files\PCPitstop
2009-01-09 14:40 --------- d-----w c:\program files\PassAlong
2009-01-09 14:37 --------- d-----w c:\program files\CCleaner
2008-12-29 14:42 --------- d-----w c:\program files\Coupons
2008-12-08 16:48 --------- d-----w c:\program files\iTunes
2008-12-08 16:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 16:47 --------- d-----w c:\program files\iPod
2008-12-08 16:47 --------- d-----w c:\program files\Common Files\Apple
2008-12-08 16:41 --------- d-----w c:\program files\QuickTime
2008-12-08 14:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-01 17:54 185,360 ----a-w c:\windows\1E86469625D78FF8FE81E1C0FC353E57.exe
2008-11-27 12:20 --------- d-----w c:\documents and settings\Antnee.WE-R-1\Application Data\Malwarebytes
2008-11-27 12:20 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-25 04:03 185,360 ----a-w c:\windows\77CE6C966245ED521F2261E23738F8D8.exe
2008-11-24 06:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ExamForce
2008-11-20 03:57 185,360 ----a-w c:\windows\C9AAEDF72115DF8B858C3688EA914A.exe
2008-11-15 03:52 185,360 ----a-w c:\windows\CB118B728C7FE2C7F230BD132E1E810.exe
2008-11-10 03:47 185,360 ----a-w c:\windows\C7B0A12B74A958233E6CB9AC67E5622.exe
2008-11-05 03:42 185,360 ----a-w c:\windows\3EF64A8469221C48E0EE84836B827062.exe
2008-10-31 02:37 185,360 ----a-w c:\windows\A3741F2AF2ABF0E8B7EC9645B9538341.exe
2008-10-26 02:32 185,360 ----a-w c:\windows\35D0DAE9AF6D8010F7B5EF3BE269630.exe
2008-10-21 02:27 82,448 ----a-w c:\windows\32AE7E23CAA74433814F8E9EEC442BE1.exe
2008-10-16 02:22 185,360 ----a-w c:\windows\60819C936D656F16EAC69330906BD967.exe
2008-01-21 15:24 60,968 ----a-w c:\documents and settings\Antnee.WE-R-1\GoToAssistDownloadHelper.exe
2007-03-07 19:13 56,912 ----a-w c:\documents and settings\Antnee.WE-R-1\g2mdlhlpx.exe
2000-09-26 23:06 63,488 ----a-w c:\program files\JetComp.doc
1999-08-11 14:13 65,536 ----a-w c:\program files\JETCOMP.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2002-12-17 360448]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-04-12 198184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IconixOEAddOn"="c:\program files\eMail ID\OEAddOn\OEdmn_4.exe" [2008-12-08 333584]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\windows\system32\pctspk.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 00:33 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-11-10 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 15:06 2027792 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-11-06 92550]
R4 IconixService;Iconix Update Service;c:\program files\Common Files\eMail ID\IconixService.exe [2009-01-09 258832]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2007-03-28 15104]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78507f73-6eda-11dc-983f-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78507f74-6eda-11dc-983f-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d53ccc3-0a47-11dc-979c-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9add220-73f1-11db-965c-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.madisonmission.net/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41991acb875b4b16bc9370013ee2a131
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41991acb875b4b16bc9370013ee2a131
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\CheckFileStatus.ocx - O16 -: {2703049B-D81D-4763-A3C6-AF8932FCBD8F}
hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
c:\windows\Downloaded Program Files\CheckFileStatus.INF

O16 -: {2E4A92AB-F2C0-456A-9935-B715439790D7}

c:\windows\Downloaded Program Files\pcpitstopAntiVirus.dll - O16 -: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}
hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll

c:\windows\Downloaded Program Files\TLIEFlashCtrlU.dll - O16 -: {94B82441-A413-4E43-8422-D49930E69764}
hxxps://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB

c:\windows\system32\progressbar.avi - c:\windows\system32\SSMEarthLink.ocx
O16 -: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B}
hxxp://check.earthlinksecurity.com/SSMEarthLink.cab
c:\windows\Downloaded Program Files\SSMEarthLink.inf

O16 -: {A7EA8AD2-287F-11D3-B120-006008C39542}

c:\windows\Downloaded Program Files\WMDownload.dll - O16 -: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}
hxxps://media.pineconeresearch.com/Acti ... ontrol.cab
c:\windows\Downloaded Program Files\WMDL.inf

c:\windows\system32\atl.dll - c:\windows\system32\ACNePlayer.dll
O16 -: {B991DA79-51F7-4011-98D2-1F2592E82A56}
hxxp://drm1.reelsurvey.com/ePlayer/V3_2 ... Player.cab
c:\windows\Downloaded Program Files\ACNeplayerU.inf

c:\windows\Downloaded Program Files\MILiveCompTest.ocx - O16 -: {D4F3F795-7712-4D92-91DF-AEB055D8AC73}
hxxp://online.invokesolutions.com/event ... mpTest.ocx

O16 -: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://online.invokesolutions.com/event ... MILive.cab
c:\windows\Downloaded Program Files\MILive.inf

c:\windows\Downloaded Program Files\ieatgpc.dll - c:\windows\system32\gtdownde_110.ocx
O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
hxxp://pccheckup.dellfix.com/rel/41/ins ... downde.cab
c:\windows\Downloaded Program Files\gtdownde_110.inf

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA}
hxxp://survey3.spss-asp.com/images/p999 ... d_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 22:33:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\336db75214369c776f3aa25252ebcbb6.sys 39424 bytes executable
c:\windows\system32\_336db75214369c776f3aa25252ebcbb6.sys_.vir 39424 bytes executable


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\336db75214369c776f3aa25252ebcbb6]
"ImagePath"="system32\336db75214369c776f3aa25252ebcbb6.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-14 22:43:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-15 04:42:20

Pre-Run: 3,964,522,496 bytes free
Post-Run: 4,020,981,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

239
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 15th, 2009, 12:50 am

hijack.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:30, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\eMail ID\IconixService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Antnee.WE-R-1\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.madisonmission.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1214440339-1957994488-1060284298-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent ... Status.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7872019361
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/fr ... eecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7871987845
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/Acti ... ontrol.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2 ... Player.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://online.invokesolutions.com/event ... mpTest.ocx
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://online.invokesolutions.com/event ... MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://survey3.spss-asp.com/images/p999 ... d_ocx.jpeg
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\eMail ID\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 12823 bytes
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby Dakeyras » January 16th, 2009, 5:58 am

Hi :)

There is evidence that one of more of your(or someone who has attached at some point maybe) USB/Flash drives is infected. Please do not attach anything to the USB ports of your computer for the time being. We will address disinfecting the aforementioned USB/Flash drives at a later date. In the meantime do not connect them to any other computers as they may in turn become infected.

Next:

Spybot's Registry Guard feature TeaTimer still appears to be active. I propose we actually uninstall the application fully to ensure the aforementioned feature is no longer active and interfere with the malware removal process. You may download/re-install Spybot again once I give the all clear.

Now please navigate to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Spybot - Search & Destroy

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

COMBOFIX-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    FileLook::
    c:\windows\1E86469625D78FF8FE81E1C0FC353E57.exe
    c:\windows\77CE6C966245ED521F2261E23738F8D8.exe
    c:\windows\C9AAEDF72115DF8B858C3688EA914A.exe
    c:\windows\CB118B728C7FE2C7F230BD132E1E810.exe
    c:\windows\C7B0A12B74A958233E6CB9AC67E5622.exe
    c:\windows\3EF64A8469221C48E0EE84836B827062.exe
    c:\windows\A3741F2AF2ABF0E8B7EC9645B9538341.exe
    c:\windows\35D0DAE9AF6D8010F7B5EF3BE269630.exe
    c:\windows\32AE7E23CAA74433814F8E9EEC442BE1.exe
    c:\windows\60819C936D656F16EAC69330906BD967.exe
    
    File::
    c:\windows\system32\336db75214369c776f3aa25252ebcbb6.sys
    c:\windows\system32\_336db75214369c776f3aa25252ebcbb6.sys_.vir
    
    Folder::
    c:\program files\Coupons
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}]
    [-HKEY_CLASSES_ROOT\CLSID\{6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E4A92AB-F2C0-456A-9935-B715439790D7}]
    [-HKEY_CLASSES_ROOT\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E4A92AB-F2C0-456A-9935-B715439790D7}]
    [-HKEY_CLASSES_ROOT\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}]
    [-HKEY_CLASSES_ROOT\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}]
    [-HKEY_CLASSES_ROOT\CLSID\{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B991DA79-51F7-4011-98D2-1F2592E82A56}]
    [-HKEY_CLASSES_ROOT\CLSID\{B991DA79-51F7-4011-98D2-1F2592E82A56}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
    [-HKEY_CLASSES_ROOT\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\336db75214369c776f3aa25252ebcbb6]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78507f74-6eda-11dc-983f-00038a000015}]
    
    Snapshot::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next:

Now please download just one only of the two free anti-virus programs listed below please:

Install>> Update >> Carry Out a Complete Scan. Have it fix anything it finds:


When completed the above, please post back the following:

  • How is you computer performing now, any problems encountered and or symptoms ?
  • Combofix Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 17th, 2009, 9:01 pm

On some pages the links fail to open for me.

On other sites I get an internet explorer error message and then it closes.

ComboFix 09-01-15.01 - Antnee 2009-01-16 6:54:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.596 [GMT -6:00]
Running from: c:\documents and settings\Antnee.WE-R-1\Desktop\Link1.exe
Command switches used :: c:\documents and settings\Antnee.WE-R-1\Desktop\CFScript.txt

FILE ::
c:\windows\system32\_336db75214369c776f3aa25252ebcbb6.sys_.vir
c:\windows\system32\336db75214369c776f3aa25252ebcbb6.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Coupons
c:\program files\Coupons\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 06:46 . 2009-01-16 06:47 <DIR> d-------- c:\program files\ERUNT
2009-01-11 02:34 . 2007-10-22 21:04 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-09 09:20 . 2009-01-09 09:20 <DIR> d-------- c:\program files\eMail ID
2009-01-09 09:20 . 2009-01-15 17:27 <DIR> d-------- c:\program files\Common Files\eMail ID
2009-01-09 09:20 . 2009-01-09 09:22 <DIR> d-------- c:\documents and settings\Antnee.WE-R-1\Application Data\eMail ID
2009-01-09 09:20 . 2009-01-15 17:27 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\eMail ID
2009-01-09 00:09 . 2009-01-09 00:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop
2009-01-01 11:19 . 2009-01-01 11:19 <DIR> d-------- c:\program files\PayPal
2008-12-16 19:10 . 2008-12-16 19:10 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 12:42 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\WholeSecurity
2009-01-16 12:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-16 12:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-14 04:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 04:24 --------- d-----w c:\program files\PCPitstop
2009-01-09 14:40 --------- d-----w c:\program files\PassAlong
2009-01-09 14:37 --------- d-----w c:\program files\CCleaner
2008-12-12 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 17:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-08 16:48 --------- d-----w c:\program files\iTunes
2008-12-08 16:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 16:47 --------- d-----w c:\program files\iPod
2008-12-08 16:47 --------- d-----w c:\program files\Common Files\Apple
2008-12-08 16:41 --------- d-----w c:\program files\QuickTime
2008-12-08 14:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-01 17:54 185,360 ----a-w c:\windows\1E86469625D78FF8FE81E1C0FC353E57.exe
2008-11-27 12:20 --------- d-----w c:\documents and settings\Antnee.WE-R-1\Application Data\Malwarebytes
2008-11-27 12:20 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-25 04:03 185,360 ----a-w c:\windows\77CE6C966245ED521F2261E23738F8D8.exe
2008-11-24 06:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ExamForce
2008-11-20 03:57 185,360 ----a-w c:\windows\C9AAEDF72115DF8B858C3688EA914A.exe
2008-11-18 04:10 313,871 ------w c:\windows\system32\bb1219eaaba59119f0f3f729e620b05a.TMP
2008-11-18 04:10 313,871 ------w c:\windows\system32\5080fd4926463a846a80def1855414e3.TMP
2008-11-15 03:52 185,360 ----a-w c:\windows\CB118B728C7FE2C7F230BD132E1E810.exe
2008-11-10 03:47 185,360 ----a-w c:\windows\C7B0A12B74A958233E6CB9AC67E5622.exe
2008-11-07 23:12 302,096 ------w c:\windows\system32\ffdbfaffeaaaddba.dll
2008-11-05 03:42 185,360 ----a-w c:\windows\3EF64A8469221C48E0EE84836B827062.exe
2008-10-31 02:37 185,360 ----a-w c:\windows\A3741F2AF2ABF0E8B7EC9645B9538341.exe
2008-10-26 02:32 185,360 ----a-w c:\windows\35D0DAE9AF6D8010F7B5EF3BE269630.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 06:39 313,871 ------w c:\windows\system32\f6dd66d06a4e2a73339d0bc5d465c6ff.TMP
2008-10-21 06:39 313,871 ------w c:\windows\system32\dbbaefffbadffb.dll
2008-10-21 02:27 82,448 ----a-w c:\windows\32AE7E23CAA74433814F8E9EEC442BE1.exe
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 02:22 185,360 ----a-w c:\windows\60819C936D656F16EAC69330906BD967.exe
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-01-21 15:24 60,968 ----a-w c:\documents and settings\Antnee.WE-R-1\GoToAssistDownloadHelper.exe
2007-03-07 19:13 56,912 ----a-w c:\documents and settings\Antnee.WE-R-1\g2mdlhlpx.exe
2000-09-26 23:06 63,488 ----a-w c:\program files\JetComp.doc
1999-08-11 14:13 65,536 ----a-w c:\program files\JETCOMP.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\1E86469625D78FF8FE81E1C0FC353E57.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\32AE7E23CAA74433814F8E9EEC442BE1.exe ----
Company: Insoft
File Description: Insoft Installer
File Version: 1, 0, 0, 1
Product Name: Insoft Installer
Copyright: Copyright Insoft c 2008
Original file name: cunta.exe
MD5: 4089e0e64150d999844c99e5a178854b


---- c:\windows\35D0DAE9AF6D8010F7B5EF3BE269630.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\3EF64A8469221C48E0EE84836B827062.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\60819C936D656F16EAC69330906BD967.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\77CE6C966245ED521F2261E23738F8D8.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\A3741F2AF2ABF0E8B7EC9645B9538341.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\C7B0A12B74A958233E6CB9AC67E5622.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\C9AAEDF72115DF8B858C3688EA914A.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


---- c:\windows\CB118B728C7FE2C7F230BD132E1E810.exe ----
Company: SkypeLtd
File Description: skype
File Version: 0, 1, 2, 132
Product Name: ldm
Copyright: Copyright c 2006
Original file name: skype.com
MD5: 181ff141600d340c58727df9a7f9efc8


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2002-12-17 360448]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-04-12 198184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IconixOEAddOn"="c:\program files\eMail ID\OEAddOn\OEdmn_4.exe" [2008-12-08 333584]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\windows\system32\pctspk.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 00:33 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-11-10 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 15:06 2027792 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-11-06 92550]
R4 IconixService;Iconix Update Service;c:\program files\Common Files\eMail ID\IconixService.exe [2009-01-09 258832]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2007-03-28 15104]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78507f73-6eda-11dc-983f-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d53ccc3-0a47-11dc-979c-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9add220-73f1-11db-965c-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.madisonmission.net/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41991acb875b4b16bc9370013ee2a131
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41991acb875b4b16bc9370013ee2a131
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\CheckFileStatus.ocx - O16 -: {2703049B-D81D-4763-A3C6-AF8932FCBD8F}
hxxps://am.hrblock.com/ActivexComponent ... Status.CAB
c:\windows\Downloaded Program Files\CheckFileStatus.INF

c:\windows\Downloaded Program Files\TLIEFlashCtrlU.dll - O16 -: {94B82441-A413-4E43-8422-D49930E69764}
hxxps://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB

c:\windows\system32\progressbar.avi - c:\windows\system32\SSMEarthLink.ocx
O16 -: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B}
hxxp://check.earthlinksecurity.com/SSMEarthLink.cab
c:\windows\Downloaded Program Files\SSMEarthLink.inf

c:\windows\Downloaded Program Files\MILiveCompTest.ocx - O16 -: {D4F3F795-7712-4D92-91DF-AEB055D8AC73}
hxxp://online.invokesolutions.com/event ... mpTest.ocx

O16 -: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://online.invokesolutions.com/event ... MILive.cab
c:\windows\Downloaded Program Files\MILive.inf

c:\windows\Downloaded Program Files\ieatgpc.dll - c:\windows\system32\gtdownde_110.ocx
O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
hxxp://pccheckup.dellfix.com/rel/41/ins ... downde.cab
c:\windows\Downloaded Program Files\gtdownde_110.inf

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA}
hxxp://survey3.spss-asp.com/images/p999 ... d_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 06:58:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\336db75214369c776f3aa25252ebcbb6.sys 39424 bytes executable
c:\windows\system32\_336db75214369c776f3aa25252ebcbb6.sys_.vir 39424 bytes executable


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\336db75214369c776f3aa25252ebcbb6]
"ImagePath"="system32\336db75214369c776f3aa25252ebcbb6.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2009-01-16 7:04:21
ComboFix-quarantined-files.txt 2009-01-16 13:03:03
ComboFix2.txt 2009-01-15 04:43:41

Pre-Run: 3,987,247,104 bytes free
Post-Run: 3,996,311,552 bytes free

284
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 17th, 2009, 9:02 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:57, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\eMail ID\IconixService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Antnee.WE-R-1\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.madisonmission.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent ... Status.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7872019361
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/fr ... eecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7871987845
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://online.invokesolutions.com/event ... mpTest.ocx
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://online.invokesolutions.com/event ... MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://survey3.spss-asp.com/images/p999 ... d_ocx.jpeg
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\eMail ID\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 12251 bytes
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby Dakeyras » January 18th, 2009, 5:17 pm

Hi :)

On some pages the links fail to open for me.

On other sites I get an internet explorer error message and then it closes.

OK, thank you for informing myself.

Please make sure you adhere to my advice from a prior post, thank you:
There is evidence that one of more of your(or someone who has attached at some point maybe) USB/Flash drives is infected. Please do not attach anything to the USB ports of your computer for the time being. We will address disinfecting the aforementioned USB/Flash drives at a later date. In the meantime do not connect them to any other computers as they may in turn become infected.

Next:

We have managed to install a Anti-Virus software application on your computer, which is a good in-roads to-wards getting your system malware free.

But we are not quite out of the malware woods so to speak just yet.

For now I propose we run a few more in-depth scans so I can positively identify the remaining infections and advise a suitable course of action.

If I may remind your good self of some advice from my welcome post:
It may prove beneficial if you print of the following instructions or save them to notepad as I post them

Next:

Download GMER and extract it to your desktop.

***Please close any open programs ***

  • Now right click on gmer.exe and choose the option Rename , rename it Dakeyras please.
  • Now double-click Dakeyras.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


  • If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER/Dakeyras will produce a log. Click on the Save button, and save the log as dakeyras.txt somewhere you can easily find it, such as your desktop.
  • If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER/Dakeyras will produce a log.
  • Click on the Save button, and save the log as Dakeyras.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER/Dakeyras scan in your reply.

Next:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Dakeyras.txt.
  • Both RSIT Logs.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 18th, 2009, 9:38 pm

No noticeable problems (but I haven't attempted to do anything).

Dakeyras scan

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-18 19:32:03
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT F7F48D54 ZwCreateThread
SSDT F7F48D40 ZwOpenProcess
SSDT F7F48D45 ZwOpenThread
SSDT F7F48D4F ZwTerminateProcess
SSDT F7F48D4A ZwWriteVirtualMemory

Code 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial) ZwCreateKey [0xF7880BA2]
Code 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial) ZwEnumerateKey [0xF7880C27]
Code 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial) ZwOpenKey [0xF7880B24]
Code 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial) ZwQueryDirectoryFile [0xF78808AD]
Code 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial) IoCreateFile
Code 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial) NtQueryDirectoryFile

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP F7880B28 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial)
PAGE ntoskrnl.exe!IoCreateFile 8056CC6B 5 Bytes JMP F7880786 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP F7880BA6 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP F7880C2B 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial)
PAGE ntoskrnl.exe!NtQueryDirectoryFile 80572111 5 Bytes JMP F78808B1 336db75214369c776f3aa25252ebcbb6.sys (ckmd/Nove Industrial)

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + FFE25751 7C9C217D 272 Bytes [ C0, F1, 77, DB, A8, F1, 77, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + FFE25862 7C9C228E 1 Byte [ 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + FFE25864 7C9C2290 89 Bytes [ FF, 30, 83, 7C, 17, F8, 82, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + FFE258BE 7C9C22EA 121 Bytes [ 91, 7C, F9, BC, 80, 7C, 0D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + FFE25938 7C9C2364 3 Bytes [ 18, AD, 80 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceExW + 8C 7C9EA5DD 267 Bytes [ 53, 48, 47, 65, 74, 44, 65, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceExW + 198 7C9EA6E9 25 Bytes [ 72, 6C, 61, 79, 49, 6E, 64, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceExW + 1B2 7C9EA703 40 Bytes [ 53, 48, 47, 65, 74, 49, 6E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceExW + 1DB 7C9EA72C 181 Bytes [ 77, 4C, 69, 6E, 6B, 49, 6E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceExW + 291 7C9EA7E2 818 Bytes [ 53, 48, 47, 65, 74, 53, 68, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFree + 29 7C9EAB15 151 Bytes [ 6E, 72, 65, 61, 64, 4D, 61, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFree + C1 7C9EABAD 231 Bytes [ 65, 49, 6D, 61, 67, 65, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadOLE + 54 7C9EAC95 140 Bytes [ 53, 68, 65, 52, 65, 6D, 6F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadOLE + E1 7C9EAD22 122 Bytes [ 53, 68, 65, 6C, 6C, 45, 78, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetSize + D 7C9EAD9D 34 Bytes [ 53, 68, 65, 6C, 6C, 5F, 47, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetSize + 30 7C9EADC0 334 Bytes [ 49, 6D, 61, 67, 65, 4C, 69, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILClone + 11A 7C9EAF0F 103 Bytes [ 53, 74, 72, 53, 74, 72, 49, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILClone + 182 7C9EAF77 224 Bytes [ 68, 61, 72, 65, 64, 00, 73, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILClone + 263 7C9EB058 95 Bytes [ 00, 50, FF, 15, 60, 15, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCloneFirst + 54 7C9EB0B8 36 Bytes [ 00, 00, 8B, F8, 39, 1D, C4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCloneFirst + 7A 7C9EB0DE 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCloneFirst + 7E 7C9EB0E2 96 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCombine + 2E 7C9EB143 7 Bytes [ 74, 1D, 8B, 07, 8B, CF, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCombine + 36 7C9EB14B 26 Bytes [ CC, 00, 00, 00, 85, C0, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCombine + 51 7C9EB166 86 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCombine + A8 7C9EB1BD 17 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCombine + BA 7C9EB1CF 37 Bytes [ 81, C1, 40, 02, 00, 00, 51, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDesktopFolder + 13 7C9EB77B 44 Bytes [ 3B, D7, 72, 1A, 77, 04, 3B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDesktopFolder + 40 7C9EB7A8 25 Bytes [ 5E, 5B, C9, C2, 10, 00, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDesktopFolder + 5A 7C9EB7C2 24 Bytes [ 15, 60, 15, 9C, 7C, 8B, F8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDesktopFolder + 73 7C9EB7DB 44 Bytes [ C7, 5F, 5E, 5D, C2, 04, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDesktopFolder + A0 7C9EB808 233 Bytes [ 90, 90, 90, 90, 90, C7, 01, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRestricted + 38 7C9EC091 38 Bytes [ 85, C0, 74, 1E, 56, 8B, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRestricted + 5F 7C9EC0B8 2 Bytes [ 90, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRestricted + 63 7C9EC0BC 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRestricted + 6F 7C9EC0C8 41 Bytes [ 83, C0, 04, 50, FF, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRestricted + 99 7C9EC0F2 35 Bytes [ 4D, 08, 56, 8B, F1, 57, C1, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILRemoveLastID + 1 7C9EC1B8 4 Bytes [ EC, 83, EC, 10 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILRemoveLastID + 8 7C9EC1BF 28 Bytes [ 85, C9, 0F, 85, 06, 07, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILRemoveLastID + 25 7C9EC1DC 93 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILRemoveLastID + 83 7C9EC23A 104 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILRemoveLastID + EC 7C9EC2A3 6 Bytes [ 80, 0F, 8D, C6, 74, 00 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetSettings + 63 7C9EC413 75 Bytes [ 50, A5, 89, 45, C8, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetSettings + AF 7C9EC45F 42 Bytes [ 74, 17, FF, 75, CC, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetSettings + DA 7C9EC48A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetSettings + F6 7C9EC4A6 78 Bytes [ 0F, 8C, E4, 01, 00, 00, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetSettings + 145 7C9EC4F5 5 Bytes [ 56, 57, 68, D0, 00 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCLSIDFromString + 26 7C9EC7D9 28 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCLSIDFromString + 43 7C9EC7F6 96 Bytes CALL CA29C801
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCLSIDFromString + A4 7C9EC857 39 Bytes [ 47, 85, C0, 74, 49, 8B, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCLSIDFromString + CC 7C9EC87F 71 Bytes [ 11, 85, C0, 7C, 18, 56, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCLSIDFromString + 114 7C9EC8C7 5 Bytes [ FF, FF, 5D, C2, 10 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindLastID + 2A 7C9EC9A6 80 Bytes [ 53, FF, 75, 10, 8D, 4F, F0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindLastID + 7B 7C9EC9F7 53 Bytes [ CE, 2B, C8, D1, F9, 51, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindLastID + B1 7C9ECA2D 94 Bytes [ 75, 10, 53, FF, 37, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindLastID + 110 7C9ECA8C 19 Bytes [ 73, 00, 00, 00, 41, 00, 6C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindLastID + 124 7C9ECAA0 55 Bytes [ 49, 00, 44, 00, 50, 00, 52, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHParseDisplayName + 3E 7C9EDBAE 133 Bytes [ 0F, 84, 78, 1A, 01, 00, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHParseDisplayName + C4 7C9EDC34 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHParseDisplayName + FF 7C9EDC6F 51 Bytes CALL 7C9EDB13 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHParseDisplayName + 133 7C9EDCA3 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHParseDisplayName + 13F 7C9EDCAF 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHILCreateFromPath + 8C 7C9EE1CC 27 Bytes CALL 7C9EE171 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHILCreateFromPath + A8 7C9EE1E8 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHILCreateFromPath + D8 7C9EE218 33 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHILCreateFromPath + FA 7C9EE23A 89 Bytes [ 8D, BD, E4, FB, FF, FF, F3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHILCreateFromPath + 154 7C9EE294 19 Bytes [ 53, FF, 75, 14, 57, 50, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPath + 1 7C9EE2E0 8 Bytes [ EC, FF, 75, 10, FF, 75, 0C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPath + A 7C9EE2E9 13 Bytes [ 68, 90, 44, 9C, 7C, 6A, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPath + 18 7C9EE2F7 7 Bytes [ FF, 5D, C2, 0C, 00, 90, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPath + 22 7C9EE301 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPath + 29 7C9EE308 52 Bytes [ 30, 02, 00, 00, A1, 48, F5, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathW + 1 7C9EED77 38 Bytes [ D8, 85, DB, 7C, 6B, 83, C6, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathW + 28 7C9EED9E 150 Bytes [ 51, 14, 8B, D8, 85, DB, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathW + BF 7C9EEE35 27 Bytes [ 8B, 75, 08, 89, 45, F8, 89, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathW + DC 7C9EEE52 13 Bytes [ 85, C0, 0F, 84, 92, 0B, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathW + EA 7C9EEE60 4 Bytes [ 85, 86, 1B, 00 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderLocation + 19 7C9EF27A 16 Bytes [ 8D, 43, 03, 50, FF, 15, 24, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderLocation + 2A 7C9EF28B 33 Bytes [ FF, 85, C0, 0F, 85, 26, 17, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderLocation + 4C 7C9EF2AD 49 Bytes [ 00, 00, 85, C0, 0F, 8D, 68, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderLocation + 7E 7C9EF2DF 16 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderLocation + E 7C9EF2F1 73 Bytes CALL 7C9EF13F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderLocation + 58 7C9EF33B 1 Byte [ FB ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderLocation + 5B 7C9EF33E 3 Bytes [ 84, DC, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderLocation + 60 7C9EF343 3 Bytes [ 66, 83, 22 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderLocation + 64 7C9EF347 14 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCoCreateInstance 7C9EF5E2 65 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCoCreateInstance + 42 7C9EF624 40 Bytes [ 15, A8, F2, BB, 7C, 3B, C7, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCoCreateInstance + 6B 7C9EF64D 32 Bytes [ 08, 50, FF, 51, 18, 8B, 06, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCoCreateInstance + 8C 7C9EF66E 1 Byte [ 08 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCoCreateInstance + 8E 7C9EF670 27 Bytes [ 33, DB, EB, 93, 90, 90, 90, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderPathW + 1A 7C9EF792 5 Bytes [ 45, 39, B5, A4, FD ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderPathW + 20 7C9EF798 33 Bytes [ FF, 74, 52, C7, 85, AC, FD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderPathW + 42 7C9EF7BA 22 Bytes CALL 7C9EE7B4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderPathW + 59 7C9EF7D1 58 Bytes [ FF, 8B, F8, 3B, FE, 7D, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSpecialFolderPathW + 94 7C9EF80C 41 Bytes [ FF, 50, F3, A5, FF, 15, 3C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsNetDrive + 2 7C9F063E 8 Bytes [ 15, 60, F5, 9E, 7C, 5D, C2, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsNetDrive + B 7C9F0647 98 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsNetDrive + 71 7C9F06AD 113 Bytes [ 8B, FF, 55, 8B, EC, 83, 3D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsNetDrive + E3 7C9F071F 7 Bytes CALL 7C9F01D6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsNetDrive + EB 7C9F0727 18 Bytes [ DB, 75, 21, F6, 45, 15, 40, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealDriveType + 15 7C9F0EAB 80 Bytes [ 18, 3B, C3, 74, 02, 89, 30, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DriveType + 2E 7C9F0EFC 29 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DriveType + 4C 7C9F0F1A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DriveType + 68 7C9F0F36 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DriveType + 85 7C9F0F53 50 Bytes CALL 7C9F0D0E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DriveType + B8 7C9F0F86 21 Bytes [ 75, 0C, 53, FF, 15, 30, 1C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDListW + 3B 7C9F105F 17 Bytes JMP 7C9EB1B7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDListW + 4D 7C9F1071 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDListW + 60 7C9F1084 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDListW + 7A 7C9F109E 47 Bytes [ 00, 49, 0F, 85, 55, 4F, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDListW + AA 7C9F10CE 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsEqual + 20 7C9F122F 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsEqual + 28 7C9F1237 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsEqual + 43 7C9F1252 2 Bytes [ FF, 55 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsEqual + 46 7C9F1255 48 Bytes [ EC, 81, EC, 54, 04, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsEqual + 77 7C9F1286 85 Bytes [ FF, 8D, 8D, D4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowW + 27 7C9F12DC 23 Bytes [ 3B, F3, 0F, 9F, C0, 8B, 4D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowW + 41 7C9F12F6 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowW + 47 7C9F12FC 144 Bytes [ EC, 51, 51, 53, 56, 57, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowW + D8 7C9F138D 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowW + 122 7C9F13D7 7 Bytes [ C0, 75, AD, B8, FF, FF, 00 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsParent + 14 7C9F1440 77 Bytes [ 00, B9, FF, FF, 00, 00, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsParent + 62 7C9F148E 79 Bytes [ FF, 50, FF, B5, 98, FE, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILIsParent + B2 7C9F14DE 90 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindChild + 4D 7C9F1539 95 Bytes CALL 7CA23B92 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindChild + AD 7C9F1599 37 Bytes [ DB, 7C, 41, 8B, 45, 0C, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindChild + D3 7C9F15BF 42 Bytes [ 45, 14, 8B, 4D, 0C, 8B, 11, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindChild + FE 7C9F15EA 133 Bytes [ 1B, C0, 83, D8, FF, E9, C5, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILFindChild + 184 7C9F1670 13 Bytes [ EC, FD, FF, FF, 50, 8D, 45, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetClassObject + A6 7C9F295F 85 Bytes [ A1, AC, FA, BC, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetClassObject + FC 7C9F29B5 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetClassObject + 102 7C9F29BB 15 Bytes [ FF, 55, 8B, EC, 53, 56, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetClassObject + 112 7C9F29CB 9 Bytes [ 85, FF, BB, 02, 40, 00, 80, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetClassObject + 11C 7C9F29D5 62 Bytes [ 07, 8D, 4D, 0C, 51, 68, 38, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetImageLists + 26 7C9F3D2F 51 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetImageLists + 5A 7C9F3D63 4 Bytes [ FF, 75, 20, 8B ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetImageLists + 5F 7C9F3D68 42 Bytes [ 08, FF, 75, 18, 83, C1, F0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetImageLists + 8A 7C9F3D93 63 Bytes [ 42, EB, 05, 00, FF, 75, 20, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetImageLists + CB 7C9F3DD4 15 Bytes [ FE, 34, 9F, 7C, AA, DF, 9F, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBindToParent + 72 7C9F3F02 32 Bytes [ F1, FF, 75, 08, FF, 76, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBindToParent + 93 7C9F3F23 9 Bytes [ 55, 8B, EC, 83, 3D, 78, FA, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBindToParent + 9D 7C9F3F2D 35 Bytes [ 0F, 84, 1F, E3, 00, 00, A1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBindToParent + C1 7C9F3F51 4 Bytes [ 90, 90, 90, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBindToParent + C6 7C9F3F56 32 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetCachedImageIndex + 1A 7C9F3FFA 45 Bytes CALL 7C9F4016 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetCachedImageIndex + 48 7C9F4028 348 Bytes [ 75, 08, 8B, F9, 8D, 5F, 20, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetCachedImageIndex + 1A5 7C9F4185 2 Bytes [ 00, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetCachedImageIndex + 1AA 7C9F418A 14 Bytes [ 00, 00, 3C, 7E, 87, 3B, DE, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_GetCachedImageIndex + 1B9 7C9F4199 14 Bytes [ 52, 1C, 6A, 90, 90, 90, 90, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyDeregister + 2D 7C9F5457 30 Bytes [ 00, 83, F8, 34, 0F, 86, F3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyDeregister + 4C 7C9F5476 64 Bytes [ 4E, 0F, 85, 9B, 3D, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyDeregister + 8D 7C9F54B7 10 Bytes [ 89, 7D, E0, 89, 7D, E4, 81, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyDeregister + 9A 7C9F54C4 35 Bytes [ 0F, 84, C8, 5D, 00, 00, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyDeregister + BE 7C9F54E8 50 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2 7C9F659A 39 Bytes [ 75, 10, FF, 75, 08, E8, C4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2B 7C9F65C3 3 Bytes [ 8B, FF, 55 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2F 7C9F65C7 26 Bytes [ EC, 51, 51, 56, 57, 8B, F1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 4A 7C9F65E2 55 Bytes [ 00, 8B, D8, 3B, DF, 74, 6F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 82 7C9F661A 93 Bytes [ C6, 0C, 89, 75, F8, 89, 7D, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyRegister + 1E 7C9F88F5 92 Bytes [ 8B, 4D, FC, 8B, C7, 5F, 5E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyRegister + 7D 7C9F8954 30 Bytes [ 14, 8B, 06, FF, 75, 10, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyRegister + 9C 7C9F8973 9 Bytes [ FF, 39, 46, 1C, 0F, 8C, B7, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyRegister + A6 7C9F897D 55 Bytes [ EB, A3, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifyRegister + DE 7C9F89B5 10 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_MergeMenus + 15 7C9F8FE9 37 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_MergeMenus + 3B 7C9F900F 14 Bytes [ 46, 24, 3B, C1, 8D, 50, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_MergeMenus + 4A 7C9F901E 66 Bytes [ 00, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_MergeMenus + 8D 7C9F9061 2 Bytes [ 96, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_MergeMenus + 91 7C9F9065 15 Bytes [ EB, E1, FF, 75, 08, E8, B2, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderView + 2 7C9FA63C 88 Bytes [ 75, 08, 8D, 8E, 40, 02, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderView + 5B 7C9FA695 62 Bytes [ 00, 00, 85, C0, 0F, 84, 02, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderView + 9A 7C9FA6D4 130 Bytes [ 00, FF, 75, 08, 8B, 00, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderView + 11D 7C9FA757 5 Bytes [ 80, A6, 12, 02, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderView + 123 7C9FA75D 129 Bytes [ FE, F6, 86, 14, 02, 00, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7C9FCB7C 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7C9FCB98 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7C9FCB9F 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7C9FCBF3 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7C9FCBFB 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconExW + 4D 7C9FE204 78 Bytes [ CF, FF, 75, 08, 56, E8, B8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconExW + 9C 7C9FE253 31 Bytes [ 00, 68, 68, D2, 9F, 7C, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconExW + BC 7C9FE273 5 Bytes [ 00, 81, 32, 9F, 7C ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconExW + C2 7C9FE279 34 Bytes [ 00, 00, 00, 7A, DF, 66, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconExW + E9 7C9FE2A0 35 Bytes CALL 7C9E8417 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCloneSpecialIDList + 3A 7C9FE585 34 Bytes [ 89, 45, DC, 8B, 45, 14, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCloneSpecialIDList + 5D 7C9FE5A8 2 Bytes [ D9, A5 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCloneSpecialIDList + 60 7C9FE5AB 37 Bytes [ 15, 94, 1A, 9C, 7C, 8B, F8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCloneSpecialIDList + 86 7C9FE5D1 20 Bytes [ 03, 00, 00, 8B, 45, E8, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCloneSpecialIDList + 9B 7C9FE5E6 25 Bytes [ 56, 0C, 8B, F8, 33, F6, 3B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconW + 48 7C9FECE1 26 Bytes [ 7D, 10, 33, DB, 33, C0, 39, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconW + 63 7C9FECFC 57 Bytes [ 20, 85, C0, 74, 0C, FF, 46, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconW + 9D 7C9FED36 73 Bytes [ 75, 08, 8B, 46, 08, FF, 76, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHExtractIconsW + 36 7C9FED80 27 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHExtractIconsW + 52 7C9FED9C 24 Bytes [ 08, 50, FF, 51, 08, C7, 06, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHExtractIconsW + 6B 7C9FEDB5 54 Bytes [ 75, 0C, 57, 8B, 7D, 08, 23, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHExtractIconsW + A2 7C9FEDEC 23 Bytes [ 33, C0, EB, E3, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHExtractIconsW + BA 7C9FEE04 159 Bytes [ 89, 46, 0C, 8B, 45, 08, C7, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetVersion + 5 7C9FFA08 74 Bytes [ 81, EC, 28, 02, 00, 00, A1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetVersion + 51 7C9FFA54 51 Bytes [ 00, 57, 68, 70, F5, BC, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetVersion + 85 7C9FFA88 6 Bytes [ 00, 00, 75, 15, 56, 53 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetVersion + 8C 7C9FFA8F 88 Bytes [ B5, EC, FD, FF, FF, E8, 65, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllGetVersion + E5 7C9FFAE8 14 Bytes [ 85, E4, FD, FF, FF, 89, B5, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetImageList + C 7C9FFF35 39 Bytes [ F0, FF, FF, 75, 03, 09, 46, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetImageList + 34 7C9FFF5D 13 Bytes JMP 7C9F3AFF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetImageList + 43 7C9FFF6C 26 Bytes [ 88, F1, 9F, 7C, 6C, F1, 9F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetImageList + 5F 7C9FFF88 15 Bytes [ DC, F0, 9F, 7C, B8, F0, 9F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetImageList + 6F 7C9FFF98 11 Bytes [ 54, F0, 9F, 7C, 30, F0, 9F, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathResolve + 5B 7CA02AF5 338 Bytes [ B9, F1, 7E, AD, 7C, 89, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathResolve + 1AE 7CA02C48 2 Bytes [ E1, 69 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathResolve + 1B2 7CA02C4C 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathResolve + 1C4 7CA02C5E 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathResolve + 1DA 7CA02C74 19 Bytes [ 83, 25, A0, 00, BD, 7C, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteExW + 96 7CA02F99 61 Bytes [ 83, FF, 08, 0F, 8E, 51, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteExW + D4 7CA02FD7 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteExW + F6 7CA02FF9 92 Bytes [ 10, 89, 91, AC, 00, BD, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteExW + 153 7CA03056 62 Bytes [ 00, 56, FF, 35, 84, 05, BD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteExW + 192 7CA03095 30 Bytes [ 1D, 9C, 7C, 99, 2B, C2, D1, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHTestTokenMembership + 54 7CA055B3 32 Bytes [ 00, 57, FF, B6, 04, 60, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHTestTokenMembership + 75 7CA055D4 179 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHTestTokenMembership + 129 7CA05688 5 Bytes [ FF, 55, 8B, EC, 56 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHTestTokenMembership + 12F 7CA0568E 19 Bytes CALL 7CA056F6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHTestTokenMembership + 144 7CA056A3 50 Bytes [ 0F, 85, 97, 8E, 04, 00, 83, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenRegStream + 1 7CA05ABF 25 Bytes [ EC, 81, EC, 60, 02, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenRegStream + 1B 7CA05AD9 24 Bytes [ 89, BD, A8, FD, FF, FF, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenRegStream + 34 7CA05AF2 12 Bytes [ 8D, 70, 04, 56, FF, 15, F4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenRegStream + 41 7CA05AFF 52 Bytes [ 75, 8D, 85, A0, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenRegStream + 76 7CA05B34 32 Bytes CALL 7CA05B8C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILLoadFromStream + 4 7CA0693A 58 Bytes [ D8, 85, DB, 0F, 8C, 57, C1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILLoadFromStream + 3F 7CA06975 3 Bytes [ C3, 5B, E8 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILLoadFromStream + 43 7CA06979 27 Bytes [ 1A, FE, FF, C9, C2, 10, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILLoadFromStream + 5F 7CA06995 25 Bytes [ 5D, C2, 04, 00, 48, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILLoadFromStream + 79 7CA069AF 224 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_ShowDragImage + 1 7CA08C9D 114 Bytes [ 47, 30, 85, C0, 0F, 85, 7A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_ShowDragImage + 74 7CA08D10 2 Bytes [ 50, 53 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_ShowDragImage + 77 7CA08D13 3 Bytes [ CE, F9, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_ShowDragImage + 7B 7CA08D17 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_ShowDragImage + A7 7CA08D43 190 Bytes [ FF, 15, EC, 14, 9C, 7C, 85, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA0B1D7 5 Bytes [ FF, 01, 00, 00, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA0B1DD 131 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExW + 17 7CA0B261 99 Bytes [ 16, 9C, 7C, 5F, 5E, 5B, C3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA0B2C5 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExW + 93 7CA0B2DD 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExW + E8 7CA0B332 4 Bytes [ 84, 1E, E8, 04 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExW + ED 7CA0B337 3 Bytes [ 6A, 43, FF ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateRecycleBinIcon + 5 7CA0BCE5 39 Bytes [ 8B, C6, 5E, 5D, C2, 04, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateRecycleBinIcon + 2D 7CA0BD0D 49 Bytes [ BD, 7C, 3B, 18, 75, E0, 33, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateRecycleBinIcon + 5F 7CA0BD3F 93 Bytes JMP 7C9F9149 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateRecycleBinIcon + BD 7CA0BD9D 49 Bytes [ FF, 8B, F0, 3B, F7, 0F, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateRecycleBinIcon + EF 7CA0BDCF 69 Bytes [ FF, 75, FC, FF, 56, 18, E9, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsUserAnAdmin + 35 7CA0DB90 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsUserAnAdmin + 46 7CA0DBA1 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsUserAnAdmin + 5A 7CA0DBB5 5 Bytes [ 0F, 85, EA, C1, 03 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsUserAnAdmin + 60 7CA0DBBB 42 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsUserAnAdmin + 8B 7CA0DBE6 16 Bytes [ C5, C1, 03, 00, 8B, 45, 10, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathProcessCommand + 41 7CA0E4CC 1 Byte [ 53 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathProcessCommand + 43 7CA0E4CE 38 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathProcessCommand + 6A 7CA0E4F5 9 Bytes [ FF, 83, FE, FF, 0F, 84, AE, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathProcessCommand + 74 7CA0E4FF 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathProcessCommand + 8B 7CA0E516 5 Bytes [ 89, 9D, B0, FB, FF ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFileAorW + 3D 7CA1192E 48 Bytes [ C1, FD, FF, FF, 08, 0F, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFileAorW + 6E 7CA1195F 41 Bytes [ 76, 28, 33, DB, 8D, 85, B8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFileAorW + 98 7CA11989 30 Bytes [ 40, 89, 85, F8, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFileAorW + B7 7CA119A8 50 Bytes [ FF, FF, 8D, 4E, FC, E8, 46, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFileAorW + EB 7CA119DC 51 Bytes [ FF, 8B, 85, 58, FF, FF, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListA + 15 7CA1B936 5 Bytes [ 33, C8, 89, 8B, A4 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListA + 1C 7CA1B93D 46 Bytes JMP 7CA1BDD3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListA + 4B 7CA1B96C 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListA + 73 7CA1B994 5 Bytes [ 89, 83, A4, 00, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListA + 79 7CA1B99A 58 Bytes JMP 7CA1BDD4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetFolderCustomSettingsW + 53 7CA1DC20 68 Bytes [ 76, 08, FF, D7, 85, C0, 74, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetFolderCustomSettingsW + 98 7CA1DC65 25 Bytes [ 00, FF, 45, E4, 8B, 45, E4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetFolderCustomSettingsW + B2 7CA1DC7F 34 Bytes [ F6, D9, 1B, C9, 23, 4D, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetFolderCustomSettingsW + D5 7CA1DCA2 14 Bytes CALL 7CA197C3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSetFolderCustomSettingsW + E5 7CA1DCB2 43 Bytes [ F6, 46, 44, 01, 0F, 85, C4, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetLocalizedName + 6 7CA21652 8 Bytes [ 6C, 24, 04, 08, E9, D2, F5, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetLocalizedName + F 7CA2165B 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetLocalizedName + 2D 7CA21679 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetLocalizedName + 4B 7CA21697 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetLocalizedName + 85 7CA216D1 14 Bytes JMP 7CA0F4F3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushSFCache + 32 7CA217B0 59 Bytes [ 85, C0, 0F, 84, 86, 18, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushSFCache + 6E 7CA217EC 52 Bytes [ 75, 10, 0F, 84, 0D, 37, 03, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushSFCache + A3 7CA21821 86 Bytes [ 00, 90, 90, 90, 90, 90, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushSFCache + FA 7CA21878 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushSFCache + 161 7CA218DF 4 Bytes [ FD, FF, FF, 8D ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIcon + B 7CA221E1 45 Bytes [ 83, BD, 3C, F5, FF, FF, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIcon + 39 7CA2220F 7 Bytes [ FF, 00, 09, 8D, 28, F5, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIcon + 41 7CA22217 18 Bytes [ 89, 85, 58, F5, FF, FF, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIcon + 54 7CA2222A 8 Bytes [ FF, 8B, F8, 85, FF, 7C, 23, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIcon + 5D 7CA22233 2 Bytes [ 24, F5 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Lock + 6 7CA228EB 9 Bytes [ FF, 8B, CB, 50, 0F, 84, F9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Lock + 10 7CA228F5 66 Bytes [ FF, B5, BC, F9, FF, FF, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Lock + 53 7CA22938 144 Bytes [ 8B, 4D, FC, 8B, 85, C0, F9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Lock + E4 7CA229C9 2 Bytes [ EC, 56 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Lock + E7 7CA229CC 47 Bytes [ 75, 08, FF, 71, 3C, E8, 3F, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractVersionResource16W + 11 7CA22C52 5 Bytes [ FC, FF, C9, C2, 04 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractVersionResource16W + 17 7CA22C58 9 Bytes [ 83, 0E, 18, EB, D5, C7, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractVersionResource16W + 22 7CA22C63 114 Bytes [ A1, 60, FA, BC, 7C, 33, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractVersionResource16W + 96 7CA22CD7 36 Bytes [ 00, FF, 15, 7C, 1A, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractVersionResource16W + BB 7CA22CFC 1 Byte [ 52 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllCanUnloadNow + 27 7CA238B4 15 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllCanUnloadNow + 37 7CA238C4 46 Bytes [ 57, 8B, 7D, 08, F7, 47, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllCanUnloadNow + 66 7CA238F3 31 Bytes [ 00, 00, 85, C0, 74, 16, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllCanUnloadNow + 86 7CA23913 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllCanUnloadNow + 129 7CA239B6 4 Bytes [ 55, 8B, EC, 56 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsExe + 2 7CA23A9F 3 Bytes JMP 7CA2397C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsExe + 6 7CA23AA3 108 Bytes [ FF, 39, 7D, F4, 0F, 85, F1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsExe + 73 7CA23B10 30 Bytes JMP 7CA23893 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsExe + 92 7CA23B2F 8 Bytes JMP 7CA26B44 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsExe + 9B 7CA23B38 24 Bytes [ 40, 04, 8B, 34, 98, 3B, FE, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDrive + 3B 7CA23DCC 54 Bytes [ 69, 00, 6E, 00, 69, 00, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDrive + 72 7CA23E03 96 Bytes [ 83, C6, 04, 81, FE, 2C, 59, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDrive + D3 7CA23E64 20 Bytes [ 9E, 7C, 0F, 85, 72, 01, 02, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDrive + E8 7CA23E79 77 Bytes [ 5E, C3, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDrive + 136 7CA23EC7 28 Bytes [ 0F, 85, 1A, 1A, 02, 00, C3, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Unlock + 5 7CA24415 89 Bytes [ A1, 54, FA, BC, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Unlock + 5F 7CA2446F 19 Bytes [ FF, 8B, 45, 08, 3B, C3, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Unlock + 73 7CA24483 3 Bytes [ CE, FF, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Unlock + 77 7CA24487 17 Bytes [ 8B, F8, 3B, FB, 74, 23, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotification_Unlock + 8B 7CA2449B 2 Bytes [ FF, 15 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotify + B 7CA24914 3 Bytes [ 68, 64, FA ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotify + 10 7CA24919 50 Bytes CALL 7CA00BA3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotify + 43 7CA2494C 118 Bytes [ 68, A4, FA, BC, 7C, E8, 4D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotify + BA 7CA249C3 16 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotify + CB 7CA249D4 26 Bytes [ 00, F6, 45, 08, 01, 74, 07, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIconW + 41 7CA2A570 7 Bytes [ 64, 00, 52, 00, 75, 00, 6E ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIconW + 49 7CA2A578 1 Byte [ 44 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIconW + 4B 7CA2A57A 41 Bytes [ 6C, 00, 6C, 00, 00, 00, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIconW + 75 7CA2A5A4 115 Bytes [ 63, 00, 64, 00, 6C, 00, 67, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Shell_NotifyIconW + E9 7CA2A618 74 Bytes [ 75, 00, 63, 00, 74, 00, 69, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListW + 17 7CA2AAD0 122 Bytes [ A2, 7C, C3, 90, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListW + 92 7CA2AB4B 8 Bytes [ 07, BD, 7C, C0, A0, A2, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListW + 9B 7CA2AB54 58 Bytes [ 90, 90, 90, 90, C7, 05, F0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListW + D6 7CA2AB8F 1 Byte [ A0 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListW + D8 7CA2AB91 94 Bytes [ 7C, C3, 90, 90, 90, 90, 90, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathA + FB 7CA2AD0C 5 Bytes [ BD, 7C, C0, A0, A2 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathA + 101 7CA2AD12 43 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathA + 12D 7CA2AD3E 19 Bytes [ C0, A0, A2, 7C, C3, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathA + 141 7CA2AD52 17 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathA + 154 7CA2AD65 77 Bytes [ 90, 90, 90, C7, 05, 14, 09, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfoW + 4D 7CA2B040 89 Bytes [ 3D, D0, F5, BC, 7C, 74, 0D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfoW + A7 7CA2B09A 72 Bytes [ 94, AB, 01, 00, A1, 2C, 09, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfoW + F0 7CA2B0E3 106 Bytes [ A1, 58, F5, BC, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfoW + 15B 7CA2B14E 5 Bytes [ 00, E8, 0B, 00, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfoW + 161 7CA2B154 64 Bytes [ 33, C0, 5D, C2, 0C, 00, 90, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragAcceptFiles + 14 7CA2B1BD 19 Bytes [ D8, 0D, 00, A2, A2, 7C, 89, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragAcceptFiles + 28 7CA2B1D1 155 Bytes [ 8B, 38, 4F, 78, 1C, 56, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragAcceptFiles + C4 7CA2B26D 49 Bytes [ 55, 8B, EC, 53, 56, 57, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragAcceptFiles + F6 7CA2B29F 16 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragAcceptFiles + 107 7CA2B2B0 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetMalloc + 43 7CA2B3D8 16 Bytes [ 80, FF, 15, 30, 10, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetMalloc + 54 7CA2B3E9 9 Bytes [ 10, 9C, 7C, 8B, C6, 5E, 5D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetMalloc + 5E 7CA2B3F3 8 Bytes [ 33, F6, 46, EB, F4, B8, 17, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetMalloc + 67 7CA2B3FC 14 Bytes [ 00, 3B, F8, 0F, 86, 80, 87, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetMalloc + 76 7CA2B40B 13 Bytes [ 72, 40, 81, FF, 12, 02, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILSaveToStream + 54 7CA2F480 28 Bytes [ 03, 56, 56, FF, 75, CC, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILSaveToStream + 73 7CA2F49F 82 Bytes [ 85, FF, C7, 45, FC, 01, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILSaveToStream + C6 7CA2F4F2 52 Bytes [ 00, C7, 45, D4, 02, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILSaveToStream + FB 7CA2F527 50 Bytes [ 75, F4, 8B, 46, 18, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILSaveToStream + 12F 7CA2F55B 26 Bytes [ 8D, B7, B4, 01, 00, 00, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAddToRecentDocs + 7 7CA2FD29 42 Bytes [ FF, 15, E0, 15, 9C, 7C, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAddToRecentDocs + 32 7CA2FD54 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAddToRecentDocs + 47 7CA2FD69 76 Bytes [ C0, 74, 12, 8B, CF, 8B, D1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAddToRecentDocs + 94 7CA2FDB6 45 Bytes [ 55, 8B, EC, 81, EC, 98, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAddToRecentDocs + C2 7CA2FDE4 2 Bytes [ 9D, 70 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Win32DeleteFile + 4B 7CA30510 4 Bytes [ 84, 4C, 48, 02 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Win32DeleteFile + 50 7CA30515 54 Bytes [ 56, 57, 6A, 60, 6A, 40, BF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Win32DeleteFile + 87 7CA3054C 36 Bytes CALL 7CA304A2 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Win32DeleteFile + AC 7CA30571 16 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Win32DeleteFile + BD 7CA30582 13 Bytes [ 15, 58, 18, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathYetAnotherMakeUniqueName + 6B 7CA308F4 12 Bytes [ 0A, 00, 89, B5, C6, FB, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathYetAnotherMakeUniqueName + 78 7CA30901 78 Bytes [ FF, 8D, BD, C4, FB, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathYetAnotherMakeUniqueName + C7 7CA30950 56 Bytes [ FF, 55, 8B, EC, 51, 56, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathYetAnotherMakeUniqueName + 100 7CA30989 14 Bytes [ 5E, C9, C2, 08, 00, 8D, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathYetAnotherMakeUniqueName + 10F 7CA30998 1 Byte [ FF ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathCleanupSpec + 33 7CA30A9F 63 Bytes [ FF, 6A, 00, 50, 6A, 00, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathCleanupSpec + 73 7CA30ADF 12 Bytes [ F3, 33, C0, F3, A7, 0F, 84, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathCleanupSpec + 80 7CA30AEC 4 Bytes [ B5, D0, FD, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathCleanupSpec + 85 7CA30AF1 18 Bytes CALL 7C9EEF16 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathCleanupSpec + 98 7CA30B04 37 Bytes [ 8D, 95, DC, FB, FF, FF, 52, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfoW + 20 7CA30B2A 16 Bytes [ 08, 50, FF, 51, 10, 8B, F0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfoW + 31 7CA30B3B 39 Bytes [ 51, 08, 81, FE, 01, 40, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfoW + 59 7CA30B63 53 Bytes [ 8D, 44, 43, 02, 51, 50, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfoW + 8F 7CA30B99 12 Bytes [ FF, A5, A5, A5, A5, C7, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfoW + 9C 7CA30BA6 26 Bytes [ 00, 00, 8B, 85, D4, F5, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrIW + 58 7CA311BF 106 Bytes JMP 7C9FF007 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrIW + C4 7CA3122B 5 Bytes [ 53, 8D, 45, FC, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrIW + CA 7CA31231 45 Bytes [ 75, 0C, 8B, CE, FF, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrIW + F8 7CA3125F 33 Bytes [ 75, 08, FF, 75, 0C, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrIW + 11A 7CA31281 31 Bytes [ 75, 10, FF, 15, 34, 16, 9C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfo + 1 7CA31552 47 Bytes [ 4D, 10, 56, 8B, 75, 0C, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfo + 31 7CA31582 16 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfo + 42 7CA31593 4 Bytes [ 8C, 9C, 00, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfo + 47 7CA31598 30 Bytes [ 83, BD, F0, FD, FF, FF, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFileInfo + 66 7CA315B7 14 Bytes CALL 7C9EBD8F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconW + 63 7CA318A1 17 Bytes [ 5D, 14, 89, 85, C0, F7, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconW + 75 7CA318B3 11 Bytes [ B5, D0, F7, FF, FF, 89, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconW + 81 7CA318BF 1 Byte [ 9D ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconW + 83 7CA318C1 78 Bytes [ F7, FF, FF, 0F, 84, BF, 2F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconW + D2 7CA31910 1 Byte [ D7 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetNext + 2B 7CA3449A 10 Bytes [ 50, FF, 75, 10, FF, B5, E0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetNext + 36 7CA344A5 2 Bytes [ CE, B0 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetNext + 3A 7CA344A9 21 Bytes [ FF, B5, E0, F9, FF, FF, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetNext + 50 7CA344BF 15 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILGetNext + 60 7CA344CF 15 Bytes [ 4D, FC, 5F, 8B, C6, 5E, 5B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ReadCabinetState + 2C 7CA346FD 54 Bytes [ C2, 10, 00, 90, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ReadCabinetState + 63 7CA34734 71 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ReadCabinetState + AB 7CA3477C 3 Bytes [ B6, 68, FB ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ReadCabinetState + AF 7CA34780 27 Bytes [ 85, C0, 59, 74, 35, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ReadCabinetState + CB 7CA3479C 84 Bytes [ 8B, 06, 57, FF, 75, 10, 68, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDList + 21 7CA34C52 94 Bytes [ 66, 00, 00, FF, 76, 28, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDList + 80 7CA34CB1 4 Bytes [ 75, 0C, 8B, D9 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDList + 85 7CA34CB6 53 Bytes CALL 7CA34BEF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDList + BB 7CA34CEC 215 Bytes [ F9, FF, 15, D4, 15, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetPathFromIDList + 193 7CA34DC4 61 Bytes [ 00, 0F, 85, 58, 4A, 02, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgReadMultiple + 1 7CA37A62 30 Bytes [ C7, 5F, 5E, 5D, C2, 0C, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgReadMultiple + 20 7CA37A81 95 Bytes CALL 7CA3796E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgReadMultiple + 80 7CA37AE1 94 Bytes [ FF, 75, 10, 8B, 06, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgReadMultiple + DF 7CA37B40 82 Bytes [ FF, FF, 90, 90, 4D, 6B, A3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgReadMultiple + 132 7CA37B93 19 Bytes [ F2, 33, DB, F3, A7, 74, 05, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetRealIDL + 17 7CA38DC8 46 Bytes [ EC, 81, EC, 10, 02, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetRealIDL + 46 7CA38DF7 18 Bytes [ 80, 00, 00, 3B, F8, 0F, 8F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetRealIDL + 59 7CA38E0A 35 Bytes [ 00, 02, 00, 00, 0F, 84, 6B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetRealIDL + 7D 7CA38E2E 2 Bytes [ 00, 20 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetRealIDL + 81 7CA38E32 50 Bytes [ 0F, 84, 47, 10, 00, 00, 6A, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableA + B 7CA3FA07 28 Bytes [ 00, 6A, 06, FF, B0, B0, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableA + 28 7CA3FA24 101 Bytes [ 51, 14, 85, DB, 0F, 8C, DC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableW + 5 7CA3FA93 57 Bytes [ 56, 57, 6A, 00, 8B, F1, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableW + 40 7CA3FACE 17 Bytes [ 8B, 45, 24, 8D, BE, 38, 02, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableW + 52 7CA3FAE0 48 Bytes [ 00, FF, 75, 18, 89, 86, 3C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableW + 83 7CA3FB11 14 Bytes [ 55, 8B, EC, 56, 57, 68, 40, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExecutableW + 92 7CA3FB20 5 Bytes [ 85, C0, 59, 74, 55 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSettings + 14 7CA3FBC1 32 Bytes [ 00, 8B, C7, 5F, 5E, 5D, C2, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSettings + 35 7CA3FBE2 17 Bytes [ 43, 3B, C3, B9, 05, 40, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSettings + 47 7CA3FBF4 8 Bytes [ F8, 03, 0F, 84, 43, 84, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSettings + 50 7CA3FBFD 19 Bytes [ C0, 75, 50, 53, 56, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetSettings + 64 7CA3FC11 13 Bytes [ 39, 1E, 75, 18, 8B, 47, 0C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteW + 26 7CA409C0 5 Bytes [ 04, 31, D1, EA, 52 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteW + 2C 7CA409C6 5 Bytes [ 6A, FF, 89, 04, BE ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteW + 32 7CA409CC 26 Bytes [ 45, FC, FF, 30, 6A, 00, 6A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteW + 4D 7CA409E7 58 Bytes [ 8B, 45, FC, 47, 3B, 7D, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteW + 88 7CA40A22 82 Bytes [ FF, FF, 33, DB, 8B, F8, 83, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstW + 37 7CA40D96 7 Bytes JMP 7CA4DF23 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstW + 3F 7CA40D9E 85 Bytes [ 83, 7D, FC, 02, 5F, 5E, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstW + 95 7CA40DF4 26 Bytes [ 8B, F0, 8D, 84, 3E, 09, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstW + B0 7CA40E0F 25 Bytes [ 15, 28, 16, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteEx + 4 7CA40E29 38 Bytes [ 7D, 08, 83, C0, F6, 89, 43, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteEx + 2B 7CA40E50 48 Bytes [ 5E, 25, 0E, 00, 07, 80, 5B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteEx + 5C 7CA40E81 68 Bytes [ 15, 80, 14, 9C, 7C, 57, 68, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteEx + A1 7CA40EC6 88 Bytes [ 2B, 45, 0C, 1B, 55, 10, 89, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteEx + FA 7CA40F1F 7 Bytes [ 55, 8B, EC, 51, 56, 8B, F1 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteA + 4B 7CA4119B 1 Byte [ 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteA + 4D 7CA4119D 12 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteA + 5A 7CA411AA 64 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteA + 9B 7CA411EB 50 Bytes [ 08, FF, 15, B8, 1D, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteA + CE 7CA4121E 19 Bytes [ F8, 50, 68, C0, 51, 9C, 7C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CommandLineToArgvW + 1 7CA41349 9 Bytes CALL 7C9E8480 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CommandLineToArgvW + B 7CA41353 150 Bytes [ 90, 90, 90, 90, 90, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CommandLineToArgvW + A2 7CA413EA 9 Bytes [ 83, 7E, 20, 00, 57, 0F, 84, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CommandLineToArgvW + AD 7CA413F5 78 Bytes [ FF, 15, 08, 1E, 9C, 7C, 68, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CommandLineToArgvW + FC 7CA41444 77 Bytes [ 5D, 08, 56, 57, 8B, F1, 56, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A 7CA41F80 84 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 5F 7CA41FD5 1 Byte [ 39 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 6F 7CA41FE5 53 Bytes [ 8B, F0, 8D, 7D, EC, A5, A5, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A5 7CA4201B 80 Bytes CALL 7C9F7D79 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + F6 7CA4206C 70 Bytes [ 61, 00, 6D, 00, 65, 00, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellAboutW + 3F 7CA62EAE 118 Bytes [ 6C, 00, 2C, 00, 2D, 00, 36, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellAboutA + 67 7CA62F25 70 Bytes [ 00, 90, 90, 78, 00, 70, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellAboutA + AE 7CA62F6C 31 Bytes [ 00, 00, 90, 90, 70, 00, 6F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellAboutA + CE 7CA62F8C 27 Bytes [ 32, 00, 30, 00, 32, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellAboutA + EA 7CA62FA8 3 Bytes [ 6C, 00, 6C ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellAboutA + EE 7CA62FAC 107 Bytes [ 2C, 00, 30, 00, 00, 00, 90, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHQueryRecycleBinW + 55 7CA66925 62 Bytes [ FF, FF, 15, B0, 1C, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHQueryRecycleBinA + 2 7CA66964 33 Bytes [ 15, AC, 15, 9C, 7C, 8D, 86, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHQueryRecycleBinA + 24 7CA66986 21 Bytes [ 15, 44, 19, 9F, 7C, 83, F8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHQueryRecycleBinA + 3A 7CA6699C 19 Bytes [ FF, 50, FF, 75, 14, E8, 7B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHQueryRecycleBinA + 4E 7CA669B0 2 Bytes [ 8D, 85 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHQueryRecycleBinA + 51 7CA669B3 66 Bytes [ FB, FF, FF, FF, 75, 10, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinW + 2 7CA66C63 6 Bytes [ FF, 53, E8, 3C, EE, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinW + 9 7CA66C6A 30 Bytes [ 39, B5, DC, F9, FF, FF, 74, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinW + 29 7CA66C8A 31 Bytes [ 18, 01, 00, 00, 74, 08, 39, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinW + 4A 7CA66CAB 14 Bytes CALL 7CA640C7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinW + 59 7CA66CBA 62 Bytes [ 8D, 1C, 9D, C0, 58, BD, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinA + 2E 7CA66CF9 89 Bytes [ 35, A4, F5, BC, 7C, E8, 6E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinA + 88 7CA66D53 110 Bytes [ 56, 0F, 94, C1, 56, 56, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinA + F7 7CA66DC2 55 Bytes [ FF, 0F, 94, C0, 89, 41, 18, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinA + 12F 7CA66DFA 9 Bytes [ 56, 57, 8B, 7D, 08, 89, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEmptyRecycleBinA + 139 7CA66E04 5 Bytes [ FF, 8D, 85, DC, F7 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateStdEnumFmtEtc + 18 7CA66E42 112 Bytes [ 85, C0, 0F, 84, 4A, 02, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateStdEnumFmtEtc + 89 7CA66EB3 183 Bytes [ 8D, 85, DC, F7, FF, FF, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateStdEnumFmtEtc + 141 7CA66F6B 24 Bytes [ D8, BE, 04, 01, 00, 00, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateStdEnumFmtEtc + 15A 7CA66F84 13 Bytes [ 08, FE, FF, FF, 50, 57, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateStdEnumFmtEtc + 168 7CA66F92 3 Bytes [ 32, 68, AC ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WriteCabinetState + 7E 7CA6718D 54 Bytes [ 15, 88, 1C, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WriteCabinetState + B5 7CA671C4 15 Bytes [ FF, 00, EB, 0C, FF, 15, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WriteCabinetState + C5 7CA671D4 135 Bytes [ 83, BD, BC, F7, FF, FF, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WriteCabinetState + 14D 7CA6725C 7 Bytes [ 15, 60, 1C, 9C, 7C, 57, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WriteCabinetState + 155 7CA67264 39 Bytes [ B5, D8, F7, FF, FF, 89, 85, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFreeNameMappings + 2E 7CA690F7 59 Bytes [ FF, 89, 9E, 18, 02, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFreeNameMappings + 6A 7CA69133 22 Bytes [ 07, 3B, C3, 74, 09, 50, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFreeNameMappings + 81 7CA6914A 19 Bytes [ 15, F4, 15, 9C, 7C, 89, 5E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFreeNameMappings + 95 7CA6915E 19 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFreeNameMappings + A9 7CA69172 20 Bytes [ 76, 04, 33, DB, 89, 5D, FC, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectory + 7 7CA6A8D4 1 Byte [ 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectory + 9 7CA6A8D6 18 Bytes [ 41, 56, 8B, 75, 08, 57, 6A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExA + 1 7CA6A8E9 15 Bytes CALL 7CA6A787 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExA + 11 7CA6A8F9 23 Bytes [ FF, 15, 64, 1D, 9C, 7C, 6A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExA + 29 7CA6A911 50 Bytes [ 15, DC, 1D, 9C, 7C, 5F, 5E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExA + 5D 7CA6A945 22 Bytes [ 00, 8B, 51, 34, 85, D2, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateDirectoryExA + 74 7CA6A95C 96 Bytes [ D7, FF, B6, EC, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperationW + 24 7CA70860 27 Bytes [ 00, 8B, 86, A4, 00, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperationW + 41 7CA7087D 225 Bytes [ 00, C7, 46, 3C, 01, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperationW + 123 7CA7095F 11 Bytes [ A1, 48, F5, BC, 7C, 53, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperationW + 12F 7CA7096B 8 Bytes [ FC, 8B, 45, 0C, 57, 8B, D8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperationW + 138 7CA70974 56 Bytes [ 40, 85, C0, BF, 00, 01, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperation + 4B 7CA70B6F 41 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperation + 75 7CA70B99 67 Bytes [ 85, F4, FD, FF, FF, 50, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperation + B9 7CA70BDD 56 Bytes [ FF, EB, 2B, 8B, 3D, AC, 1C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperation + F2 7CA70C16 16 Bytes [ FF, 8B, 46, 40, 85, C0, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFileOperation + 103 7CA70C27 36 Bytes [ FF, 00, 01, 00, 00, 75, 19, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLL + 3D 7CA716A5 27 Bytes JMP 7CA71315 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLL + 59 7CA716C1 88 Bytes [ 00, 50, 8D, 86, F4, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA7171A 5 Bytes [ 50, 8D, 86, F4, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLL + B9 7CA71721 91 Bytes CALL 7CA6BA0F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLLW + 20 7CA7177D 38 Bytes [ B5, 04, F9, FF, FF, E8, AD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLLW + 47 7CA717A4 29 Bytes [ 83, F8, FF, 74, 11, 8D, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA717C2 11 Bytes [ FF, 68, 04, 01, 00, 00, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA717CE 7 Bytes [ 8D, 85, B4, FD, FF, FF, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_FillCache_RunDLLW + 79 7CA717D6 108 Bytes [ 15, AC, 1C, 9C, 7C, 56, 8D, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRunControlPanel + 11 7CA72336 5 Bytes [ 5D, C2, 1C, 00, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHRunControlPanel + 1A 7CA7233F 40 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLL + 28 7CA72368 99 Bytes [ 5D, C2, 1C, 00, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLLW + 33 7CA723CC 72 Bytes [ 75, 34, 0F, B7, C0, 50, 53, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLLAsUserW + 23 7CA72415 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLLAsUserW + 41 7CA72433 67 Bytes [ 0C, 53, 8B, 5D, 08, 89, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLLAsUserW + 85 7CA72477 45 Bytes [ 85, DB, 74, 0D, 6A, 20, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLLAsUserW + B3 7CA724A5 62 Bytes [ 9C, 7C, 8B, 45, B4, 8B, 4D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Control_RunDLLAsUserW + F2 7CA724E4 25 Bytes [ D7, 66, 85, C0, 66, 89, 06, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconEx + 7 7CA72A4D 25 Bytes CALL 7CA72A4F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DuplicateIcon + 10 7CA72A67 32 Bytes [ FF, 7C, AE, 3B, 9D, F0, FD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DuplicateIcon + 31 7CA72A88 6 Bytes [ FF, 83, 20, 00, EB, 4D ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DuplicateIcon + 38 7CA72A8F 85 Bytes [ B5, E0, FD, FF, FF, 85, F6, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DuplicateIcon + 8E 7CA72AE5 25 Bytes [ 59, F7, FF, C9, C2, 10, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DuplicateIcon + A8 7CA72AFF 24 Bytes [ 04, 56, 89, 75, FC, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FreeIconList + C 7CA72B19 22 Bytes [ 89, 75, 08, FF, B6, 88, CC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FreeIconList + 23 7CA72B30 88 Bytes [ 86, 8C, CC, 9D, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoW + 1B 7CA72B89 53 Bytes [ B6, 94, CC, 9D, 7C, 57, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoW + 51 7CA72BBF 28 Bytes [ 6A, 00, FF, 75, FC, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoW + 6E 7CA72BDC 40 Bytes [ A1, 48, F5, BC, 7C, 53, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoW + 97 7CA72C05 15 Bytes CALL 7C9ED058 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoW + A7 7CA72C15 38 Bytes [ 00, 68, 01, 26, 00, 00, 53, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoA + 11 7CA73088 24 Bytes [ F3, AB, 68, 08, 02, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoA + 2A 7CA730A1 6 Bytes [ FF, 50, 8D, 85, D4, F7 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoA + 32 7CA730A9 29 Bytes CALL 7CA728BC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconResInfoA + 50 7CA730C7 49 Bytes [ FF, 50, 68, 19, 00, 02, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExW + 17 7CA730FA 23 Bytes [ FF, 15, 30, 1C, 9C, 7C, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExW + 2F 7CA73112 3 Bytes [ 4D, FC, 5F ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExW + 33 7CA73116 6 Bytes [ C6, 5E, E8, D3, 52, F7 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExW + 3A 7CA7311D 42 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExW + 65 7CA73148 3 Bytes [ 85, F4, FD ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExA + 20 7CA732CE 10 Bytes [ 75, 0C, FF, 75, 10, 53, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExA + 2D 7CA732DB 24 Bytes [ F8, 56, FF, 15, 34, 16, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExA + 48 7CA732F6 57 Bytes [ 00, 74, 16, FF, B5, EC, FD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExA + 82 7CA73330 5 Bytes [ 75, 08, E8, 1C, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconExA + 89 7CA73337 121 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconW + 10 7CA733B1 115 Bytes [ 68, 08, 02, 00, 00, 89, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconA + 26 7CA73425 8 Bytes [ 53, 8B, 5D, 10, 56, 8B, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractIconA + 2F 7CA7342E 63 Bytes [ 8B, 7D, 0C, 89, 45, FC, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListW + C 7CA7346F 10 Bytes [ 33, C0, 40, EB, 05, 83, 26, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListW + 17 7CA7347A 36 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 6C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListW + 3C 7CA7349F 36 Bytes [ 33, C0, F3, A7, 74, 1E, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!InternalExtractIconListW + 61 7CA734C4 211 Bytes [ 75, 08, 8D, 46, 04, 50, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconA + 2B 7CA73598 14 Bytes [ 40, 04, 89, 48, 10, 8B, 4D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconA + 3A 7CA735A7 26 Bytes [ 48, 0C, 89, 03, 33, C0, EB, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconA + 55 7CA735C2 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconA + 60 7CA735CD 51 Bytes [ 6A, 10, 33, C0, 33, C9, 5E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ExtractAssociatedIconA + 94 7CA73601 31 Bytes [ 55, 8B, EC, 83, EC, 34, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstA + 4 7CA736B6 53 Bytes [ D1, 0F, AF, D1, 03, D0, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstA + 3A 7CA736EC 114 Bytes [ FF, 89, 45, FC, EB, 40, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstA + AD 7CA7375F 50 Bytes [ 8D, 45, CC, 50, FF, 15, 28, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DoEnvironmentSubstA + E0 7CA73792 174 Bytes CALL CCF7F7CA
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceA + 99 7CA73841 38 Bytes [ 15, 14, 11, 9C, 7C, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceA + C1 7CA73869 2 Bytes [ 48, 11 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceA + C6 7CA7386E 37 Bytes [ 3D, 4C, 12, 9C, 7C, 50, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceA + EC 7CA73894 43 Bytes [ D3, 8B, D8, 53, FF, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDiskFreeSpaceA + 118 7CA738C0 37 Bytes [ 38, 8B, 45, 1C, FF, 30, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHHelpShortcuts_RunDLLW + B 7CA739DD 36 Bytes [ 75, F4, 48, 50, FF, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHObjectProperties + 20 7CA73A02 26 Bytes [ FF, 75, FC, FF, 75, F8, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHObjectProperties + 3B 7CA73A1D 13 Bytes [ 15, 40, 12, 9C, 7C, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHObjectProperties + 83 7CA73A65 25 Bytes [ 0C, FF, 15, 48, 1E, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHObjectProperties + 9D 7CA73A7F 10 Bytes [ 8B, 35, 54, 12, 9C, 7C, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHObjectProperties + AA 7CA73A8C 39 Bytes [ FF, D6, 8B, C7, 5F, 5E, C9, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellMessageBoxA + 2 7CA73E03 17 Bytes [ FF, 66, 89, 01, C7, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellMessageBoxA + 15 7CA73E16 24 Bytes [ 66, 39, 5D, 10, 0F, 85, 1C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellMessageBoxA + 2E 7CA73E2F 37 Bytes [ FF, D7, 83, F8, 04, 0F, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellMessageBoxA + 54 7CA73E55 56 Bytes [ FF, 6B, C0, 0E, 83, C0, 06, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellMessageBoxA + 8E 7CA73E8F 1 Byte [ 66 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushClipboard + D 7CA73EDC 21 Bytes [ FF, FF, 15, F0, 14, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushClipboard + 23 7CA73EF2 10 Bytes [ 8B, BD, D8, FD, FF, FF, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushClipboard + 2E 7CA73EFD 11 Bytes [ FF, 8B, 95, D8, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushClipboard + 3A 7CA73F09 36 Bytes [ FF, 0E, 8D, B5, E4, FD, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFlushClipboard + 5F 7CA73F2E 13 Bytes [ 89, 85, DC, FD, FF, FF, 72, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowA + 38 7CA74BB9 7 Bytes [ 75, 08, 89, 5D, D8, FF, D6 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowA + 40 7CA74BC1 42 Bytes [ 75, 08, FF, 15, 54, 1E, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowA + 6B 7CA74BEC 118 Bytes [ 75, 08, FF, 15, B8, 1D, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowA + E2 7CA74C63 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathIsSlowA + E9 7CA74C6A 58 Bytes [ 55, 8B, EC, FF, 75, 0C, 6A, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathGetShortPath + 2 7CA74F80 33 Bytes [ 8B, 45, 08, 8B, 00, 3B, C3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathGetShortPath + 24 7CA74FA2 38 Bytes [ 75, 10, 8B, 7D, 0C, 68, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathGetShortPath + 4B 7CA74FC9 55 Bytes [ DE, 1B, F6, 46, 5F, 8B, C6, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathGetShortPath + 83 7CA75001 31 Bytes [ 85, C0, 74, 16, FF, 75, 18, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathGetShortPath + A3 7CA75021 56 Bytes [ F6, 7D, 07, 57, FF, 15, 20, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDriveA + 24 7CA7511E 28 Bytes [ 8D, 45, EC, 50, FF, 15, 38, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!IsLFNDriveA + 41 7CA7513B 18 Bytes [ 55, 8B, EC, 81, EC, 14, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathQualify + B 7CA7514F 40 Bytes [ 10, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathQualify + 34 7CA75178 44 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathQualify + 61 7CA751A5 50 Bytes [ FF, A1, A4, 5D, BD, 7C, 3B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathQualify + 95 7CA751D9 10 Bytes [ 04, 00, 00, 00, 89, 9D, 54, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathQualify + A0 7CA751E4 22 Bytes [ D7, 85, C0, 75, 14, 83, BD, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathMakeUniqueName + 12 7CA7553E 19 Bytes [ 08, 68, 98, 45, A7, 7C, 68, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathMakeUniqueName + 26 7CA75552 7 Bytes [ FF, 85, C0, 75, 29, 68, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathMakeUniqueName + 2E 7CA7555A 29 Bytes CALL 7C9ED057 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathMakeUniqueName + 4C 7CA75578 2 Bytes [ E2, F9 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PathMakeUniqueName + 4F 7CA7557B 42 Bytes [ FF, 85, C0, 75, 04, 33, C0, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PickIconDlg + 19 7CA763E0 29 Bytes [ 7D, 08, 89, 95, E0, FB, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PickIconDlg + 37 7CA763FE 7 Bytes [ 45, 0C, 8B, BD, D4, FB, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PickIconDlg + 3F 7CA76406 4 Bytes [ 8B, 9D, D0, FB ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PickIconDlg + 44 7CA7640B 10 Bytes [ FF, 03, C0, 89, 85, C8, FB, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PickIconDlg + 4F 7CA76416 17 Bytes [ B5, DC, FB, FF, FF, 2B, C7, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHInvokePrinterCommandA + 5B 7CA77241 10 Bytes [ 15, 98, 1D, 9C, 7C, E9, E1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHInvokePrinterCommandA + 66 7CA7724C 58 Bytes [ 35, 50, 1D, 9C, 7C, 6A, 0B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHInvokePrinterCommandA + A1 7CA77287 18 Bytes [ 15, 30, 11, 9C, 7C, 33, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHInvokePrinterCommandA + B4 7CA7729A 8 Bytes [ 76, 18, FF, 15, 2C, 11, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHInvokePrinterCommandA + BD 7CA772A3 247 Bytes CALL 7CA1BEDE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PrintersGetCommand_RunDLL + 28 7CA7739B 168 Bytes [ 56, 89, 07, FF, 15, 34, 16, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA77444 2 Bytes [ 75, 10 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PrintersGetCommand_RunDLLW + 4F 7CA77447 3 Bytes [ 45, F4, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PrintersGetCommand_RunDLLW + 53 7CA7744B 8 Bytes [ 75, F8, FF, 75, FC, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PrintersGetCommand_RunDLLW + 5C 7CA77454 8 Bytes [ 75, 08, FF, 75, 18, FF, 55, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PrintersGetCommand_RunDLLW + 66 7CA7745E 64 Bytes [ 75, 2E, FF, D3, 83, F8, 7A, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAddFromPropSheetExtArray + 2 7CA77818 109 Bytes [ 3C, 00, 00, 00, C7, 85, 54, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHReplaceFromPropSheetExtArray + 18 7CA77886 74 Bytes [ F8, FF, 15, 00, 10, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHReplaceFromPropSheetExtArray + 63 7CA778D1 78 Bytes [ 80, 00, 00, 56, 89, 85, E4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHReplaceFromPropSheetExtArray + B2 7CA77920 7 Bytes [ C7, 74, 38, 66, 39, 38, 74 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHReplaceFromPropSheetExtArray + BA 7CA77928 79 Bytes CALL 7CA349D3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHReplaceFromPropSheetExtArray + 10B 7CA77979 5 Bytes [ 50, E8, D0, 73, 04 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreatePropSheetExtArray + 20 7CA77A66 95 Bytes [ D6, 8D, 44, 00, 02, 01, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreatePropSheetExtArray + 80 7CA77AC6 14 Bytes [ C6, 5B, 5F, 5E, C9, C2, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreatePropSheetExtArray + 8F 7CA77AD5 104 Bytes [ 55, 8B, EC, 6A, 00, 68, 4F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreatePropSheetExtArray + F8 7CA77B3E 70 Bytes [ 55, 8B, EC, 81, EC, 3C, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreatePropSheetExtArray + 13F 7CA77B85 21 Bytes [ FF, FF, D7, 8D, 85, EC, FB, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryPoint + 1E 7CA77BD9 69 Bytes [ 34, 16, 9C, 7C, EB, 0C, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragFinish + 7 7CA77C1F 56 Bytes [ 50, 8D, 85, EC, FB, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFile + 2F 7CA77C58 43 Bytes [ 50, 56, 8D, 85, DC, F7, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFile + 5B 7CA77C84 17 Bytes [ B5, C8, F7, FF, FF, E8, 14, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFile + 6D 7CA77C96 18 Bytes [ 8D, 85, D4, F7, FF, FF, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFile + 80 7CA77CA9 52 Bytes [ 8B, 85, D4, F7, FF, FF, 3B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DragQueryFile + B5 7CA77CDE 9 Bytes [ 74, 31, FF, 75, 10, 8D, 85, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialogEx + 2D 7CA783C5 17 Bytes [ 7E, 11, FF, 75, 14, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialogEx + 3F 7CA783D7 44 Bytes [ FF, FF, 75, FC, FF, 15, 34, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialogEx + 6D 7CA78405 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialogEx + 93 7CA7842B 11 Bytes [ 59, 89, 85, A4, FB, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialogEx + 9F 7CA78437 28 Bytes CALL 06A78437
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialog + 7 7CA78C8C 13 Bytes [ 75, 11, 53, C7, 05, 58, 59, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialog + 15 7CA78C9A 29 Bytes [ 15, 48, 14, 9C, 7C, 57, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialog + 33 7CA78CB8 21 Bytes [ 15, 08, 16, 9C, 7C, C3, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialog + 49 7CA78CCE 8 Bytes [ A1, 48, F5, BC, 7C, 89, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RestartDialog + 52 7CA78CD7 22 Bytes [ 45, 08, 89, 85, 34, FD, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHOpenPropSheetW + A 7CA7964B 123 Bytes [ FF, 15, 78, 1D, 9C, 7C, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHOpenPropSheetW + 86 7CA796C7 18 Bytes [ 6A, 01, 68, 10, F0, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHOpenPropSheetW + 9B 7CA796DC 50 Bytes [ 8B, 75, 10, 83, E6, F0, 81, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHOpenPropSheetW + CE 7CA7970F 59 Bytes [ 35, A4, F5, BC, 7C, 89, 35, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHOpenPropSheetW + 10A 7CA7974B 74 Bytes [ 14, 56, FF, 75, 08, C7, 05, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesW + 85 7CA7B32D 9 Bytes [ 75, 10, 74, 11, 56, 68, 58, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesW + 8F 7CA7B337 8 Bytes [ 8D, 8D, 44, F9, FF, FF, 51, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesW + 98 7CA7B340 66 Bytes [ 50, 10, 53, FF, 15, 08, 16, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesA + 32 7CA7B383 30 Bytes [ FF, 15, 40, 1C, 9C, 7C, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesA + 51 7CA7B3A2 57 Bytes [ 55, 8B, EC, 51, 51, E8, 24, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesA + 8B 7CA7B3DC 100 Bytes [ 15, 04, 16, 9C, 7C, 8D, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CheckEscapesA + F0 7CA7B441 92 Bytes [ 8D, B7, BC, 00, 00, 00, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrCpyNA + 17 7CA7B49E 89 Bytes [ D6, 85, C0, 5E, 74, 0F, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpW + 36 7CA7B4F9 27 Bytes [ F7, D8, 1B, C0, 23, 45, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpW + 52 7CA7B515 53 Bytes [ 65, FC, 00, 56, 8B, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpA + 2 7CA7B54B 105 Bytes CALL 7CB9E284 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpA + 6C 7CA7B5B5 4 Bytes [ 35, A4, F5, BC ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpA + 71 7CA7B5BA 163 Bytes [ FF, 15, 54, 1D, 9C, 7C, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpIA + 30 7CA7B65E 26 Bytes [ 85, C0, 0F, 85, 6E, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpIA + 4B 7CA7B679 26 Bytes [ FF, 36, FF, 15, 34, 16, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCmpIA + 66 7CA7B694 145 Bytes [ 55, 8B, EC, 81, EC, CC, 05, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrNCpyA + 35 7CA7B726 30 Bytes [ 50, 68, A4, 52, 9C, 7C, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrRStrW + 4 7CA7B745 54 Bytes [ 85, 4C, FA, FF, FF, 0F, B7, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrRStrW + 3B 7CA7B77C 360 Bytes [ FF, 50, 68, 53, 33, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetPathOffsetW + 75 7CA7B8E5 6 Bytes [ 00, 8D, 85, 50, FA, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirW + 2 7CA7B8EC 35 Bytes [ 50, 53, 68, 80, 01, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirW + 26 7CA7B910 15 Bytes [ 83, A5, 4C, FA, FF, FF, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirW + 36 7CA7B920 49 Bytes [ 00, 0F, 8E, 9A, 00, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirW + 68 7CA7B952 5 Bytes [ 00, E8, 1D, 32, F9 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirW + 6E 7CA7B958 30 Bytes [ 8B, 9D, 34, FA, FF, FF, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirA + 29 7CA7B9B5 150 Bytes [ 3B, 86, B8, 00, 00, 00, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirW + 56 7CA7BA4C 84 Bytes [ 40, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirW + AB 7CA7BAA1 5 Bytes [ 56, E8, C2, F9, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirW + B1 7CA7BAA7 34 Bytes [ EB, 53, 57, 8B, 7D, 14, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirW + D4 7CA7BACA 19 Bytes [ 15, 70, 1E, 9C, 7C, EB, 2B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirW + E8 7CA7BADE 11 Bytes [ 70, 0C, EB, E7, 8B, 4D, 14, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirA + A 7CA7BBE4 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirA + 2D 7CA7BC07 11 Bytes [ 00, 00, 04, 89, 45, FC, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirA + 39 7CA7BC13 45 Bytes [ C0, 0F, 85, CF, 00, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetCurDrive + E 7CA7BC41 82 Bytes [ BC, FE, FF, FF, 89, 85, C4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheSetCurDrive + 3B 7CA7BC94 12 Bytes [ 15, B0, 1C, 9C, 7C, EB, 06, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheSetCurDrive + 48 7CA7BCA1 74 Bytes [ 80, 8D, B9, FE, FF, FF, 40, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathA + 42 7CA7BCEC 2 Bytes [ 07, 80 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathA + 45 7CA7BCEF 59 Bytes [ 4D, FC, 5F, 5E, 5B, E8, F7, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathA + 81 7CA7BD2B 43 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathA + AD 7CA7BD57 81 Bytes [ 00, 00, 48, C7, 85, A0, FD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathW + 4D 7CA7BDA9 38 Bytes [ 35, A4, F5, BC, 7C, FF, 15, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathW + 74 7CA7BDD0 32 Bytes [ 8B, D8, 85, DB, 74, 15, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathW + 95 7CA7BDF1 10 Bytes CALL 7C9EBAEC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheFullPathW + A0 7CA7BDFC 114 Bytes [ 8B, 4D, FC, 5E, 5B, E8, EA, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirExW + 5B 7CA7BE6F 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirExW + 62 7CA7BE76 48 Bytes [ 55, 8B, EC, 81, EC, 1C, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirExW + 93 7CA7BEA7 4 Bytes [ C7, 85, E8, FB ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirExW + 98 7CA7BEAC 23 Bytes [ FF, 02, 00, 00, 00, 50, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheGetDirExW + B0 7CA7BEC4 9 Bytes [ 68, 08, 02, 00, 00, 50, E8, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExW + 33 7CA7BF44 41 Bytes [ 8B, 4D, FC, 8B, 85, E8, FB, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExW + 5D 7CA7BF6E 21 Bytes [ 4D, 14, 53, 8B, 5D, 08, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExW + 73 7CA7BF84 52 Bytes [ FF, 89, 85, 40, F7, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExW + A8 7CA7BFB9 7 Bytes [ 00, 00, 8D, 85, 38, F7, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExW + B0 7CA7BFC1 55 Bytes [ 50, 8D, 85, 44, F7, FF, FF, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExA + 1F 7CA7C1B4 196 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExA + E5 7CA7C27A 17 Bytes [ 0C, 8B, 45, 08, 83, C0, 10, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExA + FA 7CA7C28F 25 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExA + 114 7CA7C2A9 36 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheChangeDirExA + 139 7CA7C2CE 59 Bytes CALL BDB436F6
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RegenerateUserEnvironment + 1B 7CA7D301 3 Bytes [ 85, F0, EF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RegenerateUserEnvironment + 20 7CA7D306 5 Bytes [ 50, 8D, 85, E8, EF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RegenerateUserEnvironment + 26 7CA7D30C 9 Bytes [ FF, 50, FF, 36, 66, 89, BD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RegenerateUserEnvironment + 30 7CA7D316 10 Bytes [ FF, 66, C7, 85, F2, EF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RegenerateUserEnvironment + 3B 7CA7D321 5 Bytes [ 15, 10, 17, 9C, 7C ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_CloseProperties + 11 7CA82AE5 1 Byte [ C0 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_CloseProperties + 13 7CA82AE7 77 Bytes [ 07, 66, 83, 4E, 02, FF, EB, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_CloseProperties + 61 7CA82B35 50 Bytes [ 50, 6A, 40, 8D, 85, 64, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_CloseProperties + 94 7CA82B68 71 Bytes [ 85, 54, FF, FF, FF, FF, 48, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_CloseProperties + DC 7CA82BB0 100 Bytes [ A8, FD, FF, FF, 8B, 45, 18, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_GetProperties + 18 7CA83208 11 Bytes CALL 7C9E83ED C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_GetProperties + 24 7CA83214 22 Bytes [ 90, 90, 90, 90, 90, E8, BB, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_GetProperties + 3B 7CA8322B 15 Bytes [ FF, 55, 8B, EC, 68, 00, 20, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_GetProperties + 4B 7CA8323B 71 Bytes CALL 7CA2BFF1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_GetProperties + 93 7CA83283 78 Bytes [ 00, 74, 04, 33, C0, EB, 2C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_SetProperties + 43 7CA83AB2 46 Bytes [ 00, 75, 07, A1, 44, B1, BD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_SetProperties + 72 7CA83AE1 11 Bytes [ FF, 8B, F0, 85, F6, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_SetProperties + 7E 7CA83AED 10 Bytes [ 00, 00, 00, 8B, 4D, 0C, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_SetProperties + 8C 7CA83AFB 62 Bytes [ 40, 8B, 46, 10, A8, 01, 74, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_SetProperties + CB 7CA83B3A 22 Bytes [ 8B, 46, 40, 83, F8, FF, 74, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_OpenProperties + FB 7CA84068 31 Bytes [ DD, 9D, 7C, FF, 15, 2C, 14, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_OpenProperties + 11B 7CA84088 38 Bytes [ 15, 14, 1C, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_OpenProperties + 143 7CA840B0 34 Bytes [ C9, C3, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_OpenProperties + 166 7CA840D3 11 Bytes [ 51, 8D, 8D, EC, FB, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!PifMgr_OpenProperties + 172 7CA840DF 18 Bytes [ 00, 53, 33, FF, 89, 45, FC, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheRemoveQuotesW + 6 7CA8BF81 81 Bytes [ 4D, B8, 8B, 40, 04, C1, E9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheRemoveQuotesA + 1C 7CA8BFD3 9 Bytes [ 75, B0, 89, 75, B4, FF, D3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheRemoveQuotesA + 26 7CA8BFDD 84 Bytes [ 21, 8B, 45, AC, 8B, 48, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheRemoveQuotesA + 7B 7CA8C032 96 Bytes [ 89, 48, 22, 8D, 45, B4, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathW + 25 7CA8C093 35 Bytes [ 75, B0, C7, 45, B4, 40, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathW + 49 7CA8C0B7 27 Bytes [ 83, 60, 02, 00, 6A, 04, 5E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathW + 65 7CA8C0D3 7 Bytes [ 75, B4, FF, D3, 85, C0, 75 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathW + 6D 7CA8C0DB 28 Bytes [ 8B, 45, AC, 8B, 40, 04, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathW + 8A 7CA8C0F8 143 Bytes [ B0, 89, 75, B4, FF, D3, 85, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathA + 3B 7CA8C25C 61 Bytes [ 75, B4, FF, D6, 83, 65, AC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathA + 79 7CA8C29A 135 Bytes [ 75, B4, FF, D6, 01, 5D, A8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathA + 101 7CA8C322 7 Bytes [ D6, 8B, 47, 04, 0F, B7, 48 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathA + 109 7CA8C32A 22 Bytes [ 0F, B7, 40, 10, 53, C1, E1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheShortenPathA + 120 7CA8C341 2 Bytes [ 75, B4 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheConvertPathW + 16 7CA8C5EC 17 Bytes [ 00, 80, 80, 80, 00, 8B, 42, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheConvertPathW + 28 7CA8C5FE 128 Bytes [ 8B, 42, 04, C7, 80, B4, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheConvertPathW + A9 7CA8C67F 9 Bytes [ EC, 20, FF, 75, 0C, 8D, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheConvertPathW + B4 7CA8C68A 2 Bytes [ 14, 17 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SheConvertPathW + B9 7CA8C68F 61 Bytes [ 45, 08, 83, 65, F0, 00, 83, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLL 7CA8E029 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLL + 4 7CA8E02D 28 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLL + 21 7CA8E04A 9 Bytes [ 74, 6C, 83, F8, FC, 74, 0E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLL + 2B 7CA8E054 20 Bytes [ 74, 37, 83, F8, FE, 0F, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLL + 40 7CA8E069 28 Bytes [ 15, 9C, 1A, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLLW + 2 7CA8E0E5 70 Bytes [ 15, E0, 1D, 9C, 7C, EB, 0E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLLW + 49 7CA8E12C 20 Bytes [ 76, 10, FF, 15, 68, 1D, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLLW + 5E 7CA8E141 93 Bytes [ BB, 09, 35, 00, 00, 74, 1C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLLW + BC 7CA8E19F 1 Byte [ 55 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!OpenAs_RunDLLW + BE 7CA8E1A1 46 Bytes [ EC, 83, EC, 30, 53, 56, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Activate_RunDLL + 1B 7CA8F0AF 29 Bytes [ FF, 07, 00, 00, 00, E8, 21, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Activate_RunDLL + 39 7CA8F0CD 39 Bytes [ 15, 28, F2, BB, 7C, 8B, 4D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Activate_RunDLL + 61 7CA8F0F5 6 Bytes [ 5D, 08, 56, 8B, 75, 10 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Activate_RunDLL + 68 7CA8F0FC 2 Bytes [ 89, 45 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Activate_RunDLL + 6B 7CA8F0FF 10 Bytes CALL 7C9F07DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CA9217E 75 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHIsFileAvailableOffline + 9A 7CA921CA 32 Bytes CALL 7C9EB8E6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHIsFileAvailableOffline + BB 7CA921EB 26 Bytes [ FC, FF, FF, 6A, 00, 56, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHIsFileAvailableOffline + D6 7CA92206 16 Bytes CALL 7CA91E32 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHIsFileAvailableOffline + E7 7CA92217 147 Bytes [ 15, 34, 16, 9C, 7C, 33, C0, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 2F 7CA92549 83 Bytes CALL 7CA92486 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 83 7CA9259D 62 Bytes [ 00, 00, 00, B6, 63, A9, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C3 7CA925DD 6 Bytes [ 75, 08, E8, A4, 06, F8 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEnumerateUnreadMailAccountsW + CA 7CA925E4 49 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEnumerateUnreadMailAccountsW + FC 7CA92616 41 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetAttributesFromDataObject + C8 7CA92A59 63 Bytes [ 74, 0C, FF, B5, B0, FB, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetAttributesFromDataObject + 109 7CA92A9A 24 Bytes [ 18, FF, 75, 14, FF, 75, 10, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetAttributesFromDataObject + 122 7CA92AB3 23 Bytes [ 74, 07, 6A, 00, FF, 75, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetAttributesFromDataObject + 13A 7CA92ACB 52 Bytes [ 55, 8B, EC, 56, FF, 75, 1C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetAttributesFromDataObject + 16F 7CA92B00 61 Bytes [ 8B, D8, 0F, B7, 05, C0, F9, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteA + B4 7CA94AA0 17 Bytes CALL 7C9F9E2C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteA + C8 7CA94AB4 40 Bytes [ 05, BF, 00, 00, 40, 00, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteA + F1 7CA94ADD 11 Bytes [ 3B, C6, 8B, 5D, 10, 89, 03, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteA + FD 7CA94AE9 89 Bytes [ 00, 6A, 13, 56, 56, 56, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPathPrepareForWriteA + 157 7CA94B43 49 Bytes [ FF, D6, 85, C0, 74, 4F, 68, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetUnreadMailCountW + 2 7CA94D0A 56 Bytes CALL 7CA2D8CA C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetUnreadMailCountW + 3B 7CA94D43 4 Bytes [ FF, BE, 00, 04 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetUnreadMailCountW + 41 7CA94D49 2 Bytes [ 0F, 84 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetUnreadMailCountW + 44 7CA94D4C 82 Bytes [ 01, 00, 00, 85, C0, 75, 03, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetUnreadMailCountW + 97 7CA94D9F 6 Bytes [ 45, BC, 50, 6A, 12, 56 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetUnreadMailCountW + 2C 7CA94F48 32 Bytes [ 8B, 0F, 80, E1, 01, F6, D9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetUnreadMailCountW + 4D 7CA94F69 6 Bytes [ 68, 74, 96, 9C, 7C, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetUnreadMailCountW + 54 7CA94F70 53 Bytes [ D6, 8B, 07, 83, E0, 10, C1, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetUnreadMailCountW + 8B 7CA94FA7 93 Bytes [ FF, 75, FC, FF, D6, 8B, 07, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHSetUnreadMailCountW + E9 7CA95005 99 Bytes [ 75, FC, FF, D6, 8B, 07, 25, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetShellStyleHInstance + 1 7CA953A5 49 Bytes [ 85, F0, FD, FF, FF, 5F, 5E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetShellStyleHInstance + 33 7CA953D7 42 Bytes [ 8B, 45, 14, 53, 8B, 5D, 10, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetShellStyleHInstance + 5E 7CA95402 2 Bytes [ FF, 15 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetShellStyleHInstance + 61 7CA95405 15 Bytes [ 1C, 9C, 7C, 33, FF, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetShellStyleHInstance + 71 7CA95415 21 Bytes [ 85, EC, FD, FF, FF, 89, BD, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFormatDrive + 27 7CA982DC 2 Bytes [ 76, 30 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFormatDrive + 2A 7CA982DF 24 Bytes [ D7, 50, FF, D3, 6A, 01, 6A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFormatDrive + 43 7CA982F8 23 Bytes [ 00, FF, 76, 30, FF, D7, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFormatDrive + 5B 7CA98310 20 Bytes [ 5E, 5B, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFormatDrive + 70 7CA98325 3 Bytes [ 00, A1, 48 ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!AppCompat_RunDLLW + 2 7CA98A01 7 Bytes [ FF, 50, 53, 68, 43, 01, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!AppCompat_RunDLLW + A 7CA98A09 35 Bytes [ FF, B5, DC, FD, FF, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!AppCompat_RunDLLW + 2F 7CA98A2E 1 Byte [ FC ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!AppCompat_RunDLLW + 34 7CA98A33 11 Bytes [ 7C, 13, FF, B5, D4, FD, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!AppCompat_RunDLLW + 42 7CA98A41 7 Bytes CALL 7CA919D7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CDefFolderMenu_Create2 + 37 7CA9A228 23 Bytes [ 55, 8B, EC, 51, 51, 53, 56, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CDefFolderMenu_Create2 + 4F 7CA9A240 5 Bytes [ 1D, 94, 1D, 9C, 7C ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CDefFolderMenu_Create2 + 55 7CA9A246 86 Bytes [ FF, D3, 8B, CE, 89, 45, F8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CDefFolderMenu_Create2 + AC 7CA9A29D 79 Bytes CALL 7CA92AC7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CDefFolderMenu_Create2 + FC 7CA9A2ED 33 Bytes [ F0, 85, F6, 7C, 14, 8B, 45, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_AutoScroll + 17 7CAA54DD 29 Bytes [ 85, C0, 74, 14, 81, 78, 04, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_AutoScroll + 35 7CAA54FB 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_AutoScroll + 3C 7CAA5502 30 Bytes [ 55, 8B, EC, 53, 56, 8B, 35, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_AutoScroll + 5B 7CAA5521 142 Bytes [ 00, 57, FF, D6, 53, 68, 2E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_AutoScroll + EA 7CAA55B0 66 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_DragEnterEx + 3 7CAAE9AB 122 Bytes [ F8, D1, F8, 03, D1, 3B, D3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_DragMove + 25 7CAAEA26 68 Bytes [ 03, 57, 57, 57, 57, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_SetDragImage + 2A 7CAAEA6B 52 Bytes [ 75, F8, FF, 75, 0C, FF, D3, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_SetDragImage + 5F 7CAAEAA0 24 Bytes CALL 7CA760A4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_SetDragImage + 78 7CAAEAB9 11 Bytes [ 75, F4, FF, 15, 58, 12, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_SetDragImage + 84 7CAAEAC5 64 Bytes [ 15, 54, 12, 9C, 7C, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_DragLeave + 2A 7CAAEB06 21 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_DragLeave + 40 7CAAEB1C 13 Bytes CALL 7CAAE92A C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DAD_DragLeave + 4E 7CAAEB2A 146 Bytes [ FF, 75, 10, FF, 76, 50, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDoDragDrop + 80 7CAAEBBD 77 Bytes [ EB, 4B, 39, 44, BB, 58, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDoDragDrop + CE 7CAAEC0B 20 Bytes [ 44, BB, 58, 5F, 5B, 5D, C2, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDoDragDrop + E3 7CAAEC20 85 Bytes [ 14, 83, 65, EC, 00, 56, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDoDragDrop + 139 7CAAEC76 53 Bytes [ D6, 8B, C7, 5F, 5E, C9, C2, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDoDragDrop + 16F 7CAAECAC 10 Bytes [ 89, 5D, FC, 75, 6A, 57, E8, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllInstall + 46 7CAB1B72 48 Bytes [ 50, FF, D6, 83, C4, 10, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllInstall + 77 7CAB1BA3 13 Bytes [ 15, 10, 10, 9C, 7C, 8B, F8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllInstall + 86 7CAB1BB2 47 Bytes [ FF, FF, B5, B8, FE, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllInstall + B6 7CAB1BE2 27 Bytes [ 90, 90, 40, 00, 78, 00, 70, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!DllInstall + D2 7CAB1BFE 97 Bytes [ 2C, 00, 2D, 00, 25, 00, 64, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconA + 1D 7CAB4BF3 27 Bytes [ 00, 50, 8D, 46, 38, 50, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconA + 39 7CAB4C0F 28 Bytes [ 85, C0, 74, 07, 8B, CF, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconA + 56 7CAB4C2C 43 Bytes [ 5F, 83, 7D, 0C, 05, 75, 0B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconA + 82 7CAB4C58 18 Bytes CALL 7C9EB04B C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHDefExtractIconA + 95 7CAB4C6B 118 Bytes [ 75, 1A, FF, 75, 14, C7, 46, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHValidateUNC + 3C 7CAB51DC 6 Bytes [ FF, 74, 0D, 81, F9, 38 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHValidateUNC + 43 7CAB51E3 1 Byte [ FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHValidateUNC + 45 7CAB51E5 12 Bytes JMP 7CAB52E3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHValidateUNC + 52 7CAB51F2 21 Bytes [ 85, C0, 0F, 85, EB, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHValidateUNC + 69 7CAB5209 63 Bytes CALL 7CAB3974 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SignalFileOpen + C 7CAB595C 30 Bytes [ 55, 8B, EC, 81, EC, AC, 03, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SignalFileOpen + 2B 7CAB597B 74 Bytes [ 15, 5C, 1C, 9C, 7C, 8B, F0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SignalFileOpen + 76 7CAB59C6 3 Bytes [ 50, FC, 9D ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SignalFileOpen + 7A 7CAB59CA 37 Bytes [ 8D, 85, 5C, FC, FF, FF, 50, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SignalFileOpen + A0 7CAB59F0 11 Bytes [ 10, 9C, 7C, 89, 9D, 58, FC, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteExW + 75 7CAB5B56 10 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteExW + 80 7CAB5B61 15 Bytes [ C0, 7C, 4F, 8D, 85, 54, FC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteExW + 90 7CAB5B71 11 Bytes [ 50, 6A, 00, 6A, 02, 6A, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteExW + 9C 7CAB5B7D 23 Bytes [ FF, 50, 53, FF, 15, 70, 1B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteA + B 7CAB5B95 11 Bytes [ 50, FF, 15, 28, 1C, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteA + 17 7CAB5BA1 17 Bytes [ B6, 4C, FB, 9D, 7C, 8D, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteA + 29 7CAB5BB3 11 Bytes [ 83, C6, 08, 83, FE, 50, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!RealShellExecuteW + 2 7CAB5BBF 145 Bytes CALL 7CA03717 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteW + 61 7CAB5C51 115 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteW + D5 7CAB5CC5 205 Bytes [ 89, 45, 10, 75, 61, 6A, 20, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteW + 1A3 7CAB5D93 28 Bytes [ 75, 0C, FF, 15, 3C, 1C, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteW + 1C0 7CAB5DB0 26 Bytes [ A1, 48, F5, BC, 7C, 56, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExecuteW + 1DB 7CAB5DCB 18 Bytes CALL 7CA04965 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!GetFileNameFromBrowse + 18 7CAB72BB 5 Bytes [ 89, 9D, 0C, F1, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!GetFileNameFromBrowse + 1E 7CAB72C1 5 Bytes [ 89, B5, D8, F0, FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!GetFileNameFromBrowse + 24 7CAB72C7 86 Bytes [ 89, 9D, DC, F0, FF, FF, 89, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!GetFileNameFromBrowse + 7C 7CAB731F 26 Bytes [ 8B, 08, 50, FF, 51, 0C, 68, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!GetFileNameFromBrowse + 97 7CAB733A 22 Bytes [ 5A, 17, 00, 00, 50, FF, 35, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILAppendID + 12 7CAB7693 35 Bytes [ FF, FF, 15, 40, 19, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILAppendID + 37 7CAB76B8 100 Bytes [ 0F, 84, 78, 04, 00, 00, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILAppendID + 9C 7CAB771D 10 Bytes CALL 7CAB6E74 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILAppendID + A7 7CAB7728 91 Bytes [ FF, 50, 8D, 85, EC, FB, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILAppendID + 103 7CAB7784 4 Bytes [ 15, 54, 1D, 9C ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPathA + 2 7CAB78E2 29 Bytes [ FF, C7, 04, 07, 80, 75, 5F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPathA + 20 7CAB7900 3 Bytes [ B5, 58, F1 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPathA + 24 7CAB7904 24 Bytes [ FF, 01, 85, 4C, F1, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPathA + 3D 7CAB791D 12 Bytes [ 8B, 01, FF, B5, 4C, F1, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ILCreateFromPathA + 4A 7CAB792A 55 Bytes [ 85, 44, F1, FF, FF, 8B, 08, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirA + 6B 7CAB9A8F 26 Bytes [ 8B, 45, E4, 2B, 45, EC, 33, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirA + 86 7CAB9AAA 78 Bytes [ 08, 8B, 45, D8, 33, D2, 39, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirA + D5 7CAB9AF9 4 Bytes [ 00, FF, 76, 18 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirA + DA 7CAB9AFE 60 Bytes [ 15, 34, 1E, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetFolderPathAndSubDirA + 117 7CAB9B3B 27 Bytes [ D3, 8B, 3D, A4, 1D, 9C, 7C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHHandleUpdateImage + 2 7CABAD48 27 Bytes CALL 7CABAD48 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHHandleUpdateImage + 1E 7CABAD64 2 Bytes [ FF, 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHHandleUpdateImage + 22 7CABAD68 2 Bytes [ 30, 16 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHHandleUpdateImage + 26 7CABAD6C 32 Bytes [ 8D, 44, 00, 02, 50, 8D, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHHandleUpdateImage + 47 7CABAD8D 35 Bytes [ B5, E4, FB, FF, FF, FF, 15, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifySuspendResume + 2 7CABB30F 61 Bytes CALL 7CABA7E1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifySuspendResume + 40 7CABB34D 24 Bytes [ 39, 8D, 85, EC, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifySuspendResume + 59 7CABB366 12 Bytes [ B5, EC, FD, FF, FF, E8, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHChangeNotifySuspendResume + 66 7CABB373 164 Bytes [ 76, 08, FF, B5, F0, FD, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageW + 2A 7CABB418 19 Bytes [ 8D, 47, F0, 50, 6A, 00, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageW + 3E 7CABB42C 18 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageW + 51 7CABB43F 14 Bytes [ 75, 10, 68, 7C, 01, 9E, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageW + 60 7CABB44E 63 Bytes [ 75, 10, FF, 77, F8, 53, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageW + A0 7CABB48E 28 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageA + 3F 7CABB56C 112 Bytes [ 3D, 68, 1C, 9C, 7C, BE, 98, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageA + B0 7CABB5DD 110 Bytes [ 00, 00, FF, B5, EC, FD, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageA + 11F 7CABB64C 83 Bytes [ FF, 85, C0, 75, 13, FF, B5, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageA + 174 7CABB6A1 21 Bytes [ 00, 00, 83, C6, 1C, 83, BD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHUpdateImageA + 18A 7CABB6B7 2 Bytes [ 4D, FC ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListA + 2 7CAC23E2 18 Bytes [ 36, FF, 15, A4, F6, 9E, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListA + 16 7CAC23F6 85 Bytes [ EB, C4, C7, 45, FC, 0E, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListA + 6C 7CAC244C 148 Bytes [ 75, 08, FF, 75, FC, E8, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListA + 101 7CAC24E1 6 Bytes [ 00, 00, 8B, C3, 83, E8 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetDataFromIDListA + 108 7CAC24E8 62 Bytes [ 74, 08, 2B, C1, 0F, 85, 0F, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfo + 79 7CAC26D8 23 Bytes [ 51, 0C, 8B, D8, 3B, DE, 0F, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfo + 91 7CAC26F0 107 Bytes [ 75, 0C, FF, 15, 3C, 1A, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfo + FD 7CAC275C 6 Bytes JMP 7CAC2852 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfo + 104 7CAC2763 61 Bytes [ 34, 8D, 60, F0, A5, 7C, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetNewLinkInfo + 142 7CAC27A1 8 Bytes [ F9, 0A, 0F, 8C, A9, 00, 00, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHOpenFolderAndSelectItems + 7B 7CAC2A99 28 Bytes [ 7C, 0E, 8B, 4D, FC, F7, D9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellItem 7CAC2AB6 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellItem + 8 7CAC2ABE 29 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellItem + 26 7CAC2ADC 2 Bytes [ 4D, FC ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellItem + 29 7CAC2ADF 44 Bytes [ D9, 1B, C9, 83, E1, FE, 41, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellItem + 56 7CAC2B0C 47 Bytes [ 75, 08, 6A, 77, 6A, 06, E8, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateFileExtractIconW + 9 7CAC2C2B 18 Bytes [ 59, 8B, 55, 14, 89, 0A, C9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateFileExtractIconW + 1C 7CAC2C3E 74 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateFileExtractIconW + 67 7CAC2C89 66 Bytes [ 75, 0C, FF, 75, 08, 6A, 02, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateFileExtractIconW + AA 7CAC2CCC 79 Bytes [ 75, 08, 6A, 02, 6A, 0A, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateFileExtractIconW + FA 7CAC2D1C 63 Bytes [ 4D, FC, F7, D9, 1B, C9, 83, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAppBarMessage + 87 7CAC3EE6 4 Bytes [ 8D, 85, 4C, FB ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAppBarMessage + 8C 7CAC3EEB 36 Bytes [ FF, 50, FF, 15, 78, 15, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAppBarMessage + B1 7CAC3F10 82 Bytes [ FF, 5F, 5E, 8B, 4D, FC, 5B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAppBarMessage + 104 7CAC3F63 42 Bytes [ FF, 89, B5, C4, F9, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHAppBarMessage + 12F 7CAC3F8E 31 Bytes [ 50, FF, 15, 4C, 1A, 9C, 7C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHEnableServiceObject + 2 7CAC3FD1 100 Bytes [ D6, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetInstanceExplorer + 30 7CAC4036 16 Bytes [ FF, 50, FF, 15, 14, 1B, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetInstanceExplorer + 41 7CAC4047 24 Bytes [ 0F, 84, 33, 01, 00, 00, 66, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetInstanceExplorer + 5A 7CAC4060 12 Bytes [ FF, 50, FF, B5, CC, F9, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetInstanceExplorer + 67 7CAC406D 50 Bytes [ FF, 50, FF, D3, FF, B5, D0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetInstanceExplorer + 9B 7CAC40A1 15 Bytes CALL 7CA0431E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolderW + 17 7CAC6FB8 94 Bytes [ C1, C7, 00, D4, 67, 9D, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolderW + 76 7CAC7017 12 Bytes [ 50, 68, 00, 80, 00, 00, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolderW + 83 7CAC7024 78 Bytes [ B5, F0, FD, FF, FF, E8, 23, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolderW + D3 7CAC7074 4 Bytes [ 08, 50, FF, 51 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolderW + D8 7CAC7079 142 Bytes [ 8B, 4D, FC, 33, C0, 85, F6, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolder + 6D 7CAC7108 11 Bytes CALL 7C9FF573 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolder + 79 7CAC7114 18 Bytes [ 1D, 5C, 1D, 9C, 7C, 89, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolder + 8C 7CAC7127 12 Bytes [ 50, 68, 44, 37, 00, 00, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolder + 99 7CAC7134 25 Bytes [ 15, 6C, 1D, 9C, 7C, 83, 66, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHBrowseForFolder + B3 7CAC714E 143 Bytes [ 15, E0, 1D, 9C, 7C, FF, 37, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WOWShellExecute + 29 7CAC8601 66 Bytes [ 8B, F0, EB, 02, 33, F6, 3B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WOWShellExecute + 6C 7CAC8644 89 Bytes [ 8D, 55, EC, 52, 50, FF, 51, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WOWShellExecute + C7 7CAC869F 60 Bytes [ 68, 28, B2, 9D, 7C, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WOWShellExecute + 104 7CAC86DC 17 Bytes [ 75, 14, 6A, 00, 57, 50, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!WOWShellExecute + 116 7CAC86EE 51 Bytes [ 75, 05, BE, 05, 40, 00, 80, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExec_RunDLLW + 2 7CAC87D6 19 Bytes CALL 7CA9B2AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExec_RunDLLW + 16 7CAC87EA 28 Bytes [ EC, 56, 8D, 45, 08, 50, 6A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExec_RunDLLW + 33 7CAC8807 9 Bytes [ 75, 10, 8B, 08, 6A, 01, 6A, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExec_RunDLLW + 3D 7CAC8811 10 Bytes [ 51, 20, 8B, F0, 8B, 45, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellExec_RunDLLW + 48 7CAC881C 26 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateProcessAsUserW + C 7CAC93A0 26 Bytes [ 19, 9C, 7C, F7, D8, 1B, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateProcessAsUserW + 28 7CAC93BC 18 Bytes [ 68, E0, 03, 00, 00, 6A, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateProcessAsUserW + 3B 7CAC93CF 71 Bytes [ 75, 08, FF, 15, EC, 1D, 9C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateProcessAsUserW + 83 7CAC9417 5 Bytes [ 15, 68, 1C, 9C, 7C ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateProcessAsUserW + 89 7CAC941D 16 Bytes [ F8, 3B, FE, 74, 4F, 66, 39, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHShellFolderView_Message + 2 7CACAA6E 5 Bytes [ FF, 04, 00, 00, 00 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHShellFolderView_Message + 8 7CACAA74 18 Bytes [ 15, 30, 1C, 9C, 7C, 85, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHShellFolderView_Message + 1B 7CACAA87 7 Bytes [ FF, 6A, 01, FF, B5, F4, F7 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHShellFolderView_Message + 23 7CACAA8F 84 Bytes CALL 7CA13719 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHShellFolderView_Message + 78 7CACAAE4 68 Bytes [ FF, 15, 00, 10, 9C, 7C, 5F, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderViewEx + 2 7CACAF07 1 Byte [ 50 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderViewEx + 4 7CACAF09 102 Bytes CALL 7C9EBEF9 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderViewEx + 6B 7CACAF70 35 Bytes [ 50, 8D, 85, FC, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderViewEx + 8F 7CACAF94 18 Bytes CALL 7CA136AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateShellFolderViewEx + A2 7CACAFA7 24 Bytes [ 50, FF, 35, A4, F5, BC, 7C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFind_InitMenuPopup + 55 7CACCCA3 32 Bytes [ 50, 30, 5F, 2B, D8, 5E, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFind_InitMenuPopup + 76 7CACCCC4 14 Bytes [ 08, 33, F6, 51, FF, 50, 64, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFind_InitMenuPopup + 86 7CACCCD4 30 Bytes CALL 7C9EC114 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFind_InitMenuPopup + A5 7CACCCF3 14 Bytes [ 8B, EC, 53, 56, 57, 6A, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFind_InitMenuPopup + B4 7CACCD02 16 Bytes [ 15, 70, 19, 9F, 7C, 85, C0, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFindFiles + 2 7CACE248 46 Bytes [ 75, 10, 83, C0, 0C, 50, E8, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFindFiles + 31 7CACE277 168 Bytes [ 55, 8B, EC, 51, 51, 83, 7D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFindFiles + DE 7CACE324 31 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFindFiles + FE 7CACE344 1 Byte [ FF ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHFindFiles + 100 7CACE346 23 Bytes [ 46, 10, 57, 8B, 7E, 0C, 8B, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHStartNetConnectionDialogW + 2 7CAD197F 48 Bytes [ 7C, 6B, 8B, 46, 14, 8B, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHStartNetConnectionDialogW + 33 7CAD19B0 94 Bytes [ B6, 34, 02, 00, 00, FF, 33, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHStartNetConnectionDialogW + 92 7CAD1A0F 10 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHStartNetConnectionDialogW + 9D 7CAD1A1A 29 Bytes [ 55, 8B, EC, 81, EC, B8, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHStartNetConnectionDialogW + BB 7CAD1A38 125 Bytes [ FF, FF, 89, 45, FC, 8B, 43, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexW + 2A 7CAD3909 60 Bytes [ 55, 8B, EC, 8B, 4D, 08, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexW + 69 7CAD3948 76 Bytes [ 0D, 66, 83, 38, 00, 74, 07, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexW + B6 7CAD3995 24 Bytes [ 39, 5D, 14, 74, 0B, 6A, 02, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexW + CF 7CAD39AE 43 Bytes CALL 7C9EBDF3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexA + 23 7CAD39DA 54 Bytes [ 89, 1F, 89, 1E, B8, 05, 40, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexA + 5A 7CAD3A11 65 Bytes [ F0, 85, F6, 7C, 1A, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexA + 9C 7CAD3A53 96 Bytes [ 7D, 0C, 89, 45, FC, 8D, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexA + FD 7CAD3AB4 38 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHGetIconOverlayIndexA + 125 7CAD3ADC 106 Bytes [ 8B, 4D, 18, A1, 48, F5, BC, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgCreate + 14 7CAD4522 31 Bytes [ 08, FF, 75, FC, 50, FF, 51, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgCreate + 34 7CAD4542 102 Bytes [ FF, 55, 8B, EC, 8B, 45, 18, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgCreate + 9C 7CAD45AA 24 Bytes [ 00, A1, 48, F5, BC, 7C, 53, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgCreate + B5 7CAD45C3 12 Bytes [ FF, 05, 40, 00, 80, 33, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgCreate + C2 7CAD45D0 44 Bytes [ 55, 0C, 39, 11, 74, 0B, 40, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgWriteMultiple + 2 7CAD5170 53 Bytes [ FF, 50, FF, D6, 53, 8D, 85, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgWriteMultiple + 38 7CAD51A6 54 Bytes CALL 7CA25909 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgWriteMultiple + 6F 7CAD51DD 11 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgWriteMultiple + 7B 7CAD51E9 38 Bytes CALL 7CA0C0B3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHPropStgWriteMultiple + A2 7CAD5210 15 Bytes [ FF, FF, D6, 85, C0, 0F, 84, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLimitInputEdit + 3B 7CAD5E7D 27 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLimitInputEdit + 57 7CAD5E99 51 Bytes [ 85, C0, 74, 21, 33, F6, F6, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLimitInputEdit + 8B 7CAD5ECD 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 14, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLimitInputEdit + 96 7CAD5ED8 43 Bytes [ 57, FF, 75, 10, BF, 05, 40, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLimitInputEdit + C2 7CAD5F04 31 Bytes [ EC, 56, 8B, 75, 14, 83, 26, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMultiFileProperties + B 7CAD62F3 30 Bytes [ 15, 30, 13, 9C, 7C, 33, C0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMultiFileProperties + 2A 7CAD6312 33 Bytes [ 8B, 46, 10, A9, 00, 00, 01, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMultiFileProperties + 4C 7CAD6334 14 Bytes [ F9, 30, 72, 06, 66, 83, F9, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMultiFileProperties + 5B 7CAD6343 112 Bytes [ 74, 0C, 66, 83, F9, 41, 72, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHMultiFileProperties + CC 7CAD63B4 10 Bytes [ 8B, F1, FF, 15, BC, 14, 9C, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2E 7CAD6ABD 1 Byte [ 55 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 30 7CAD6ABF 2 Bytes [ EC, 56 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 33 7CAD6AC2 94 Bytes [ 8B, 7D, 08, 57, 8B, F1, FF, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 92 7CAD6B21 174 Bytes [ 75, 09, 09, 46, 10, 83, 4E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 141 7CAD6BD0 149 Bytes [ 00, FF, FF, 75, 0F, 83, 7E, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExeDlgProc + 10 7CAF5D63 49 Bytes [ 14, 8B, F8, 85, FF, 7C, 11, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExeDlgProc + 42 7CAF5D95 4 Bytes [ EC, 51, 53, 57 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExeDlgProc + 47 7CAF5D9A 76 Bytes [ 7D, 08, 8D, 4F, DC, E8, FE, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExeDlgProc + 94 7CAF5DE7 21 Bytes [ 11, 8B, 35, D4, 19, 9C, 7C, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!FindExeDlgProc + AA 7CAF5DFD 19 Bytes [ D6, 85, C0, 7C, 06, 8B, 45, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CallCPLEntry16 + 16 7CB26310 2 Bytes [ 45, 18 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CallCPLEntry16 + 19 7CB26313 111 Bytes [ 08, 6A, FF, 50, FF, 91, A4, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CallCPLEntry16 + 89 7CB26383 9 Bytes [ 15, F4, 1F, 9C, 7C, 39, 5D, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CallCPLEntry16 + 93 7CB2638D 36 Bytes CALL 7CB26916 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!CallCPLEntry16 + B8 7CB263B2 39 Bytes [ 45, FC, 8B, C1, 6A, 08, 8D, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Options_RunDLL + 8 7CB5C586 302 Bytes [ FF, AB, AB, AB, 8D, 85, D0, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Options_RunDLLW + 10B 7CB5C6B5 2 Bytes [ 0F, D8 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Options_RunDLLW + 10F 7CB5C6B9 30 Bytes [ 8B, F0, 85, F6, 75, 31, 57, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Options_RunDLLW + 12E 7CB5C6D8 2 Bytes CALL E6B5C6E0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Options_RunDLLW + 132 7CB5C6DC 62 Bytes [ 6A, 0A, 56, FF, 15, 18, 1E, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!Options_RunDLLW + 171 7CB5C71B 64 Bytes [ 75, D8, FF, 75, 08, FF, 15, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateLocalServerRunDll + 1 7CB5E4F6 374 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateLocalServerRunDll + 178 7CB5E66D 39 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateLocalServerRunDll + 1A0 7CB5E695 59 Bytes [ FF, 85, C0, 8B, 75, 1C, 74, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateLocalServerRunDll + 1DC 7CB5E6D1 8 Bytes [ 83, 65, 08, 00, F6, 06, 03, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!SHCreateLocalServerRunDll + 1E5 7CB5E6DA 88 Bytes [ 5B, 66, 89, 45, D4, 89, 5D, ... ]
.text ...
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!ShellMessageBoxW + 1 7CB9C972 10 Bytes [ 75, FC, 68, 31, 04, 00, 00, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrChrA + 1 7CB9C97D 10 Bytes [ D6, 50, FF, 75, FC, 68, 30, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrChrIA + 1 7CB9C988 32 Bytes [ 77, 08, FF, D6, 53, FF, 75, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrCmpNA + 1 7CB9C9A9 10 Bytes [ 45, FC, 8B, 45, FC, 3B, 45, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrCmpNIA + 1 7CB9C9B4 25 Bytes [ 77, 08, 8D, 4F, 48, E8, 83, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrCmpNW + 6 7CB9C9CF 5 Bytes [ 50, 50, FF, 77, 08 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrRChrA + 1 7CB9C9D5 4 Bytes [ 15, A8, F4, BB ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrRChrA + 6 7CB9C9DA 47 Bytes [ FF, 75, 08, 8B, CF, E8, 19, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrRStrIW 7CB9CA0B 61 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + 1F 7CB9CA4B 52 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + 56 7CB9CA82 57 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + 90 7CB9CABC 4 Bytes [ 76, 50, FF, 15 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + 95 7CB9CAC1 27 Bytes [ 1D, 9C, 7C, 39, BD, DC, FD, ... ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[216] SHELL32.dll!StrStrW + B1 7CB9CADD 21 Bytes CALL 7CB819DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3380] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Antnee.WE-R-1\Desktop\Dakeyras.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Antnee.WE-R-1\Desktop\Dakeyras.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Antnee.WE-R-1\Desktop\Dakeyras.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Antnee.WE-R-1\Desktop\Dakeyras.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Fastfat \Fat EE690D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\336db75214369c776f3aa25252ebcbb6.sys (*** hidden *** ) [BOOT] 336db75214369c776f3aa25252ebcbb6 <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\336db75214369c776f3aa25252ebcbb6&download_period=1209600&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=336db75214369c776f3aa25252ebcbb6&path=system32\336db75214369c776f3aa25252ebcbb6.sys&wmid=Dnr001&idate=2008-12-04 06:11:54:506&last_download_time=2009-1-15 8:5:9.550&first_skip=1&last_update_ip_pos=0&fails_0=1
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@Tag 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@ImagePath system32\336db75214369c776f3aa25252ebcbb6.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@DisplayName 336db75214369c776f3aa25252ebcbb6
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6@Group System Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\336db75214369c776f3aa25252ebcbb6\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\336db75214369c776f3aa25252ebcbb6&download_period=1209600&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=336db75214369c776f3aa25252ebcbb6&path=system32\336db75214369c776f3aa25252ebcbb6.sys&wmid=Dnr001&idate=2008-12-04 06:11:54:506&last_download_time=2009-1-15 8:5:9.550&first_skip=1&last_update_ip_pos=0&fails_0=1
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@Tag 6
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@ImagePath system32\336db75214369c776f3aa25252ebcbb6.sys
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@DisplayName 336db75214369c776f3aa25252ebcbb6
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6@Group System Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6\Security
Reg HKLM\SYSTEM\ControlSet002\Services\336db75214369c776f3aa25252ebcbb6\Security@Security 0x01 0x00 0x14 0x80 ...

---- Files - GMER 1.0.14 ----

File C:\WINDOWS\system32\336db75214369c776f3aa25252ebcbb6.sys 39424 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\_336db75214369c776f3aa25252ebcbb6.sys_.vir 39424 bytes executable

---- EOF - GMER 1.0.14 ----
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 18th, 2009, 9:41 pm

RSIT Log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Antnee at 2009-01-18 19:33:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (12%) free of 29 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:14, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\eMail ID\IconixService.exe
C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Antnee.WE-R-1\Desktop\RSIT.exe
C:\Documents and Settings\Antnee.WE-R-1\Desktop\Antnee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.madisonmission.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41991acb875b4b16bc9370013ee2a131
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent ... Status.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7872019361
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/fr ... eecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7871987845
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://online.invokesolutions.com/event ... mpTest.ocx
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://online.invokesolutions.com/event ... MILive.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://survey3.spss-asp.com/images/p999 ... d_ocx.jpeg
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\eMail ID\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 12354 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761233B6-F228-49E4-8F6B-668499D4E55A}]
IconixBHOClass Class - C:\Program Files\eMail ID\IEAddOn\IconixBHO_37.dll [2008-12-08 705808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2008-09-29 99328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2008-09-29 3146240]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2002-12-17 360448]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
"HelpCenter4.1"=C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe [2007-04-12 198184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ZCfgSvc.exe"=C:\WINDOWS\system32\ZCfgSvc.exe [2005-07-05 639040]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2005-06-27 135168]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"IconixOEAddOn"=C:\Program Files\eMail ID\OEAddOn\OEdmn_4.exe [2008-12-08 333584]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2005-07-05 188482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe"="C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78507f73-6eda-11dc-983f-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d53ccc3-0a47-11dc-979c-00038a000015}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9add220-73f1-11db-965c-00038a000015}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 3 months======

2009-01-18 19:33:59 ----DC---- C:\rsit
2009-01-18 18:48:58 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-18 18:48:58 ----A---- C:\WINDOWS\gmer.dll
2009-01-18 18:48:57 ----A---- C:\WINDOWS\gmer.exe
2009-01-18 08:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-16 09:01:39 ----D---- C:\Program Files\Avira
2009-01-16 09:01:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2009-01-16 07:28:42 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-01-16 07:15:49 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-01-16 07:15:49 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-01-16 07:15:49 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-01-16 07:15:14 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-01-16 07:04:26 ----D---- C:\WINDOWS\temp
2009-01-16 07:04:23 ----AC---- C:\ComboFix.txt
2009-01-16 06:46:59 ----D---- C:\Program Files\ERUNT
2009-01-14 22:19:23 ----AC---- C:\Boot.bak
2009-01-14 22:19:09 ----RASHDC---- C:\cmdcons
2009-01-14 22:09:39 ----A---- C:\WINDOWS\zip.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\VFIND.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\SWSC.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\SWREG.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\sed.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\grep.exe
2009-01-14 22:09:39 ----A---- C:\WINDOWS\fdsv.exe
2009-01-14 22:09:29 ----DC---- C:\Qoobox
2009-01-14 22:09:29 ----D---- C:\WINDOWS\ERDNT
2009-01-09 09:20:32 ----D---- C:\Documents and Settings\Antnee.WE-R-1\Application Data\eMail ID
2009-01-09 09:20:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\eMail ID
2009-01-09 09:20:19 ----D---- C:\Program Files\Common Files\eMail ID
2009-01-09 09:20:13 ----D---- C:\Program Files\eMail ID
2009-01-09 00:09:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
2009-01-01 11:19:19 ----D---- C:\Program Files\PayPal
2008-12-19 01:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 19:10:54 ----D---- C:\Program Files\Bonjour
2008-12-12 11:18:16 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-12-12 11:11:46 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-12-10 02:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 02:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 02:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 02:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 02:14:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 10:46:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 10:39:44 ----D---- C:\Program Files\QuickTime
2008-12-08 10:21:59 ----D---- C:\Program Files\PassAlong
2008-11-27 06:20:20 ----D---- C:\Documents and Settings\Antnee.WE-R-1\Application Data\Malwarebytes
2008-11-27 06:20:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-27 06:20:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 00:48:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ExamForce
2008-11-24 00:41:00 ----RSD---- C:\WINDOWS\assembly
2008-11-24 00:39:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-14 19:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 19:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 19:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-28 00:39:29 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-28 00:39:28 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-28 00:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 00:39:54 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-21 00:39:27 ----AC---- C:\rapport.txt
2008-10-21 00:38:59 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe

======List of files/folders modified in the last 3 months======

2009-01-18 19:33:37 ----D---- C:\WINDOWS\Prefetch
2009-01-18 18:48:58 ----D---- C:\WINDOWS\system32\drivers
2009-01-18 18:48:58 ----D---- C:\WINDOWS
2009-01-18 18:43:19 ----D---- C:\WINDOWS\TEM?
2009-01-18 11:04:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-18 10:12:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WholeSecurity
2009-01-18 09:18:35 ----D---- C:\WINDOWS\system32
2009-01-18 09:18:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-18 09:13:32 ----D---- C:\WINDOWS\Minidump
2009-01-18 08:54:39 ----SHD---- C:\WINDOWS\Installer
2009-01-18 08:54:39 ----HD---- C:\Config.Msi
2009-01-18 08:53:05 ----HD---- C:\WINDOWS\inf
2009-01-18 08:52:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-18 08:50:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-18 08:45:36 ----D---- C:\WINDOWS\Debug
2009-01-18 04:17:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-16 09:01:39 ----RHD---- C:\Program Files
2009-01-16 07:29:10 ----RSD---- C:\WINDOWS\Fonts
2009-01-16 07:28:57 ----D---- C:\WINDOWS\Help
2009-01-16 06:58:58 ----AC---- C:\WINDOWS\system.ini
2009-01-16 06:57:19 ----D---- C:\Program Files\Common Files
2009-01-16 06:57:18 ----D---- C:\WINDOWS\AppPatch
2009-01-16 06:27:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-16 06:27:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-14 22:46:39 ----D---- C:\WINDOWS\system32\wbem
2009-01-14 22:28:31 ----D---- C:\WINDOWS\system32\config
2009-01-14 22:25:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 22:23:14 ----D---- C:\Program Files\Internet Explorer
2009-01-14 22:19:23 ----RASH---- C:\boot.ini
2009-01-13 23:39:09 ----A---- C:\WINDOWS\ODBC.INI
2009-01-13 23:37:14 ----A---- C:\WINDOWS\win.ini
2009-01-13 22:27:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-13 22:24:38 ----D---- C:\Program Files\PCPitstop
2009-01-09 19:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-09 08:37:35 ----D---- C:\Program Files\CCleaner
2009-01-07 21:25:22 ----D---- C:\WINDOWS\network diagnostic
2009-01-01 11:19:30 ----D---- C:\WINDOWS\WinSxS
2008-12-24 23:15:30 ----D---- C:\WINDOWS\system32\Macromed
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 10:13:12 ----D---- C:\WINDOWS\system32\mui
2008-12-08 10:48:55 ----D---- C:\Program Files\iTunes
2008-12-08 10:47:46 ----D---- C:\Program Files\iPod
2008-12-08 10:47:43 ----D---- C:\Program Files\Common Files\Apple
2008-11-09 19:49:37 ----D---- C:\Documents and Settings\Antnee.WE-R-1\Application Data\Move Networks
2008-10-28 01:03:11 ----D---- C:\Documents and Settings\Antnee.WE-R-1\Application Data\Uniblue
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-22 09:08:43 ----D---- C:\Program Files\Common Files\Scanner
2008-10-22 02:55:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-21 01:38:30 ----D---- C:\Program Files\Photo Story 3 for Windows
2008-10-21 01:26:25 ----SD---- C:\WINDOWS\Tasks
2008-10-21 00:36:06 ----HD---- C:\Documents and Settings
2008-10-21 00:22:39 ----D---- C:\Program Files\eMusic Download Manager
2008-10-21 00:21:18 ----D---- C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input
2008-10-21 00:20:37 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-02-05 17217]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-06-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-16 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-06-12 8552]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-06-17 10970]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2005-04-05 132352]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2005-12-19 28449]
R3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2005-12-19 60572]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-06-25 12160]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-15 264440]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2005-07-26 662400]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-18 85969]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 Intel_MIPMNMP;Intel Adapter Switching Driver; C:\WINDOWS\system32\DRIVERS\mipmnxp.sys [2002-11-22 45824]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-19 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-19 2142488]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pmxscan;Visioneer USB Kernel; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-11-10 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IconixService;Iconix Update Service; C:\Program Files\Common Files\eMail ID\IconixService.exe [2008-12-08 258832]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-19 137752]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2005-07-05 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2005-07-05 421955]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-14 138168]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am

Re: When I click on link it occasionally takes me to another sit

Unread postby cat4arby » January 18th, 2009, 9:42 pm

RSIT info.txt

info.txt logfile of random's system information tool 1.05 2009-01-18 19:34:16

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe"
DeductionPro 2007-->"C:\Program Files\InstallShield Installation Information\{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ExamForce Engine Installation CM 7.7-->E:\PROGRA~1\CRAMMA~1\SAVEDF~1\UNWISE.EXE E:\PROGRA~1\CRAMMA~1\SAVEDF~1\INSTALL.LOG
FastAccess® DSL Help Center 4.2-->"C:\Program Files\Bellsouth\HelpCenter40b\unins000.exe"
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
HijackThis 2.0.2-->"C:\Documents and Settings\Antnee.WE-R-1\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Intel(R) PROSet-->MsiExec.exe /I{b697396d-4bff-430d-9578-8aa5a549777a}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JumpStart Music-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSMUSIC\DeIsL1.isu
JumpStart Numbers-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSNUMBER\DeIsL1.isu
JumpStart Reading for Kindergartners-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSKR\DeIsL1.isu
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PaperPort 7.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PCTEL 2304WT V.9x MDC Modem Drivers-->ptuninst.exe
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RapidPlayer v4.0 ActiveX Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Shoppers' Hotline Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2405FEDD-9E40-4438-9765-A37A2B389E1A}\setup.exe" -l0x9 -removeonly
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Signature995-->C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TaxCut Alabama 2007-->MsiExec.exe /X{C918615A-EB7D-4CD8-BE62-494D6AD09BB3}
TaxCut Deluxe 2005-->E:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut Premium + State 2007-->MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
TaxCut Premium 2006-->E:\PROGRA~1\TaxCut06\Program\removetc.exe
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Trend Micro™ eMail ID-->"C:\Program Files\eMail ID\Uninstaller.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesuite. ... otCtrl.cab
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\system32\gs\gs7.05\bin;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0905
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEM?
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
cat4arby
Regular Member
 
Posts: 16
Joined: January 11th, 2009, 4:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 352 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware