Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please Please Help


  • Please log in to reply
41 replies to this topic

#1 malonja

malonja

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 03 February 2007 - 09:08 AM

I've taken all the steps on the preperation pinned thread at the top of the forum. Still very very slow. TIA

Logfile of HijackThis v1.99.1
Scan saved at 8:04:58 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auburnsports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111177310046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

BC AdBot (Login to Remove)

 


m

#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:53 AM

Posted 04 February 2007 - 04:09 PM

You are running HJT from an unsafe location. An easy way to correct this is to do the following:

Download a copy of HJTsetup.exe from one of these locations and save it to your Desktop:Location one.
Location two.
Location three.
  • Double click HJTsetup.exe to begin installation.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the prompts from there.
  • At the final dialogue box uncheck the box to the left of "Launch Hijackthis" and then click Finish
Do this BEFORE you proceed!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avg-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.
  • Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.


2) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

3) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options.

For I.E. 6 - under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

For I.E. 7 - under Browsing History, click delete...
Under Temporary Internet Files, click Delete files...

6) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG Anti-Spyware.

7) Boot into Normal Mode.

Post a new HJT log (run in Normal Mode), the AVG A-S log AND a description of how your PC is running.

So long, and thanks for all the fish.

 

 


#3 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 04 February 2007 - 09:10 PM

PC is still very slow. The "window chimes" is very scratchy when the pc boots up. Also, itunes music is very scratchy when another program is opening up...almost as though it can't handle the two processes at once. Over 20 GB left on harddrive and 512 Ram

Logfile of HijackThis v1.99.1
Scan saved at 8:05:01 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auburnsports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111177310046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:50:59 PM 2/4/2007

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP799\A0075396.dll -> Adware.Aws : Cleaned.
:mozilla.178:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.173:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.174:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.175:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.176:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.177:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.209:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.210:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.211:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.212:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.213:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.145:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.146:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.147:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.148:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\tosrtxjz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.


::Report end

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:53 AM

Posted 06 February 2007 - 02:41 PM

Apologies for the delay, I hadn't set up email notifications of replies - D'oh!!! :thumbsup:

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

* The purpose of Prefetch is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
If you choose to check this option, you may find the first time you boot up after cleaning out this folder, that your PC takes longer to get into gear - the second, and subsequent, boots should be quicker.
Not everyone benefits from this step though, but if you do, don't do it more often than once a month or your startup times can increase as a result.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.


3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Go to Start > Run, enter sfc /scannow ( note the space between the "c" and "/" ) and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point.

For details on the System File Checker, click here.

5) Defragment your hard drive. A tutorial for disc defragmentation is available here.

6) Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

Once you have run through the above steps, do the below ones -

IMPORTANT - A new version of the Kaspersky Online Scanner was released on August 8, 2006. If you have installed a previous version then you need to go to Add/Remove Programs and remove any entries for Kaspersky Online Scanner before you proceed.
* Close all Internet Explorer windows before doing this.

Go here and click the Kaspersky Online Scanner button.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

So long, and thanks for all the fish.

 

 


#5 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 08:20 AM

I did everything you recommended. PC is still slow :thumbsup:

Booting up is slow, as an example, during the boot up when the Windows WP logo appears on a black screen and the blue "progress bar" runs from right to left below....that portion takes 7 times as long as it used to. After i pick a particular user and the "Windows Chimes" play...the audio is slow, garbeled, scratchy, distorted, pixeled.

When streaming audio or playing audio from a media player, the audio becomes the same way as above if another application is running/opening. Looking at my processes in "task manager"...nothing stands out as taking up my memory.

Logs are as follows:

Logfile of HijackThis v1.99.1
Scan saved at 7:13:01 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auburnsports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111177310046
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 06, 2007 7:33:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/02/2007
Kaspersky Anti-Virus database records: 265620
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 87218
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:02:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-204139.log Object is locked skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP801\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks for your help.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:53 AM

Posted 07 February 2007 - 03:17 PM

Nothing jumps out at me in the logs you've posted, so we'll dig deeper and see if anything volunteers itself.

Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


Double click gmer.exe to begin:
  • If you get a message about "system modification", click Yes and work through the rest of the instructions.
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them seperately. Please preview your posts to ensure that all of both logs get posted.

So long, and thanks for all the fish.

 

 


#7 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 09:00 PM

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-07 19:55:25
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxdev.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
McDetect.exe /*McAfee WSC Integration*/@ = c:\program files\mcafee.com\agent\mcdetect.exe
McShield /*McAfee.com McShield*/@ = c:\PROGRA~1\mcafee.com\vso\mcshield.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
MpfService /*McAfee Personal Firewall Service*/@ = C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WinDefend /*Windows Defender*/@ = "C:\Program Files\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundMAXPnPC:\Program Files\Analog Devices\Core\smax4pnp.exe = C:\Program Files\Analog Devices\Core\smax4pnp.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
@IntelMeMC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
@VSOCheckTask"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
@MCAgentExec:\PROGRA~1\mcafee.com\agent\mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
@MCUpdateExec:\PROGRA~1\mcafee.com\agent\mcupdate.exe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
@VirusScan OnlineC:\Program Files\McAfee.com\VSO\mcvsshld.exe = C:\Program Files\McAfee.com\VSO\mcvsshld.exe
@MPSExec:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding = c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@OASClntC:\Program Files\McAfee.com\VSO\oasclnt.exe = C:\Program Files\McAfee.com\VSO\oasclnt.exe
@Dell Photo AIO Printer 922"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" = "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
@MPFExeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AIMC:\Program Files\AIM\aim.exe -cnetwait.odl /*file not found*/ = C:\Program Files\AIM\aim.exe -cnetwait.odl /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WINDOW~4\MpShHook.dll = C:\PROGRA~1\WINDOW~4\MpShHook.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Program Files\Sonic\RecordNow!\shlext.dll = C:\Program Files\Sonic\RecordNow!\shlext.dll
@{7D5C4BDD-B015-4401-8731-1507B87DE297} /*QBVersionTool*/C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll = C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll = C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}c:\program files\mcafee.com\mps\mcbrhlpr.dll = c:\program files\mcafee.com\mps\mcbrhlpr.dll
@{3EC8255F-E043-4cae-8B3B-B191550C2A22}c:\program files\mcafee.com\mps\popupkiller.dll = c:\program files\mcafee.com\mps\popupkiller.dll
@{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL = C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.dell4me.com/myway = http://www.dell4me.com/myway
@Start Pagehttp://www.auburnsports.com/ = http://www.auburnsports.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000006@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000007@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000008@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000009@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000010@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000011@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll

C:\Documents and Settings\Jason\Start Menu\Programs\Startup = DESKTOP.INI

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
DESKTOP.INI = DESKTOP.INI
HotSync Manager.lnk = HotSync Manager.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----

#8 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 09:06 PM

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-07 19:53:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\McAfee.com\Agent\mcagent.exe[440] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01793E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\igfxpers.exe[556] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E43E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe[1028] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D13E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EXPLORER.EXE[1196] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1424] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01483E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text ...
.text C:\Documents and Settings\Jason\Local Settings\Temp\wz2d48\gmer.exe[2544] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[2636] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe[2648] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01093E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NlsMbOemCodePageTag + FFF84FE8 7C901000 11 Bytes [ DE, FF, FF, 00, E7, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnterCriticalSection + 7 7C90100C 7 Bytes [ F7, FF, FF, 00, 94, FB, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnterCriticalSection + F 7C901014 19 Bytes [ 9C, FB, FF, 00, 94, D3, D6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnterCriticalSection + 23 7C901028 11 Bytes [ 94, E7, EF, 00, A5, F7, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnterCriticalSection + 2F 7C901034 27 Bytes [ 84, EF, FF, 00, 9C, F3, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnterCriticalSection + 4B 7C901050 11 Bytes [ 8C, EB, FF, 00, 7B, E7, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLeaveCriticalSection + 18 7C901105 14 Bytes [ BA, DE, 00, 6B, D7, FF, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLeaveCriticalSection + 27 7C901114 7 Bytes [ 73, C3, DE, 00, EF, FB, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLeaveCriticalSection + 2F 7C90111C 27 Bytes [ 18, 96, C6, 00, 21, AA, DE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTryEnterCriticalSection + D 7C901138 11 Bytes [ 73, D7, FF, 00, 73, C7, E7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTryEnterCriticalSection + 19 7C901144 11 Bytes [ 9C, E3, FF, 00, BD, E7, F7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTryEnterCriticalSection + 25 7C901150 3 Bytes [ 52, C3, F7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTryEnterCriticalSection + 29 7C901154 3 Bytes [ 5A, C7, F7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTryEnterCriticalSection + 2D 7C901158 3 Bytes [ 63, CF, FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitializeThunk + 21 7C90119F 16 Bytes [ 00, C6, D3, EF, 00, 29, 5D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitializeThunk + 32 7C9011B0 6 Bytes [ 63, 86, FF, 00, 73, 92 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlActivateActivationContextUnsafeFast + 2 7C9011B7 8 Bytes [ 00, 84, 9E, FF, 00, D6, DF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlActivateActivationContextUnsafeFast + B 7C9011C0 7 Bytes [ 52, 75, FF, 00, 94, AA, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlActivateActivationContextUnsafeFast + 13 7C9011C8 31 Bytes [ 63, 6D, 94, 00, D6, DB, EF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlActivateActivationContextUnsafeFast + 33 7C9011E8 30 Bytes [ F7, F7, FF, 00, E7, E7, EF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + F 7C901209 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C901210 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 22 7C90121C 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 2C 7C901226 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 31 7C90122B 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUserBreakPoint + 12 7C90124B 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCurrentTeb + 6 7C901256 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitString + F 7C90126B 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitString + 25 7C901281 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitString + 2C 7C901288 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitString + 38 7C901294 15 Bytes [ 00, 00, 00, 00, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitAnsiString + B 7C9012A4 36 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitAnsiString + 30 7C9012C9 23 Bytes [ 02, 02, 02, 98, 98, 98, 98, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitUnicodeString + B 7C9012E1 39 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitUnicodeString + 33 7C901309 55 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!cos + 16 7C901341 25 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!cos + 30 7C90135B 251 Bytes [ 02, 8F, 8F, 01, 76, B1, B0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_CIlog + 84 7C901457 218 Bytes [ 74, 74, 74, 74, 74, 74, 74, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_CIpow + 7B 7C901532 128 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_CIpow + FC 7C9015B3 48 Bytes [ 14, 14, 47, 8A, 62, 5E, 5E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_CIpow + 12D 7C9015E4 110 Bytes [ 24, 14, 61, 70, 51, 52, B0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_CIpow + 19C 7C901653 3 Bytes [ 02, 02, 02 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_CIpow + 1A0 7C901657 158 Bytes [ 02, 02, 02, 02, 8F, A6, 76, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sin + 17 7C9016F6 221 Bytes [ 74, 74, 88, 85, 97, 96, A1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sqrt + 42 7C9017D4 501 Bytes [ 98, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_alldvrm + DE 7C9019CA 97 Bytes [ 05, 05, 09, 34, 32, 2D, 0A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_alloca_probe + 23 7C901A2C 531 Bytes [ 05, 49, 38, 33, 32, 33, 28, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_aulldvrm + 87 7C901C40 131 Bytes [ E0, 00, 00, 00, 00, 3F, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_aullrem + 71 7C901CC4 3 Bytes [ 0F, FF, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_aullrem + 75 7C901CC8 102 Bytes [ FF, FF, 80, 00, 1F, FF, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_memccpy + 14 7C901D31 86 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!atan + 13 7C901D88 55 Bytes [ FF, F7, EF, 00, FF, CB, 94, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!atan + 4B 7C901DC0 31 Bytes [ D6, 9A, 4A, 00, DE, A6, 5A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!atan + 6B 7C901DE0 11 Bytes [ FF, A2, 18, 00, FF, A6, 29, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!atan + 77 7C901DEC 11 Bytes [ DE, 96, 31, 00, FF, AE, 39, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!atan + 83 7C901DF8 19 Bytes [ CE, 9E, 5A, 00, 94, 79, 52, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!ceil + A 7C901E28 63 Bytes [ C6, C3, BD, 00, FF, E7, B5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!ceil + 4A 7C901E68 11 Bytes [ CE, CF, CE, 00, C6, C7, C6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!ceil + 56 7C901E74 23 Bytes [ C6, E3, CE, 00, B5, E3, DE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!ceil + 6E 7C901E8C 27 Bytes [ A5, FF, FF, 00, AD, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!ceil + 8A 7C901EA8 31 Bytes [ DE, FF, FF, 00, E7, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!floor + B 7C901F68 55 Bytes [ 7B, DF, FF, 00, 8C, D7, EF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!floor + 43 7C901FA0 7 Bytes [ 29, 79, 94, 00, 4A, C3, EF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!floor + 4B 7C901FA8 171 Bytes [ 4A, BE, E7, 00, 52, BA, DE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!floor + F7 7C902054 7 Bytes [ EF, F3, FF, 00, 63, 86, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!floor + FF 7C90205C 7 Bytes [ 73, 92, FF, 00, 84, 9E, FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memchr + 19 7C9020BE 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memchr + 2B 7C9020D0 68 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memchr + 70 7C902115 123 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcmp + 42 7C902191 2 Bytes [ 02, 02 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcmp + 45 7C902194 2 Bytes [ 02, 02 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcmp + 48 7C902197 12 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcmp + 55 7C9021A4 29 Bytes [ 8F, BB, 9C, 86, A4, A2, 79, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcmp + 73 7C9021C2 188 Bytes [ 02, 02, 8F, 01, B3, 9E, 9E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcpy + 7F 7C90227F 2 Bytes [ 02, 02 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcpy + 82 7C902282 115 Bytes [ 02, 8F, B8, AE, 81, 01, 62, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcpy + F6 7C9022F6 129 Bytes [ 50, 9E, 58, 58, 8B, 98, 98, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcpy + 178 7C902378 32 Bytes [ 1C, 3D, 5D, 5D, A9, 98, 98, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memcpy + 199 7C902399 106 Bytes [ AC, 05, 05, A0, A1, 98, 02, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memmove + 20 7C90255A 3 Bytes [ 00, 7F, E0 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memmove + 25 7C90255F 27 Bytes [ 3F, E0, 00, 00, 3F, E0, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memmove + 41 7C90257B 92 Bytes [ 07, E0, 00, 00, 03, E0, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memmove + 9E 7C9025D8 63 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!memmove + DE 7C902618 91 Bytes [ D6, D3, D6, 00, DE, D3, D6, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcpy + D 7C9028E4 31 Bytes [ AD, B6, BD, 00, E7, EB, EF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcat + 18 7C902904 42 Bytes [ 73, 92, FF, 00, 84, 9E, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcat + 44 7C902930 3 Bytes [ DE, E3, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcat + 48 7C902934 32 Bytes [ 9C, 9E, BD, 00, F7, F7, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcat + 6B 7C902957 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcat + 7D 7C902969 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcmp + E 7C9029DF 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcmp + 29 7C9029FA 45 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcmp + 57 7C902A28 23 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strcmp + 6F 7C902A40 342 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncat + 7C 7C902B97 29 Bytes [ 02, 02, 02, 02, 8F, 8F, 8F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncat + 9A 7C902BB5 224 Bytes [ 02, 02, 02, 09, D5, 22, 2B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncpy + 16 7C902C96 73 Bytes [ 08, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncpy + 60 7C902CE0 11 Bytes [ D6, D3, D6, 00, DE, D3, D6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncpy + 6C 7C902CEC 3 Bytes [ B5, AE, AD ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncpy + 70 7C902CF0 79 Bytes [ 9C, 96, 94, 00, A5, 7D, 6B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strncpy + C1 7C902D41 10 Bytes [ D7, A5, 00, F7, D3, A5, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strpbrk + 1F 7C902DA2 112 Bytes [ BD, 00, FF, F3, D6, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strspn + 26 7C902E13 36 Bytes [ 00, D6, FF, FF, 00, DE, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strspn + 4B 7C902E38 63 Bytes [ 94, F7, FF, 00, 8C, F3, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!tan + 3A 7C902E78 39 Bytes [ D6, F7, FF, 00, 18, AE, D6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!tan + 62 7C902EA0 27 Bytes [ 10, 8E, B5, 00, 21, A6, CE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!tan + 7E 7C902EBC 7 Bytes [ 42, BA, DE, 00, 42, AE, CE ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!tan + 86 7C902EC4 40 Bytes [ 52, CB, EF, 00, 5A, D3, F7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!tan + AF 7C902EED 34 Bytes [ 9A, CE, 00, 08, 9E, D6, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFirstEntrySList + 6 7C902F88 55 Bytes [ 29, 7D, A5, 00, 63, CB, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUshortByteSwap + C 7C902FC0 3 Bytes [ B5, C3, E7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUshortByteSwap + 10 7C902FC4 15 Bytes [ EF, F3, FF, 00, 63, 86, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUlongByteSwap + B 7C902FD4 79 Bytes [ D6, DF, FF, 00, 52, 75, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemory + 2E 7C903024 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemory + 39 7C90302F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemory + 47 7C90303D 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemory + 4E 7C903044 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemoryUlong + 21 7C90306C 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemoryUlong + 28 7C903073 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompareMemoryUlong + 2F 7C90307A 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFillMemory + 2B 7C9030AB 129 Bytes [ 00, 00, 00, 00, 00, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlZeroMemory + 12 7C90312D 151 Bytes [ 4A, A1, 98, 7D, 6E, A1, A1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlMoveMemory + 75 7C9031C6 14 Bytes [ 3F, 3E, 00, 00, 5B, A9, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlMoveMemory + 84 7C9031D5 513 Bytes [ 01, 63, 67, 00, 01, 4A, 8C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlMoveMemory + 286 7C9033D7 50 Bytes [ 23, 00, 00, 00, 19, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlMoveMemory + 2B9 7C90340A 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlMoveMemory + 2BC 7C90340D 2 Bytes [ 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerAdd + 13 7C9034D8 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnlargedIntegerMultiply + B 7C9034E9 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnlargedUnsignedMultiply + B 7C9034FA 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnlargedUnsignedDivide + 17 7C903517 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnlargedUnsignedDivide + 1D 7C90351D 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnlargedUnsignedDivide + 20 7C903520 78 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedLargeIntegerDivide + 4A 7C90356F 2 Bytes [ 59, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedLargeIntegerDivide + 4E 7C903573 5 Bytes [ 3F, 00, 00, 00, 2B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedLargeIntegerDivide + 54 7C903579 5 Bytes [ 00, 00, 1F, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedLargeIntegerDivide + 5A 7C90357F 20 Bytes [ 15, 00, 00, 00, 0B, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedMagicDivide + F 7C903596 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedMagicDivide + 1C 7C9035A3 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedMagicDivide + 3F 7C9035C6 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedMagicDivide + 45 7C9035CC 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedMagicDivide + 54 7C9035DB 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedIntegerMultiply + 10 7C90362D 12 Bytes [ 28, 36, B8, 00, 00, 00, 9C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedIntegerMultiply + 1D 7C90363A 3 Bytes [ 00, 79, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedIntegerMultiply + 22 7C90363F 27 Bytes [ 60, 00, 00, 00, 45, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedIntegerMultiply + 3E 7C90365B 1 Byte [ 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExtendedIntegerMultiply + 40 7C90365D 9 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerShiftLeft + 1C 7C903697 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerShiftLeft + 27 7C9036A2 94 Bytes [ 00, 00, 00, 00, 00, 01, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerArithmeticShift + 2C 7C903701 19 Bytes [ 00, 00, A0, 00, 00, 00, 93, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerNegate + F 7C903715 28 Bytes [ 00, 00, 34, 00, 00, 00, 25, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerSubtract + 13 7C903732 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertLongToLargeInteger + 8 7C903740 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUlongToLargeInteger + 9 7C90374E 40 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUlongToLargeInteger + 32 7C903777 3 Bytes [ FF, B2, EB ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUlongToLargeInteger + 36 7C90377B 3 Bytes [ FF, 76, DC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUlongToLargeInteger + 3A 7C90377F 3 Bytes [ FF, 76, DC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUlongToLargeInteger + 3E 7C903783 16 Bytes [ FF, 76, DC, FF, FF, 76, DC, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCaptureContext + 4C 7C903891 7 Bytes [ 99, CC, FF, 00, 8A, B8, F7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCaptureContext + 54 7C903899 3 Bytes [ 6B, 8E, E4 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCaptureContext + 58 7C90389D 7 Bytes [ 47, 5F, CD, 00, 28, 36, B6 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCaptureContext + 62 7C9038A7 5 Bytes [ 93, 00, 00, 00, 5E ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCaptureContext + 6A 7C9038AF 1 Byte [ 19 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAcceptConnectPort + 5 7C90D37E 18 Bytes [ 00, 8D, 00, 00, 00, 32, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAccessCheck + 5 7C90D393 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAccessCheck + 7 7C90D395 66 Bytes [ 00, 00, 04, 5D, C1, E6, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + B 7C90D3D8 45 Bytes [ EB, D8, D5, FF, FF, DF, DF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + F 7C90D406 8 Bytes [ 00, 13, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 5 7C90D411 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 7 7C90D413 24 Bytes [ 00, 00, 62, 82, 19, 62, C2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAddAtom + B 7C90D42C 62 Bytes [ 71, DA, FC, FF, 5B, CE, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAdjustPrivilegesToken + B 7C90D46B 33 Bytes [ FF, E2, FF, FF, FF, E2, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAlertThread + 5 7C90D48F 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAlertThread + 7 7C90D491 66 Bytes [ 00, 00, 00, 00, 88, B6, 48, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAllocateUuids + B 7C90D4D4 45 Bytes CALL 5678D4BF
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAreMappedFilesTheSame + F 7C90D502 8 Bytes [ 00, A1, 00, 00, 00, 51, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAssignProcessToJobObject + 3 7C90D50B 1 Byte [ 10 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAssignProcessToJobObject + 5 7C90D50D 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAssignProcessToJobObject + 7 7C90D50F 9 Bytes [ 00, 00, 00, 00, 00, 00, 88, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtAssignProcessToJobObject + 11 7C90D519 14 Bytes [ D5, EF, FF, 9C, F0, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCallbackReturn + B 7C90D528 64 Bytes [ 8A, F0, FF, FF, 8A, F0, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCancelTimer + D 7C90D569 18 Bytes [ EC, FF, FF, F7, FF, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtClearEvent + B 7C90D57C 12 Bytes [ 6C, C6, E2, FF, 00, 49, 62, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtClose + 5 7C90D58B 1 Byte [ 19 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtClose + 7 7C90D58D 7 Bytes [ 00, 00, 01, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtClose + F 7C90D595 37 Bytes [ 86, B3, 49, A2, DC, F2, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCompactKeys + B 7C90D5BB 6 Bytes [ FF, 9D, DD, E2, FF, C1 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCompactKeys + 12 7C90D5C2 13 Bytes [ 91, FF, DD, 81, 81, FF, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCompareTokens + B 7C90D5D0 54 Bytes [ 8B, 70, 7C, FF, 6A, 7A, 8E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtConnectPort + 3 7C90D607 1 Byte [ 4B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtConnectPort + 5 7C90D609 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtConnectPort + 7 7C90D60B 7 Bytes [ 13, 00, 00, 00, 01, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtConnectPort + F 7C90D613 16 Bytes [ 00, 00, 85, B1, 4A, A8, DE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtContinue + B 7C90D624 76 Bytes [ 99, FF, FF, FF, 99, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateEventPair + 4 7C90D671 17 Bytes [ 78, A0, 8F, 00, 89, B6, 8F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateFile + 1 7C90D683 1 Byte [ 8E ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateFile + 5 7C90D687 1 Byte [ 13 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateFile + 7 7C90D689 7 Bytes [ 00, 00, 04, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateFile + F 7C90D691 16 Bytes [ 00, 00, 00, 00, 94, C6, 63, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateIoCompletion + B 7C90D6A2 20 Bytes [ FF, FF, 99, FF, FF, FF, 99, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateJobObject + B 7C90D6B7 20 Bytes [ FF, 99, FF, FF, FF, AD, FD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateJobSet + B 7C90D6CC 33 Bytes [ 99, FF, FF, FF, 99, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMailslotFile + 4 7C90D6EF 2 Bytes [ 95, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMailslotFile + 7 7C90D6F2 7 Bytes [ 00, 37, 00, 00, 00, 33, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMailslotFile + F 7C90D6FA 8 Bytes [ 00, 3D, 00, 00, 00, 19, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMutant + 3 7C90D703 1 Byte [ 03 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMutant + 5 7C90D705 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMutant + 7 7C90D707 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateMutant + F 7C90D70F 16 Bytes [ 00, 00, 00, 00, 00, 00, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateNamedPipeFile + B 7C90D720 61 Bytes [ 99, FF, FF, FF, 99, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateProcess + A 7C90D75E 6 Bytes [ 7F, FF, E3, 95, 95, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateProcess + 11 7C90D765 7 Bytes [ A1, A1, FF, 26, B3, D9, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateProcessEx + 5 7C90D76E 18 Bytes [ 00, 85, 4B, 25, 25, 83, 41, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateProfile + 5 7C90D783 1 Byte [ 0D ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateProfile + 7 7C90D785 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateProfile + F 7C90D78D 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateSection + 5 7C90D798 26 Bytes [ 00, 97, C9, 72, B7, E3, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateSemaphore + B 7C90D7B3 13 Bytes [ FF, AB, FF, FF, FF, E6, F6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D7C1 44 Bytes [ 59, 76, 6E, 00, 88, B6, 6C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateTimer + 7 7C90D7EE 16 Bytes [ 00, 55, 48, 24, 24, 89, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateToken + 3 7C90D7FF 1 Byte [ 78 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateToken + 5 7C90D801 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateToken + 7 7C90D803 7 Bytes [ 1F, 00, 00, 00, 01, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateToken + F 7C90D80B 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateWaitablePort + 5 7C90D816 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtCreateWaitablePort + 7 7C90D818 41 Bytes [ 00, 00, 00, 00, 24, A6, D2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDebugContinue + 7 7C90D842 7 Bytes [ 00, 15, 00, 00, 00, 01, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDebugContinue + F 7C90D84A 8 Bytes [ 00, 00, 00, 00, 00, 01, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDelayExecution + 3 7C90D853 1 Byte [ 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDelayExecution + 5 7C90D855 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDelayExecution + 7 7C90D857 17 Bytes [ 01, 00, 00, 00, 01, B6, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteAtom + 4 7C90D869 19 Bytes [ 58, 76, A6, 00, 00, 00, 49, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteBootEntry + 5 7C90D87F 1 Byte [ 91 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteBootEntry + 7 7C90D881 7 Bytes [ 00, 00, 28, 00, 00, 00, 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteBootEntry + F 7C90D889 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteFile + 5 7C90D894 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteFile + 7 7C90D896 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteFile + 13 7C90D8A2 6 Bytes [ C0, 44, 00, 8C, BB, 57 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteKey + 5 7C90D8A9 19 Bytes [ 91, C2, 87, 00, 8F, BE, 89, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteObjectAuditAlarm + 5 7C90D8BE 9 Bytes [ 00, 10, 00, 00, 00, 04, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteObjectAuditAlarm + F 7C90D8C8 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeleteValueKey + 7 7C90D8D5 20 Bytes [ 00, 00, 00, 00, 00, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDeviceIoControlFile + 7 7C90D8EA 18 Bytes [ 00, 87, 74, 3A, 3A, CF, 82, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDisplayString + 5 7C90D8FD 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDisplayString + 7 7C90D8FF 7 Bytes [ 8E, 00, 00, 00, 27, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDisplayString + F 7C90D907 8 Bytes [ 01, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDuplicateObject + 5 7C90D912 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDuplicateObject + 7 7C90D914 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDuplicateObject + F 7C90D91C 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDuplicateToken + 5 7C90D927 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDuplicateToken + 7 7C90D929 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtDuplicateToken + F 7C90D931 8 Bytes [ 00, 00, 01, 00, 00, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateBootEntries + 4 7C90D93B 2 Bytes [ 01, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateBootEntries + 7 7C90D93E 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateBootEntries + F 7C90D946 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateKey + 5 7C90D951 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateKey + 7 7C90D953 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateKey + F 7C90D95B 33 Bytes [ 01, 9A, 4D, 4D, C7, EF, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateValueKey + 7 7C90D97D 7 Bytes [ 00, 00, 6D, 00, 00, 00, 1B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtEnumerateValueKey + F 7C90D985 8 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtExtendSection + 5 7C90D990 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtExtendSection + 7 7C90D992 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtExtendSection + F 7C90D99A 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFilterToken + 5 7C90D9A5 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFilterToken + 7 7C90D9A7 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFilterToken + F 7C90D9AF 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFindAtom + 5 7C90D9BA 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFindAtom + 7 7C90D9BC 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFindAtom + F 7C90D9C4 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushBuffersFile + 5 7C90D9CF 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushBuffersFile + 7 7C90D9D1 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushBuffersFile + F 7C90D9D9 41 Bytes [ 00, 00, 01, 85, 42, 42, C7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushKey + F 7C90DA03 8 Bytes [ 0A, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushVirtualMemory + 5 7C90DA0E 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushVirtualMemory + 7 7C90DA10 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushVirtualMemory + F 7C90DA18 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushWriteBuffer + 5 7C90DA23 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushWriteBuffer + 7 7C90DA25 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFlushWriteBuffer + 10 7C90DA2E 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFreeUserPhysicalPages + 5 7C90DA38 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFreeUserPhysicalPages + 7 7C90DA3A 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFreeUserPhysicalPages + F 7C90DA42 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFreeVirtualMemory + 5 7C90DA4D 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFreeVirtualMemory + 7 7C90DA4F 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFreeVirtualMemory + F 7C90DA57 16 Bytes [ 00, 00, 00, 00, 01, 6C, 36, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtFsControlFile + B 7C90DA68 24 Bytes [ B5, 5B, 5B, FF, C8, 64, 64, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetContextThread + F 7C90DA81 8 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetDevicePowerState + 5 7C90DA8C 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetDevicePowerState + 7 7C90DA8E 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetDevicePowerState + F 7C90DA96 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetPlugPlayEvent + 5 7C90DAA1 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetPlugPlayEvent + 7 7C90DAA3 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetPlugPlayEvent + F 7C90DAAB 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetWriteWatch + 5 7C90DAB6 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetWriteWatch + 7 7C90DAB8 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtGetWriteWatch + F 7C90DAC0 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtImpersonateAnonymousToken + 5 7C90DACB 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtImpersonateAnonymousToken + 7 7C90DACD 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtImpersonateAnonymousToken + F 7C90DAD5 41 Bytes [ 00, 00, 00, 00, 00, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtImpersonateThread + F 7C90DAFF 8 Bytes [ 04, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtInitializeRegistry + 5 7C90DB0A 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtInitializeRegistry + 7 7C90DB0C 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtInitializeRegistry + F 7C90DB14 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtInitiatePowerAction + 5 7C90DB1F 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtInitiatePowerAction + 7 7C90DB21 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtInitiatePowerAction + F 7C90DB29 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtIsProcessInJob + 5 7C90DB34 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtIsProcessInJob + 7 7C90DB36 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtIsProcessInJob + F 7C90DB3E 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtIsSystemResumeAutomatic + 5 7C90DB49 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtIsSystemResumeAutomatic + 7 7C90DB4B 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtIsSystemResumeAutomatic + 10 7C90DB54 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtListenPort + B 7C90DB64 16 Bytes [ 6E, 37, 37, FF, 82, 41, 41, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadDriver + 7 7C90DB75 6 Bytes [ 00, 00, 17, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadDriver + F 7C90DB7D 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadKey + 5 7C90DB88 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadKey + 7 7C90DB8A 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadKey + F 7C90DB92 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadKey2 + 5 7C90DB9D 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!NtLoadKey2 + 7

#9 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 09:11 PM

.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAtomTable + 36 7C92C028 40 Bytes [ AB, F0, AD, FF, AE, F2, B4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAtomTable + 5F 7C92C051 114 Bytes [ BB, 44, FF, 62, B0, 2E, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryAtomInAtomTable + 2F 7C92C0C4 31 Bytes [ 22, BB, 43, FF, 28, C1, 4F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryAtomInAtomTable + 4F 7C92C0E4 54 Bytes [ AB, F2, B1, FF, C1, F5, B8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryAtomInAtomTable + 86 7C92C11B 51 Bytes [ FF, BE, 98, 07, FF, EF, 89, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryAtomInAtomTable + BA 7C92C14F 32 Bytes [ 03, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryAtomInAtomTable + DB 7C92C170 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompactHeap + 43 7C92C4E4 24 Bytes [ FB, AF, 33, FF, E5, A0, 2E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompactHeap + 5C 7C92C4FD 7 Bytes [ 00, 00, 01, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompactHeap + 67 7C92C508 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompactHeap + 6F 7C92C510 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompactHeap + 80 7C92C521 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToOemN + 14 7C92CAA9 61 Bytes [ 00, 00, 02, 00, 00, 00, 04, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToOemN + 52 7C92CAE7 71 Bytes [ 04, 00, 00, 00, 02, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToOemN + 9A 7C92CB2F 12 Bytes [ 16, 36, 1B, 0D, 26, 00, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToOemN + A7 7C92CB3C 93 Bytes [ 5C, F5, 8F, FF, 5C, F5, 8F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToOemN + 106 7C92CB9B 93 Bytes [ 01, 2B, 2B, 00, 06, 33, 14, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 1F 7C92CDD8 32 Bytes [ 36, CF, 69, FF, 36, CF, 69, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 40 7C92CDF9 17 Bytes [ 17, 00, 0B, 80, 00, 00, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 52 7C92CE0B 155 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeStringToOemString + EE 7C92CEA7 12 Bytes [ FF, D5, B0, 85, FF, 09, 78, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeStringToOemString + FB 7C92CEB4 89 Bytes [ 29, C2, 53, FF, 29, C2, 53, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetAllBits + 22 7C92CF0E 21 Bytes [ 00, 00, 00, 00, 00, 00, 58, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetAllBits + 38 7C92CF24 31 Bytes [ A1, 3B, 00, FF, A7, 41, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetAllBits + 58 7C92CF44 11 Bytes [ 23, BC, 47, FF, 23, BC, 47, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetAllBits + 64 7C92CF50 31 Bytes [ 23, BC, 47, FF, 21, B7, 43, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetAllBits + 84 7C92CF70 27 Bytes [ 65, 26, 06, F0, 39, 1C, 0C, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopySecurityDescriptor + 47 7C92D11B 15 Bytes [ FF, B5, 4F, 00, FF, C3, 5D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopySecurityDescriptor + 57 7C92D12B 23 Bytes [ FF, D7, 71, 00, FF, D9, 73, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopySecurityDescriptor + 6F 7C92D143 19 Bytes [ FF, 00, 93, 00, FF, 00, 70, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopySecurityDescriptor + 83 7C92D157 7 Bytes [ FF, 4D, 6F, 00, FF, 0C, 71 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopySecurityDescriptor + 8B 7C92D15F 38 Bytes [ FF, 16, 65, 00, FF, 03, 66, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObject + 10 7C92D19C 14 Bytes [ C3, 5D, 00, FF, CC, 66, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObject + 1F 7C92D1AB 3 Bytes [ FF, DD, 77 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObject + 23 7C92D1AF 15 Bytes [ FF, AB, 85, 00, FF, 56, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObject + 33 7C92D1BF 29 Bytes [ FF, D5, B0, 85, FF, 00, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObject + 51 7C92D1DD 1 Byte [ 74 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToSecondsSince1970 + 11 7C92D660 35 Bytes [ E2, 7C, 00, FF, BE, 75, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToSecondsSince1970 + 36 7C92D685 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToSecondsSince1970 + 42 7C92D691 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToSecondsSince1970 + 49 7C92D698 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToSecondsSince1970 + 69 7C92D6B8 35 Bytes [ D0, ED, A8, FF, B8, F0, AE, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteTimer + 10 7C92D717 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteTimer + 19 7C92D720 88 Bytes [ 00, 00, 00, 00, F3, F1, C1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteTimer + 72 7C92D779 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteTimer + A2 7C92D7A9 14 Bytes [ FF, CC, 70, D1, F2, B6, F3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteTimer + B1 7C92D7B8 61 Bytes [ 8D, DF, 8B, FF, 83, E1, 90, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWaitEx + 2 7C92D97D 16 Bytes [ 00, 00, 1F, FF, 80, 00, 3F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWaitEx + 15 7C92D990 26 Bytes [ 20, 00, 00, 00, 01, 00, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWaitEx + 30 7C92D9AB 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWaitEx + 3C 7C92D9B7 15 Bytes [ 00, 00, 00, 00, 01, 2B, 2B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWaitEx + 4C 7C92D9C7 1 Byte [ FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWait + 3C 7C92DCDF 22 Bytes [ FF, 44, 7E, 00, FF, 64, 78, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWait + 53 7C92DCF6 59 Bytes [ 00, 00, DB, F4, B7, 60, 9E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWait + 90 7C92DD33 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWait + AD 7C92DD50 110 Bytes [ 3C, CE, 6B, FF, 1F, B8, 3E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeregisterWait + 11C 7C92DDBF 65 Bytes [ 00, 80, 00, 00, 03, 80, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimer + 74 7C92E020 16 Bytes [ 20, 8E, AD, EE, 00, 02, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimer + 85 7C92E031 88 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimer + DE 7C92E08A 6 Bytes [ 00, 6E, 00, 00, 00, 1E ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimer + E5 7C92E091 39 Bytes [ 00, 00, 02, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimer + 10D 7C92E0B9 23 Bytes [ E0, DC, FF, EE, E4, E1, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryInformationAcl + 5 7C92E126 40 Bytes JMP 5B74CD2A
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryInformationAcl + 2E 7C92E14F 45 Bytes [ 64, 00, 00, 00, 19, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryInformationAcl + 5C 7C92E17D 22 Bytes [ CD, E4, FF, 8E, D2, E8, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSaclSecurityDescriptor + 2 7C92E194 26 Bytes [ FF, CB, C8, FF, B2, DD, EC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSaclSecurityDescriptor + 1D 7C92E1AF 3 Bytes [ 8B, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSaclSecurityDescriptor + 21 7C92E1B3 5 Bytes [ 33, 00, 00, 00, 07 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSaclSecurityDescriptor + 27 7C92E1B9 25 Bytes [ 00, 00, 01, 28, 9F, C9, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSaclSecurityDescriptor + 41 7C92E1D3 4 Bytes [ FF, AB, B2, BC ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 21 7C92E235 59 Bytes [ F9, FF, FF, AA, C3, C7, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 5D 7C92E271 179 Bytes [ 00, 00, 3B, 00, 00, 00, 0D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 112 7C92E326 36 Bytes [ 00, 46, 00, 00, 00, 43, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 137 7C92E34B 6 Bytes [ FF, A1, FF, FF, FF, 98 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 13E 7C92E352 62 Bytes [ FF, FF, C9, FF, FF, FF, 76, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopyString + 2 7C92E689 20 Bytes [ F8, 03, FF, FF, F8, 03, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopyString + 17 7C92E69E 15 Bytes [ 00, 00, 20, 00, 00, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopyString + 27 7C92E6AE 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopyString + 44 7C92E6CB 10 Bytes [ 7E, 00, 00, 00, 95, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopyString + 50 7C92E6D7 3 Bytes [ 95, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidRelativeSecurityDescriptor + 2E 7C92E7ED 80 Bytes [ EB, FF, FF, 4D, B3, E6, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidRelativeSecurityDescriptor + 80 7C92E83F 7 Bytes [ 95, 2C, 92, C5, FF, 6E, D4 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidRelativeSecurityDescriptor + 88 7C92E847 55 Bytes [ FF, 33, 99, CC, FF, 99, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidRelativeSecurityDescriptor + C0 7C92E87F 20 Bytes [ 94, 2E, 94, C7, FF, 7A, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidRelativeSecurityDescriptor + D5 7C92E894 59 Bytes [ ED, C1, C5, FF, FF, BD, BB, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimerQueue + D 7C92EC05 5 Bytes [ FF, FF, 00, FF, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimerQueue + 13 7C92EC0B 9 Bytes [ 00, FF, 00, FF, 00, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateTimerQueue + 1E 7C92EC16 318 Bytes [ FF, 00, AA, AA, AA, AA, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPrefixString + C 7C92ED55 3 Bytes [ 8B, 8B, 8B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPrefixString + 10 7C92ED59 4 Bytes [ 8B, 8B, 8B, 8B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPrefixString + 15 7C92ED5E 29 Bytes [ 8B, 8B, 8B, 87, 30, AA, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPrefixString + 33 7C92ED7C 68 Bytes [ AA, AA, AA, AA, A3, F8, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itow + 1C 7C92EDC1 153 Bytes [ 87, FB, 30, AA, AA, AA, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itow + B6 7C92EE5B 50 Bytes [ 8B, 83, 3F, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetIoCompletionCallback + 1 7C92EE8E 93 Bytes [ 70, 0C, CC, C0, 3F, 83, 83, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetIoCompletionCallback + 5F 7C92EEEC 48 Bytes [ 8B, 8B, 8B, 70, 70, CC, CC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetIoCompletionCallback + 90 7C92EF1D 3 Bytes [ 8B, 8B, 87 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetIoCompletionCallback + 94 7C92EF21 4 Bytes [ F0, CC, CC, EC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetIoCompletionCallback + 99 7C92EF26 46 Bytes [ EC, E0, 00, 33, 33, 33, 33, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRunEncodeUnicodeString + 18 7C92EF55 243 Bytes [ EC, EC, EC, E0, 80, 07, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRunDecodeUnicodeString + BE 7C92F049 105 Bytes [ 7A, AA, AA, AA, AA, AA, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRunDecodeUnicodeString + 12A 7C92F0B5 20 Bytes [ FF, 00, 00, 80, 01, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRunDecodeUnicodeString + 13F 7C92F0CA 5 Bytes [ 00, FF, FF, FF, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRunDecodeUnicodeString + 145 7C92F0D0 1 Byte [ 80 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRunDecodeUnicodeString + 147 7C92F0D2 7 Bytes [ 00, 0F, FF, FF, 00, 00, 80 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExW + 32 7C92F15A 4 Bytes [ 00, 00, 00, 0F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExW + 37 7C92F15F 7 Bytes [ 00, 00, 00, 00, 00, 00, 0F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExW + 3F 7C92F167 17 Bytes [ 00, 00, 00, 00, 00, 00, 07, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExW + 51 7C92F179 26 Bytes [ 00, 00, 00, 00, 03, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExW + 6C 7C92F194 2 Bytes [ 00, 03 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringW + 1C 7C92F1BC 3 Bytes [ 01, FF, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringW + 20 7C92F1C0 1 Byte [ 80 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringW + 22 7C92F1C2 11 Bytes [ 40, 00, 00, FF, 00, 00, C0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringW + 2E 7C92F1CE 13 Bytes [ 00, 00, C0, 00, F0, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringW + 3C 7C92F1DC 3 Bytes [ 00, FF, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObject + 6 7C92F203 13 Bytes [ 00, 7F, FF, 00, 00, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObject + 14 7C92F211 12 Bytes [ FF, FF, C3, FF, FF, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObject + 21 7C92F21E 3 Bytes [ 00, 00, 40 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObject + 25 7C92F222 17 Bytes [ 00, 00, 01, 00, 04, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObject + 38 7C92F235 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itoa + 16 7C92F250 1 Byte [ 80 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itoa + 18 7C92F252 8 Bytes [ 00, 00, 80, 00, 80, 00, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itoa + 22 7C92F25C 19 Bytes [ 80, 80, 80, 00, C0, C0, C0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itoa + 36 7C92F270 5 Bytes [ FF, 00, 00, 00, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_itoa + 3C 7C92F276 116 Bytes [ FF, 00, FF, FF, 00, 00, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetProcessIsCritical + 48 7C92F48A 4 Bytes [ FF, FF, 80, 3F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetProcessIsCritical + 4D 7C92F48F 8 Bytes [ FF, 80, 03, FF, FF, 80, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetThreadIsCritical + 2 7C92F498 20 Bytes [ 80, 00, 03, FF, 80, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetThreadIsCritical + 19 7C92F4AF 17 Bytes [ 1F, 00, 00, 00, 1F, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetThreadIsCritical + 2B 7C92F4C1 11 Bytes [ 00, 00, 07, 00, 00, 00, 03, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetThreadIsCritical + 37 7C92F4CD 4 Bytes [ 00, 00, 01, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetThreadIsCritical + 3C 7C92F4D2 43 Bytes [ 00, 01, 00, 00, 00, 01, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFlushAlternateResourceModules + 4B 7C92F618 13 Bytes [ F8, FF, FF, 0A, 3F, 8B, 8B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFlushAlternateResourceModules + 5A 7C92F627 107 Bytes [ AA, 3F, B8, B8, B8, 78, F4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplyRXactNoFlush + 24 7C92F693 103 Bytes [ 7B, 80, 01, FF, AA, 80, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserSecurityObject + D 7C92F6FD 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserSecurityObject + 26 7C92F716 1 Byte [ 80 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserSecurityObject + 28 7C92F718 30 Bytes [ 00, 80, 00, 00, 00, 80, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserSecurityObject + 47 7C92F737 13 Bytes [ 00, 00, 00, 00, 00, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserSecurityObject + 55 7C92F745 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAndSetSD + 30 7C92F798 34 Bytes [ 3B, 3F, 7F, 7F, 7F, 7F, 7F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAndSetSD + 54 7C92F7BC 65 Bytes [ 00, 00, 00, 00, AA, 7F, 0F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAndSetSD + 96 7C92F7FE 19 Bytes [ 3F, FF, 00, 00, FF, 0A, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAndSetSD + AA 7C92F812 37 Bytes [ 00, 00, 30, 00, 00, 00, 60, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateAndSetSD + D0 7C92F838 19 Bytes [ 00, 00, 00, 00, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 10 7C92FB9F 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 1F 7C92FBAE 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 47 7C92FBD6 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 54 7C92FBE3 82 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + A7 7C92FC36 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryRegistryValues + 57E 7C9301FF 396 Bytes [ 01, 37, 37, 37, 6E, 9A, C8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetControlSecurityDescriptor + 2B 7C93038C 19 Bytes [ 7A, 95, AB, AC, 37, 37, 37, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetControlSecurityDescriptor + 3F 7C9303A0 8 Bytes [ 0C, 05, 06, 0F, 0F, 0F, 0C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetControlSecurityDescriptor + 48 7C9303A9 416 Bytes [ 03, 23, 24, C3, C7, D0, 99, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnprintf + 133 7C93054A 10 Bytes [ FF, FF, FF, FF, 00, 00, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnprintf + 13E 7C930555 5 Bytes [ FF, 00, 00, 80, 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnprintf + 144 7C93055B 14 Bytes [ FF, FF, FF, 00, 00, 80, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnprintf + 154 7C93056B 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnprintf + 158 7C93056F 6 Bytes [ 00, 80, 00, 00, 0F, FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeRXact + 16C 7C930C92 145 Bytes [ 3C, 38, 38, 38, 4A, 5C, 2F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessAce + 1B 7C930D24 140 Bytes [ 6A, 6A, 6A, 6A, 5D, 5D, 47, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 4C 7C930DB1 337 Bytes [ 0A, 14, 03, 20, AE, B7, 4E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCheckProcessParameters + 60 7C930F03 13 Bytes [ 7F, 80, 00, 00, 3F, 80, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCheckProcessParameters + 6E 7C930F11 7 Bytes [ 00, 00, 1F, 00, 00, 00, 0F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCheckProcessParameters + 76 7C930F19 5 Bytes [ 00, 00, 0F, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCheckProcessParameters + 7C 7C930F1F 7 Bytes [ 07, 00, 00, 00, 07, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCheckProcessParameters + 84 7C930F27 3 Bytes [ 03, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLockBootStatusData + B 7C930FC8 8 Bytes [ DE, 86, 05, 00, FF, AC, 25, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLockBootStatusData + 14 7C930FD1 2 Bytes [ 63, 3B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLockBootStatusData + 17 7C930FD4 93 Bytes [ FE, BA, 40, 00, 68, 4E, 22, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLockBootStatusData + 75 7C931032 12 Bytes [ FF, 00, 9E, FF, FF, 00, A4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLockBootStatusData + 82 7C93103F 11 Bytes [ 00, B1, FE, FF, 00, BB, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnlockBootStatusData + 2 7C9310D7 20 Bytes [ 00, 89, DB, ED, 00, 4D, 6A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnlockBootStatusData + 17 7C9310EC 26 Bytes [ 7C, E2, FF, 00, 7F, E5, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnlockBootStatusData + 32 7C931107 77 Bytes [ 00, 33, B5, DF, 00, 26, 73, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetSetBootStatusData + 3A 7C931155 14 Bytes [ E1, EA, 00, 0F, 9F, CF, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetSetBootStatusData + 49 7C931164 7 Bytes [ 26, AB, DA, 00, 29, 8F, B3 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetSetBootStatusData + 51 7C93116C 7 Bytes [ 35, AB, D3, 00, 3C, BA, E8 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetSetBootStatusData + 59 7C931174 67 Bytes [ 42, B4, DA, 00, 43, AE, D5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetSetBootStatusData + 9D 7C9311B8 7 Bytes [ 80, DA, FF, 00, 8B, DC, FE ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserProcess + 1E 7C9312A3 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserProcess + 3D 7C9312C2 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserProcess + 44 7C9312C9 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserProcess + 4C 7C9312D1 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserProcess + 4E 7C9312D3 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrVerifyImageMatchesChecksum + 15 7C93173B 4 Bytes [ 00, EB, FE, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrVerifyImageMatchesChecksum + 1A 7C931740 18 Bytes [ 8C, F2, F9, 00, 91, F7, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrVerifyImageMatchesChecksum + 2D 7C931753 39 Bytes [ 00, 87, EA, F4, 00, 54, 81, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrVerifyImageMatchesChecksum + 55 7C93177B 8 Bytes [ 00, AC, EF, FB, 00, BB, F4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrVerifyImageMatchesChecksum + 5E 7C931784 131 Bytes [ 3E, 87, 95, 00, 23, 3E, 43, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlImageRvaToVa + 42 7C93189C 66 Bytes [ 64, C8, F4, 00, 6D, D3, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlImageRvaToVa + 85 7C9318DF 64 Bytes [ 00, 2D, 8D, DA, 00, 65, AF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlImageRvaToVa + C6 7C931920 7 Bytes [ 9E, 9E, 9E, 00, 8E, 8E, 8E ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlImageRvaToVa + CE 7C931928 19 Bytes [ 88, 88, 88, 00, 81, 81, 81, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlImageRvaToVa + E2 7C93193C 9 Bytes [ 54, 54, 54, 00, 22, 22, 22, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandomEx + 29 7C932A30 10 Bytes [ 96, FC, FF, FF, 96, FC, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandomEx + 34 7C932A3B 24 Bytes [ FF, 96, FC, FF, FF, 96, FC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandomEx + 4D 7C932A54 23 Bytes [ 96, FC, FF, FF, 54, BA, D2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandomEx + 65 7C932A6C 68 Bytes [ 96, FC, FF, FF, 96, FC, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandomEx + AB 7C932AB2 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetHeapInformation + 2 7C932C48 31 Bytes [ 66, CC, FF, FF, 66, CC, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetHeapInformation + 22 7C932C68 46 Bytes [ A8, FF, FF, FF, A8, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetHeapInformation + 51 7C932C97 34 Bytes [ FF, 79, DF, FF, FF, B3, D9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetHeapInformation + 74 7C932CBA 15 Bytes [ FF, FF, A8, FF, FF, FF, 87, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetHeapInformation + 84 7C932CCA 23 Bytes [ FF, FF, CF, FF, FF, FF, CF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAttributeActionToRXact + A3 7C932ECF 12 Bytes [ FF, 88, C7, FF, FF, 40, A6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAttributeActionToRXact + B0 7C932EDC 122 Bytes [ 87, ED, FF, FF, 77, D6, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAttributeActionToRXact + 12B 7C932F57 67 Bytes [ FF, 7A, E0, FF, FF, 7A, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAttributeActionToRXact + 16F 7C932F9B 11 Bytes [ FF, 7E, E4, FF, FF, 8F, F5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAttributeActionToRXact + 17B 7C932FA7 24 Bytes [ FF, E6, F2, FF, FF, E6, F2, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplyRXact + 1D 7C933024 3 Bytes [ 80, E6, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplyRXact + 21 7C933028 27 Bytes [ 46, 60, 66, FF, 06, 06, 06, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplyRXact + 3D 7C933044 15 Bytes [ 0E, 08, 00, FF, 68, 58, 26, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplyRXact + 4D 7C933054 11 Bytes [ FF, FF, FF, FF, A0, E0, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplyRXact + 59 7C933060 61 Bytes [ 86, EC, FF, FF, 83, E9, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddActionToRXact + 13 7C93309E 5 Bytes [ FF, FF, 1E, A6, D2 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddActionToRXact + 19 7C9330A4 91 Bytes [ 00, 46, 5E, D1, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddActionToRXact + 75 7C933100 6 Bytes [ 4E, 28, 00, FF, CF, 6F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddActionToRXact + 7C 7C933107 63 Bytes [ FF, E7, 81, 00, FF, C4, 8E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddActionToRXact + BD 7C933148 10 Bytes [ F2, FF, FF, FF, F2, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressExW + 21 7C9331CC 32 Bytes [ EC, 86, 00, FF, A7, 91, 40, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddVectoredExceptionHandler + 2 7C9331ED 32 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddVectoredExceptionHandler + 23 7C93320E 30 Bytes [ FF, FF, F7, FF, FF, FF, F7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddVectoredExceptionHandler + 42 7C93322D 62 Bytes [ 00, 00, 73, 00, 00, 00, 21, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRemoveVectoredExceptionHandler + 15 7C93326C 43 Bytes [ 8F, F5, FF, FF, 41, 54, 56, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRemoveVectoredExceptionHandler + 41 7C933298 92 Bytes [ 9F, 99, 4D, FF, 80, A3, 79, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRemoveVectoredExceptionHandler + 9F 7C9332F6 93 Bytes [ 00, 00, 00, 91, C1, CA, DB, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRemoveVectoredExceptionHandler + FD 7C933354 3 Bytes [ F4, 8E, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRemoveVectoredExceptionHandler + 101 7C933358 27 Bytes [ FF, 99, 00, FF, FF, A1, 10, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteAce + 4A 7C9333DA 101 Bytes [ FF, FF, 99, FF, FF, FF, 99, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteAce + B0 7C933440 8 Bytes [ 0D, 0D, 0D, FF, 26, 26, 26, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteAce + B9 7C933449 37 Bytes [ 1D, 27, A7, 00, 4E, 68, 7E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteAce + DF 7C93346F 16 Bytes [ 22, 00, 00, 00, 09, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteAce + F0 7C933480 6 Bytes [ B0, FC, FF, FF, 99, FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDnsHostNameToComputerName + 8 7C933C7F 144 Bytes [ 8E, 00, 00, 00, 16, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDnsHostNameToComputerName + 99 7C933D10 31 Bytes [ 00, 00, 00, 00, 32, 32, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDnsHostNameToComputerName + B9 7C933D30 3 Bytes [ 43, 36, 26 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDnsHostNameToComputerName + BD 7C933D34 70 Bytes [ 29, 29, 29, 9F, 14, 14, 14, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWriteRegistryValue + 37 7C933D7B 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWriteRegistryValue + 57 7C933D9B 116 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteRegistryValue + 71 7C933E11 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteRegistryValue + 7E 7C933E1E 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteRegistryValue + 84 7C933E24 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteRegistryValue + 97 7C933E37 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteRegistryValue + B3 7C933E53 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserThread + 5 7C933F47 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserThread + 3E 7C933F80 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserThread + 5F 7C933FA1 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserThread + 63 7C933FA5 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateUserThread + 7D 7C933FBF 3 Bytes [ 00, 80, 3F ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeContext + C 7C93408D 1 Byte [ 03 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeContext + F 7C934090 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeContext + 14 7C934095 1 Byte [ 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeContext + 16 7C934097 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeContext + 1C 7C93409D 11 Bytes [ 01, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObjectEx + 27 7C934D3C 16 Bytes [ AF, AF, AF, FF, 1A, 1A, 1A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObjectEx + 38 7C934D4D 9 Bytes [ 00, 00, 22, 00, 00, 00, 03, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObjectEx + 42 7C934D57 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObjectEx + 4E 7C934D63 7 Bytes [ 11, 40, B2, D8, F1, ED, FB ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObjectEx + 57 7C934D6C 3 Bytes [ 9F, FF, FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEqualPrefixSid + 2 7C93558B 176 Bytes [ FF, 97, FE, FF, FF, 9E, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEqualPrefixSid + B3 7C93563C 30 Bytes [ C8, ED, F5, FF, C4, FA, FE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEqualPrefixSid + D3 7C93565C 13 Bytes [ 94, C5, FF, FF, 3D, 96, D2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEqualPrefixSid + E2 7C93566B 7 Bytes CALL 775F566F C:\WINDOWS\system32\ole32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEqualPrefixSid + EB 7C935674 14 Bytes [ D2, FD, FE, FF, 53, B8, D6, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstoul + 8 7C935958 8 Bytes [ 97, 55, 0E, FF, FE, 8C, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstoul + 11 7C935961 2 Bytes [ 8C, 02 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstoul + 14 7C935964 11 Bytes [ 7B, 57, 1B, FF, 56, 49, 2B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstoul + 20 7C935970 21 Bytes [ 65, 65, 63, FF, 39, 39, 3A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstoul + 36 7C935986 103 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterWait + 19 7C935A0C 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterWait + 44 7C935A37 16 Bytes [ 03, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterWait + 56 7C935A49 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterWait + 63 7C935A56 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterWait + 69 7C935A5C 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtol + 5A 7C9360B3 20 Bytes [ 00, 80, 00, 00, 00, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtol + 6F 7C9360C8 17 Bytes [ C0, C0, C0, 00, 80, 80, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtol + 82 7C9360DB 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtol + 8F 7C9360E8 138 Bytes [ 11, 11, 11, 11, 11, 11, 11, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtol + 11A 7C936173 51 Bytes [ 66, 11, 11, 11, 11, 11, 11, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCutoverTimeToSystemTime + 68 7C936590 46 Bytes [ FF, FF, F0, 03, E0, FF, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCutoverTimeToSystemTime + 97 7C9365BF 19 Bytes [ 00, FF, FF, 00, 00, 00, 07, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCutoverTimeToSystemTime + AD 7C9365D5 25 Bytes [ 03, 00, 00, FF, FC, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCutoverTimeToSystemTime + C8 7C9365F0 115 Bytes [ FF, E0, 00, 00, 00, 03, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCutoverTimeToSystemTime + 13C 7C936664 11 Bytes [ 00, 00, 00, 00, 00, 00, 7F, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtEnumerateSubKey + 23 7C936A2C 1 Byte [ FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtEnumerateSubKey + 25 7C936A2E 224 Bytes [ FF, 00, FF, FF, 00, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtEnumerateSubKey + 107 7C936B10 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtEnumerateSubKey + 10D 7C936B16 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtEnumerateSubKey + 11A 7C936B23 44 Bytes [ 00, FF, FF, FF, 00, 95, 79, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUniform + 28 7C936B50 119 Bytes [ BB, 79, 6A, 00, BA, 78, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFindMessage + 73 7C936BC8 163 Bytes [ D5, 99, 35, 00, 95, 6F, 2E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFindMessage + 117 7C936C6C 19 Bytes [ 51, AB, 00, 00, 4F, A9, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFindMessage + 12B 7C936C80 11 Bytes [ 36, 72, 04, 00, 6F, AC, 3B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFindMessage + 137 7C936C8C 35 Bytes [ 49, 93, 1E, 00, 5B, B5, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFindMessage + 15B 7C936CB0 3 Bytes [ 6D, C3, 79 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAreAnyAccessesGranted + 23 7C936D50 55 Bytes [ 52, A7, F6, 00, 37, 96, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAreAnyAccessesGranted + 5B 7C936D88 15 Bytes [ 51, 9E, F2, 00, 52, 9F, F3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAreAnyAccessesGranted + 6B 7C936D98 23 Bytes [ 54, A2, F3, 00, 5C, A2, EC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAreAnyAccessesGranted + 83 7C936DB0 29 Bytes [ 4E, 99, F1, 00, 4F, 9A, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAreAnyAccessesGranted + A1 7C936DCE 13 Bytes [ F0, 00, 45, 8A, EF, 00, 46, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!__isascii + 17 7C9372CC 96 Bytes [ BF, 8B, 94, 9C, 99, A4, A1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!__isascii + 78 7C93732D 150 Bytes [ 96, 95, 9C, 99, A2, A8, A6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressA + 60 7C9373C4 470 Bytes [ AD, B1, B7, B5, B9, BE, C3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlStartRXact + 15 7C93759B 345 Bytes [ A7, AE, B0, B6, B4, B8, BC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrAddRefDll + DC 7C9376F5 16 Bytes [ CD, CF, CE, CF, CF, CE, CF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrAddRefDll + ED 7C937706 283 Bytes [ D3, D3, D3, D3, D3, D3, D3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrAddRefDll + 20A

#10 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 09:16 PM

this file is so large it will not allow me to post it all.....even in sections

Not sure what to do.

#11 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 11:26 PM

.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrAddRefDll + 21A 7C937833 4 Bytes [ 8F, FF, FF, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrAddRefDll + 21F 7C937838 8 Bytes [ FF, FF, FE, 07, FF, FF, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnwind + 43 7C937A83 32 Bytes [ 00, 80, 97, 00, 00, 87, 87, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnwind + 64 7C937AA4 12 Bytes [ 8F, 78, 37, 00, 68, DB, F1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnwind + 71 7C937AB1 46 Bytes [ C1, F1, 00, 48, D4, F9, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnwind + A0 7C937AE0 11 Bytes [ 50, AA, F1, 00, 58, AE, EA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnwind + AC 7C937AEC 222 Bytes [ 50, AB, EA, 00, 50, A6, EA, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLengthSecurityDescriptor + 1B 7C937C43 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLengthSecurityDescriptor + 1E 7C937C46 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLengthSecurityDescriptor + 35 7C937C5D 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLengthSecurityDescriptor + 58 7C937C80 54 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLengthSecurityDescriptor + 8F 7C937CB7 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetControlSecurityDescriptor + 19 7C937D03 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetControlSecurityDescriptor + 29 7C937D13 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteSecurityObject + B 7C937D23 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteSecurityObject + 15 7C937D2D 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteSecurityObject + 23 7C937D3B 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteSecurityObject + 59 7C937D71 65 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetOwnerSecurityDescriptor + 11 7C937DB3 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetOwnerSecurityDescriptor + 2B 7C937DCD 65 Bytes [ 10, 10, 10, 10, 10, 10, 10, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetGroupSecurityDescriptor + 2B 7C937E0F 120 Bytes [ 10, 10, 10, 10, 10, 10, 10, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetGroupSecurityDescriptor + A4 7C937E88 43 Bytes [ 10, 10, 10, 10, 10, 10, 10, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetGroupSecurityDescriptor + D1 7C937EB5 156 Bytes [ 6C, 6D, 6F, 73, 86, 8A, 3C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEqualDomainName + 47 7C937F52 633 Bytes [ 2A, 7D, 7D, 7D, 80, 7D, 36, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAce + 1A7 7C9381CC 11 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAce + 1B3 7C9381D8 10 Bytes [ FF, FC, 1E, 3F, FF, F8, 0C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAce + 1BE 7C9381E3 43 Bytes [ 0F, FF, E0, 00, 07, FF, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAce + 1EA 7C93820F 33 Bytes [ 03, E0, 00, 00, 03, C0, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAce + 20C 7C938231 17 Bytes [ FF, F0, 01, FF, FF, F8, 01, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpdateTimer + 29 7C9383F6 9 Bytes [ 66, 00, 66, 00, 99, 00, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpdateTimer + 33 7C938400 6 Bytes [ 66, 00, FF, 00, 66, 33 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpdateTimer + 3A 7C938407 24 Bytes [ 00, 66, 33, 33, 00, 66, 33, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpdateTimer + 53 7C938420 31 Bytes [ 66, 66, 33, 00, 66, 66, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpdateTimer + 73 7C938440 30 Bytes [ 66, 99, CC, 00, 66, 99, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPcToFileHeader + 4 7C938550 43 Bytes [ CC, CC, 00, 00, CC, CC, 33, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPcToFileHeader + 30 7C93857C 5 Bytes [ CC, FF, FF, 00, CC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPcToFileHeader + 36 7C938582 90 Bytes [ 33, 00, FF, 00, 66, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPcToFileHeader + 91 7C9385DD 36 Bytes [ CC, 66, 00, FF, CC, 99, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlPcToFileHeader + B6 7C938602 10 Bytes [ 66, 00, 66, FF, FF, 00, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryDepthSList + 4A 7C93879A 10 Bytes [ 08, 08, 07, 00, 7B, 76, 1F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryDepthSList + 55 7C9387A5 30 Bytes [ C0, 5F, 5F, FF, E1, 5F, 5F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryDepthSList + 76 7C9387C6 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryDepthSList + 7F 7C9387CF 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryDepthSList + 9D 7C9387ED 38 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSystemTimeToLocalTime + A 7C938A9D 9 Bytes [ 00, 00, 0C, 00, 00, 00, 13, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSystemTimeToLocalTime + 14 7C938AA7 34 Bytes [ 1A, 00, 00, 00, 21, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSystemTimeToLocalTime + 37 7C938ACA 25 Bytes [ 00, 01, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressW + 15 7C938AE4 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressW + 1D 7C938AEC 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressW + 24 7C938AF3 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressW + 2A 7C938AF9 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressW + 2E 7C938AFD 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidSecurityDescriptor + 1B 7C938CB0 2 Bytes [ 4E, 9D ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidSecurityDescriptor + 1E 7C938CB3 269 Bytes [ FF, 55, A4, 00, FF, 57, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetAce + 59 7C938DC2 6 Bytes [ 00, 31, 00, 00, 00, 1B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetAce + 60 7C938DC9 3 Bytes [ 00, 00, 0D ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetAce + 64 7C938DCD 4 Bytes [ 00, 00, 05, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetAce + 69 7C938DD2 10 Bytes [ 00, 01, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetAce + 74 7C938DDD 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstol + 7 7C938EDA 13 Bytes [ 00, 0D, 54, 9B, 5D, 83, 58, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstol + 15 7C938EE8 30 Bytes [ 5D, B9, 54, FF, 5A, B8, 4B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstol + 34 7C938F07 5 Bytes [ EA, 0E, 25, 15, A4 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstol + 3A 7C938F0D 22 Bytes [ 3A, 49, A5, 26, 90, B5, E9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstol + 51 7C938F24 29 Bytes [ 36, C3, F3, FF, 37, C2, F1, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcscmp + 85 7C938FEC 74 Bytes [ 2F, C7, F2, FF, 2E, BF, E9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeSListHead + 27 7C939037 17 Bytes [ 8B, 8B, 78, FF, 8F, 88, F8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeSListHead + 39 7C939049 27 Bytes [ 11, 3F, B8, B8, B8, B8, B8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeSListHead + 55 7C939065 52 Bytes [ 8B, 8B, 8B, 78, FF, 88, F8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeSListHead + 8A 7C93909A 144 Bytes [ 8F, 88, F8, 8F, 88, F8, 8F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeSListHead + 11C 7C93912C 118 Bytes [ F8, 8F, 88, F8, 8F, FF, F8, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrIdentifyAlertableThread + B 7C95054D 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrIdentifyAlertableThread + 11 7C950553 20 Bytes [ 03, 00, 00, 00, 16, 23, 23, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrIdentifyAlertableThread + 26 7C950568 7 Bytes [ FA, FA, FA, FF, F7, F7, F7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrIdentifyAlertableThread + 2E 7C950570 15 Bytes [ F5, F5, F5, FF, F2, F2, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrSetPriorityClass + 2 7C950580 23 Bytes [ EA, EA, EA, FF, E7, E7, E7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrSetPriorityClass + 1A 7C950598 7 Bytes [ B0, B0, B0, FF, B2, B2, B2 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrSetPriorityClass + 22 7C9505A0 7 Bytes [ 63, 63, 63, FF, 3C, 3C, 3C ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrSetPriorityClass + 2A 7C9505A8 7 Bytes [ 45, 45, 45, FF, 51, 51, 51 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrSetPriorityClass + 32 7C9505B0 35 Bytes [ 5B, 5B, 5B, FF, 64, 64, 64, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrCaptureTimeout + 2 7C9505D4 43 Bytes [ C3, C3, C3, FF, E3, E3, E3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrCaptureTimeout + 2E 7C950600 67 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!CsrProbeForWrite + 3F 7C950644 118 Bytes [ E5, E5, E5, FF, C5, C5, C5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConnectToDbg + 34 7C9506BD 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConnectToDbg + 3D 7C9506C6 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConnectToDbg + 3F 7C9506C8 83 Bytes [ 00, 00, 00, 04, 24, 24, 24, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiWaitStateChange + F 7C95071C 5 Bytes [ AE, AE, AE, FF, B0 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiWaitStateChange + 15 7C950722 29 Bytes [ B0, FF, B2, B2, B2, FF, B4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiContinue + C 7C950740 15 Bytes [ 70, 70, 70, FF, 7A, 7A, 7A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiContinue + 1C 7C950750 37 Bytes [ 99, 99, 99, FF, A5, A5, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiStopDebugging + 1D 7C950776 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiRemoteBreakin + 10 7C95078B 28 Bytes [ 06, 29, 29, 29, 6B, 44, 44, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiRemoteBreakin + 2D 7C9507A8 35 Bytes [ F2, F2, F2, FF, EF, EF, EF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiRemoteBreakin + 51 7C9507CC 43 Bytes [ 98, 98, 98, FF, A5, A5, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiIssueRemoteBreakin + 1F 7C9507F8 35 Bytes [ B9, B9, B9, FF, B0, B0, B0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiDebugActiveProcess + 2 7C95081C 111 Bytes [ 67, 67, 67, FF, 4A, 4A, 4A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConvertStateChangeStructure + 30 7C95088C 343 Bytes [ 66, 66, 66, FF, 6E, 6E, 6E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConvertStateChangeStructure + 188 7C9509E4 19 Bytes [ ED, ED, ED, FF, EA, EA, EA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConvertStateChangeStructure + 19C 7C9509F8 116 Bytes [ 94, 94, 94, FF, BF, BF, BF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConvertStateChangeStructure + 213 7C950A6F 17 Bytes [ 18, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgUiConvertStateChangeStructure + 227 7C950A83 84 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrHotPatchRoutine + 14 7C950B5A 89 Bytes [ E7, FF, B2, B2, B2, FF, 77, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrHotPatchRoutine + 6E 7C950BB4 69 Bytes [ 97, 97, 97, FF, 86, 86, 86, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrHotPatchRoutine + B6 7C950BFC 186 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrHotPatchRoutine + 171 7C950CB7 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrHotPatchRoutine + 17E 7C950CC4 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetUnloadEventTrace + 29 7C950E5C 131 Bytes [ E3, E3, E3, FF, E0, E0, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetUnloadEventTrace + AD 7C950EE0 35 Bytes [ BB, BB, BB, FF, 89, 89, 89, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetUnloadEventTrace + D2 7C950F05 22 Bytes [ 00, 00, 00, 00, 00, 00, 0C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetUnloadEventTrace + E9 7C950F1C 155 Bytes [ E0, E0, E0, FF, DD, DD, DD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetUnloadEventTrace + 185 7C950FB8 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrQueryProcessModuleInformation + 17 7C9513B0 107 Bytes [ EA, EA, EA, FF, EA, EA, EA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrSetAppCompatDllRedirectionCallback + 63 7C95141C 16 Bytes [ 4E, 4E, 4E, C7, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsThreadWithinLoaderCallout + 6 7C95142F 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsThreadWithinLoaderCallout + 22 7C95144B 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsThreadWithinLoaderCallout + 36 7C95145F 127 Bytes [ 00, 00, 00, 00, 10, 50, 50, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsThreadWithinLoaderCallout + B6 7C9514DF 1 Byte [ 19 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsThreadWithinLoaderCallout + BD 7C9514E6 193 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitShimEngineDynamic + 2 7C95162C 66 Bytes [ CA, CA, CA, FF, CE, CE, CE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitShimEngineDynamic + 45 7C95166F 149 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitShimEngineDynamic + DB 7C951705 57 Bytes [ 00, 00, 0C, 00, 00, 00, 07, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitShimEngineDynamic + 115 7C95173F 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrInitShimEngineDynamic + 139 7C951763 57 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputePrivatizedDllName_U + 2B 7C951C8E 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputePrivatizedDllName_U + 3B 7C951C9E 100 Bytes [ 00, 00, 00, 00, 00, 09, 65, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputePrivatizedDllName_U + A0 7C951D03 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputePrivatizedDllName_U + C3 7C951D26 59 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputePrivatizedDllName_U + 100 7C951D63 91 Bytes [ 12, 7E, 54, 54, D5, C6, A2, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWriteMemoryStream + 4 7C951F6D 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWriteMemoryStream + 8 7C951F71 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSeekMemoryStream + B 7C951F81 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSeekMemoryStream + 16 7C951F8C 96 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCopyOutOfProcessMemoryStreamTo + 8 7C951FED 158 Bytes [ 00, 00, 10, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDumpResource + 2 7C95208C 64 Bytes [ FF, F9, F3, FF, FF, F9, F3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDumpResource + 43 7C9520CD 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDumpResource + 54 7C9520DE 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDumpResource + 74 7C9520FE 89 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNotOwnerCriticalSection + 2 7C952158 21 Bytes [ FF, FB, F8, FF, FF, FB, F8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNotOwnerCriticalSection + 18 7C95216E 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNotOwnerCriticalSection + 24 7C95217A 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNotOwnerCriticalSection + 35 7C95218B 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNotOwnerCriticalSection + 3C 7C952192 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityObjectWithMultipleInheritance + 2 7C952219 40 Bytes [ FE, FE, FF, EC, E2, E1, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObjectEx + 1B 7C952242 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetSecurityObjectEx + 24 7C95224B 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQuerySecurityObject + 2B 7C95227B 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQuerySecurityObject + 2E 7C95227E 200 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQuerySecurityObject + F8 7C952348 35 Bytes [ FF, FF, 03, E0, FF, FF, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQuerySecurityObject + 11D 7C95236D 4 Bytes [ 7F, 00, 00, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQuerySecurityObject + 123 7C952373 27 Bytes [ 00, 00, 1F, 00, 00, FC, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewInstanceSecurityObject + 1C 7C95246E 70 Bytes [ 00, 00, FF, 00, 00, 03, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewInstanceSecurityObject + 63 7C9524B5 13 Bytes [ FF, 00, 00, F8, 00, 00, 3F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewInstanceSecurityObject + 71 7C9524C3 28 Bytes [ 00, 20, 00, 00, 00, 40, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityGrantedAccess + 18 7C9524E0 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityGrantedAccess + 2E 7C9524F6 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityGrantedAccess + 35 7C9524FD 43 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityGrantedAccess + 63 7C95252B 53 Bytes [ 07, 00, 00, 00, 04, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlNewSecurityGrantedAccess + 99 7C952561 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDefaultNpAcl + 63 7C952698 32 Bytes [ C0, C0, C0, FF, A3, A3, A3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDefaultNpAcl + 84 7C9526B9 19 Bytes [ FF, FF, FF, E6, E6, E6, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDefaultNpAcl + 98 7C9526CD 24 Bytes [ 00, 00, A1, 00, 00, 00, 70, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDefaultNpAcl + B2 7C9526E7 34 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDefaultNpAcl + D5 7C95270A 1 Byte [ 82 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUiListToApiList + 8C 7C9529C3 8 Bytes [ FF, BF, BF, BF, FF, C3, C3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUiListToApiList + 95 7C9529CC 17 Bytes [ A1, A1, A1, FF, C8, C8, C8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUiListToApiList + A8 7C9529DF 6 Bytes [ 60, 00, 00, 00, 0C, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUiListToApiList + AF 7C9529E6 81 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertUiListToApiList + 101 7C952A38 19 Bytes [ 88, 88, 88, FF, A7, A7, A7, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateQueryDebugBuffer + 16 7C952EED 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateQueryDebugBuffer + 18 7C952EEF 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateQueryDebugBuffer + 1D 7C952EF4 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateQueryDebugBuffer + 28 7C952EFF 16 Bytes [ 00, 87, 87, 87, DF, B9, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateQueryDebugBuffer + 39 7C952F10 27 Bytes [ FF, B3, A6, FF, FF, C5, B9, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyQueryDebugBuffer + 5D 7C95301C 8 Bytes [ FF, DB, B7, FF, FF, DB, B7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyQueryDebugBuffer + 66 7C953025 35 Bytes [ DB, B7, FF, FF, DA, B5, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyQueryDebugBuffer + 8A 7C953049 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyQueryDebugBuffer + 8F 7C95304E 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyQueryDebugBuffer + 9F 7C95305E 77 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessBackTraceInformation + C 7C9530AC 35 Bytes [ FF, DF, BE, FF, CC, A2, 92, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessBackTraceInformation + 31 7C9530D1 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessBackTraceInformation + 3D 7C9530DD 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessBackTraceInformation + 41 7C9530E1 42 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessBackTraceInformation + 6D 7C95310D 6 Bytes [ E4, C8, FF, FF, E4, C8 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessHeapInformation + 24 7C95326D 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessHeapInformation + 2F 7C953278 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessHeapInformation + 33 7C95327C 66 Bytes [ 58, 3A, 3A, 1C, AC, 80, 7D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessHeapInformation + 77 7C9532C0 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessHeapInformation + 81 7C9532CA 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessLockInformation + F 7C953784 79 Bytes [ 64, 64, 64, EA, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessLockInformation + 5F 7C9537D4 11 Bytes [ 61, 61, 61, 10, 6A, 6A, 6A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessLockInformation + 6B 7C9537E0 53 Bytes [ EC, EC, EC, FF, B2, B2, B2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessLockInformation + A1 7C953816 78 Bytes [ 00, 00, 00, 00, 00, 00, BC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessLockInformation + F0 7C953865 66 Bytes [ DC, B8, FF, FF, DC, B8, FF, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 116 Bytes [ ED, DC, FF, DA, C0, B4, FA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessDebugInformation + 77 7C953962 40 Bytes [ D7, FF, E6, D8, D7, FF, E6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessDebugInformation + A2 7C95398D 6 Bytes [ 00, 00, 00, F0, 03, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessDebugInformation + A9 7C953994 9 Bytes [ C0, 01, 00, 00, 80, 00, 43, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlQueryProcessDebugInformation + B3 7C95399E 12 Bytes [ D0, FF, 80, 00, FB, FF, 80, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplicationVerifierStop + F 7C95505C 36 Bytes [ 86, 83, 81, 00, 82, 82, 82, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplicationVerifierStop + 34 7C955081 5 Bytes [ 8B, 8B, 00, 90, 8D ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplicationVerifierStop + 3A 7C955087 44 Bytes [ 00, 8C, 8C, 8C, 00, 8D, 8D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplicationVerifierStop + 67 7C9550B4 11 Bytes [ 97, 97, 97, 00, 98, 98, 98, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlApplicationVerifierStop + 73 7C9550C0 67 Bytes [ 9A, 9A, 9A, 00, 9B, 9B, 9B, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlZombifyActivationContext + 6 7C956A13 80 Bytes [ 56, 49, 59, 6A, 49, 23, 0C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsActivationContextActive + 6 7C956A64 131 Bytes [ 5A, 50, 43, 44, 66, 3F, 21, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsActivationContextActive + 8A 7C956AE8 5 Bytes [ E0, 01, C8, BD, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsActivationContextActive + 90 7C956AEE 56 Bytes [ 19, 4B, 28, 00, 00, 00, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsActivationContextActive + C9 7C956B27 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsActivationContextActive + D0 7C956B2E 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeImportTableHash + 95 7C9580CC 47 Bytes [ 9A, 9A, 9A, FF, 33, 2E, 2B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeImportTableHash + C5 7C9580FC 35 Bytes [ 99, 99, 99, FF, DB, DB, DB, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeImportTableHash + E9 7C958120 27 Bytes [ F2, F2, F2, FF, BF, BF, BF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeImportTableHash + 105 7C95813C 39 Bytes JMP 66956B2A
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeImportTableHash + 12D 7C958164 39 Bytes [ 98, 98, 98, FF, 6B, 6B, 6B, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertVariantToProperty + 2F 7C95858C 11 Bytes [ FA, FA, FA, FF, E1, E1, E1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertVariantToProperty + 3B 7C958598 7 Bytes [ 99, 99, 99, FF, A8, A8, A8 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertVariantToProperty + 43 7C9585A0 27 Bytes [ A8, A8, A8, FF, A8, A8, A8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertVariantToProperty + 5F 7C9585BC 15 Bytes [ A8, A8, A8, FF, A8, A8, A8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertVariantToProperty + 6F 7C9585CC 87 Bytes [ 72, 72, 72, FF, 7B, 7B, 7B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertPropertyToVariant + 29 7C958624 48 Bytes [ FC, FC, FC, FF, FC, FC, FC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertPropertyToVariant + 5A 7C958655 2 Bytes [ 33, 33 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertPropertyToVariant + 5D 7C958658 11 Bytes [ 33, 33, 33, FF, 49, 49, 49, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlConvertPropertyToVariant + 69 7C958664 79 Bytes [ 7B, 7B, 7B, FF, 90, 90, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PropertyLengthAsVariant + 21 7C9586B4 7 Bytes [ 60, 60, 60, FF, 56, 56, 56 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PropertyLengthAsVariant + 29 7C9586BC 31 Bytes [ 4D, 4D, 4D, FF, 4A, 4A, 4A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PropertyLengthAsVariant + 49 7C9586DC 19 Bytes [ 40, 3F, 3F, F3, F0, F0, F0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PropertyLengthAsVariant + 5D 7C9586F0 11 Bytes [ FD, FD, FD, FF, FD, FD, FD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PropertyLengthAsVariant + 69 7C9586FC 71 Bytes [ 40, 40, 40, FF, 3F, 3F, 3F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetUnicodeCallouts + 1B 7C958744 11 Bytes [ A3, A3, A3, FF, 93, 93, 93, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetUnicodeCallouts + 27 7C958750 11 Bytes [ 80, 80, 80, FF, 80, 80, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetUnicodeCallouts + 33 7C95875C 14 Bytes [ A3, A3, A3, FF, A3, A3, A3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetUnicodeCallouts + 42 7C95876B 4 Bytes [ FF, 66, 66, 66 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetUnicodeCallouts + 47 7C958770 1 Byte [ 66 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgPrintReturnControlC + 32 7C95884C 31 Bytes [ 85, 85, 85, FF, 33, 2E, 2B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgPrintReturnControlC + 52 7C95886C 7 Bytes [ 4D, 4D, 4D, FF, 73, 73, 73 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgPrintReturnControlC + 5A 7C958874 10 Bytes [ CC, CC, CC, FF, F1, F1, F1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgPrintReturnControlC + 66 7C958880 15 Bytes [ D6, D6, D6, FF, B0, B0, B0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!DbgPrintReturnControlC + 76 7C958890 19 Bytes [ CA, CA, CA, FF, 97, 97, 97, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindEntryForAddress + 2D 7C95899C 80 Bytes [ D6, D6, D6, FF, C3, C3, C3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindEntryForAddress + 7F 7C9589EE 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindEntryForAddress + 87 7C9589F6 141 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrEnumResources + 80 7C958A84 22 Bytes [ 7B, 7B, 7B, FF, 66, 66, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrEnumResources + 99 7C958A9D 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrEnumResources + A2 7C958AA6 223 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrEnumResources + 184 7C958B88 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrEnumResources + 18D 7C958B91 176 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindResourceEx_U + 2 7C959738 3 Bytes [ B6, 7D, 7F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindResourceEx_U + 6 7C95973C 11 Bytes [ B4, 6E, 6E, FF, 8B, 7A, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindResourceEx_U + 12 7C959748 27 Bytes [ 4F, B2, F5, FF, 53, AF, F0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindResourceEx_U + 2E 7C959764 64 Bytes JMP 661AD068
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!LdrFindResourceEx_U + 70 7C9597A6 11 Bytes [ 00, 01, 00, 00, 00, 02, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCustomCPToUnicodeN + 10B 7C959F70 55 Bytes [ 8D, C7, EF, 2A, 77, C4, F9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCustomCPToUnicodeN + 143 7C959FA8 27 Bytes [ 2A, 57, E0, FF, 2A, 57, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCustomCPToUnicodeN + 15F 7C959FC4 129 Bytes [ 28, 54, D8, FF, 23, 48, BB, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCustomCPToUnicodeN + 1E1 7C95A046 142 Bytes [ EB, FF, 3B, 87, EA, FF, 36, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnicodeToCustomCPN + 8C 7C95A0D5 118 Bytes [ 82, 33, 0B, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnicodeToCustomCPN + 103 7C95A14C 95 Bytes [ 1A, 37, 8E, B6, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnicodeToCustomCPN + 164 7C95A1AD 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnicodeToCustomCPN + 16A 7C95A1B3 99 Bytes [ 00, 00, 00, 00, 00, 83, C1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 1E 7C95A217 366 Bytes [ 12, CD, 95, 55, DB, CB, 91, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 18D 7C95A386 54 Bytes [ DA, FF, 24, 4A, BF, FF, 1D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 1C5 7C95A3BE 212 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 29B 7C95A494 212 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 371 7C95A56A 63 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInitialize + D 7C95AA76 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInitialize + 11 7C95AA7A 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInitialize + 19 7C95AA82 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxRemovePrefix + 11 7C95AA98 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxRemovePrefix + 19 7C95AAA0 76 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxRemovePrefix + 66 7C95AAED 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxRemovePrefix + 75 7C95AAFC 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxRemovePrefix + 7F 7C95AB06 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInsertPrefix + 29 7C95ACF7 40 Bytes [ 00, 00, 1F, FF, 80, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInsertPrefix + 52 7C95AD20 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInsertPrefix + 55 7C95AD23 5 Bytes [ FE, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInsertPrefix + 5B 7C95AD29 42 Bytes [ FF, FF, FF, 00, 03, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxInsertPrefix + 86 7C95AD54 30 Bytes [ FF, FF, 00, 00, 28, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxFindPrefix + 3F 7C95ADF0 28 Bytes [ 00, 00, 00, 01, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxFindPrefix + 5C 7C95AE0D 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxFindPrefix + 67 7C95AE18 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!PfxFindPrefix + 75 7C95AE26 60 Bytes [ 00, 01, 00, 00, 00, 01, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 13 7C95AE63 7 Bytes [ 0F, 00, 00, 00, 0E, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 1B 7C95AE6B 5 Bytes [ 0A, 00, 00, 00, 07 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 21 7C95AE71 11 Bytes [ 00, 00, 03, 00, 00, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 2E 7C95AE7E 75 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 7A 7C95AECA 31 Bytes [ 00, 2D, 00, 00, 00, 22, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetInformationAcl + 1C 7C95AEEB 11 Bytes [ 16, 00, 00, 00, 0E, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetInformationAcl + 28 7C95AEF7 15 Bytes [ 03, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetInformationAcl + 38 7C95AF07 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetInformationAcl + 42 7C95AF11 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetInformationAcl + 47 7C95AF16 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddCompoundAce + 18 7C95AF33 15 Bytes [ 1D, 00, 00, 00, 2F, 1E, 38, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddCompoundAce + 28 7C95AF43 13 Bytes [ DE, 2E, 4D, 00, A3, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddCompoundAce + 37 7C95AF52 10 Bytes [ 00, 2E, 00, 00, 00, 2E, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddCompoundAce + 43 7C95AF5E 6 Bytes [ 00, 37, 00, 00, 00, 38 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddCompoundAce + 4C 7C95AF67 36 Bytes [ 33, 00, 00, 00, 28, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessDeniedAceEx + 1F 7C95B17E 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessAceEx + 9 7C95B18C 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessAceEx + 13 7C95B196 61 Bytes [ 00, 02, 00, 00, 00, 05, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessAllowedObjectAce + 19 7C95B1D4 23 Bytes [ 19, CD, F3, FF, 1D, CF, F5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessAllowedObjectAce + 31 7C95B1EC 22 Bytes [ 16, 67, 7E, C4, 02, 09, 0B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessAllowedObjectAce + 48 7C95B203 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessDeniedObjectAce + 9 7C95B211 5 Bytes [ 00, 00, 02, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessDeniedObjectAce + F 7C95B217 28 Bytes [ 05, 00, 00, 00, 0B, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessDeniedObjectAce + 2C 7C95B234 11 Bytes [ 61, AE, 27, FF, 64, B7, 4B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessDeniedObjectAce + 38 7C95B240 11 Bytes [ 61, BA, 62, FF, B3, 66, 5C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAccessDeniedObjectAce + 44 7C95B24C 4 Bytes [ 00, DB, FC, FF ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessObjectAce + 2 7C95B258 83 Bytes [ 01, D7, F5, FF, 03, D8, F5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessObjectAce + 56 7C95B2AC 11 Bytes [ 5E, 9C, 00, FF, 5F, 9E, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessObjectAce + 62 7C95B2B8 44 Bytes [ 5E, A0, 00, FF, 5D, B8, 31, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlAddAuditAccessObjectAce + 8F 7C95B2E5 37 Bytes [ DA, F3, FF, 00, C3, DE, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyAtomTable + 21 7C95B30B 5 Bytes [ 01, 00, 00, 00, 04 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDestroyAtomTable + 28 7C95B312 77 Bytes [

#12 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 11:31 PM

.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWalkHeap + 1A 7C96013B 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWalkHeap + 1F 7C960140 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWalkHeap + 25 7C960146 76 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWalkHeap + 72 7C960193 20 Bytes [ FF, FF, 99, 00, FF, F4, 96, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlWalkHeap + 87 7C9601A8 52 Bytes [ 33, 6C, 46, FF, 33, C2, 63, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateHeap + 18 7C960A30 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateHeap + 24 7C960A3C 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateHeap + 7C 7C960A94 15 Bytes [ 40, A6, D9, FF, 54, A2, BB, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateHeap + 8C 7C960AA4 41 Bytes [ FF, D6, 7A, FF, E7, B0, 74, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateHeap + B7 7C960ACF 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateProcessHeaps + B 7C960C46 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateProcessHeaps + 17 7C960C52 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateProcessHeaps + 1A 7C960C55 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateProcessHeaps + 36 7C960C71 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlValidateProcessHeaps + 39 7C960C74 52 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUsageHeap + 16 7C960CFE 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUsageHeap + 23 7C960D0B 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUsageHeap + 2C 7C960D14 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUsageHeap + 39 7C960D21 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUsageHeap + 3E 7C960D26 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetCompressionWorkSpaceSize + 10 7C961251 25 Bytes [ 88, 00, FF, 00, 86, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetCompressionWorkSpaceSize + 2B 7C96126C 26 Bytes [ 4C, 27, 1A, FF, 6C, 46, 35, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetCompressionWorkSpaceSize + 46 7C961287 1 Byte [ E2 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetCompressionWorkSpaceSize + 4A 7C96128B 1 Byte [ 7B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetCompressionWorkSpaceSize + 4E 7C96128F 71 Bytes [ 21, 00, 00, 00, 01, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompressBuffer + 2B 7C9612D8 11 Bytes [ D1, 7F, 00, FF, F0, 7C, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompressBuffer + 37 7C9612E4 38 Bytes [ 88, 47, 00, FF, 1A, 3C, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCompressBuffer + 5E 7C96130B 43 Bytes [ 86, 00, 00, 00, 26, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressBuffer + E 7C961337 20 Bytes [ FF, DF, 73, 00, FF, DB, 7B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressBuffer + 23 7C96134C 11 Bytes [ A2, 91, 04, FF, 9D, 91, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressBuffer + 2F 7C961358 22 Bytes [ F9, 88, 00, FF, EB, 85, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressBuffer + 46 7C96136F 1 Byte [ FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressBuffer + 48 7C961371 1 Byte [ 71 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressFragment + F 7C9613A4 19 Bytes [ 00, 00, 00, 01, DE, A0, 50, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressFragment + 23 7C9613B8 11 Bytes [ C5, 80, 01, FF, 36, 9B, 0C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressFragment + 2F 7C9613C4 11 Bytes [ B4, 97, 06, FF, 99, 9D, 0D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressFragment + 3B 7C9613D0 10 Bytes [ EC, 9C, 07, FF, FE, 98, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDecompressFragment + 46 7C9613DB 11 Bytes [ FF, F6, 8F, 00, FF, EF, 8A, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeCrc32 + 1E 7C96150F 1 Byte [ 18 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeCrc32 + 20 7C961511 21 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeCrc32 + 36 7C961527 46 Bytes [ 00, EE, D5, 91, A6, D6, 71, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeCrc32 + 65 7C961556 408 Bytes [ 7F, FF, FF, D1, 6F, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlComputeCrc32 + 1FE 7C9616EF 583 Bytes [ FF, DF, 7E, 00, FF, 53, 81, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateBootStatusDataFile + B 7C961938 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateBootStatusDataFile + 2F 7C96195C 105 Bytes [ 9D, BF, 4E, FF, 85, C1, 54, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateBootStatusDataFile + 99 7C9619C6 51 Bytes [ 00, 00, DF, D9, A5, 08, F5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateBootStatusDataFile + CD 7C9619FA 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateBootStatusDataFile + D0 7C9619FD 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetCurrentEnvironment + 15 7C961B1A 11 Bytes [ 00, 5B, 00, 00, 00, 3D, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetCurrentEnvironment + 22 7C961B27 19 Bytes [ 04, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetCurrentEnvironment + 38 7C961B3D 83 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetCurrentEnvironment + 8C 7C961B91 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSetCurrentEnvironment + AE 7C961BB3 61 Bytes [ 18, 00, 00, 00, 17, 0B, 08, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExitUserThread + 10 7C961BF3 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlExitUserThread + 18 7C961BFB 87 Bytes [ 01, 00, 00, 00, 08, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFreeUserThreadStack + 46 7C961C53 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFreeUserThreadStack + 49 7C961C56 76 Bytes [ 00, 03, 00, 00, 00, 11, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFreeUserThreadStack + 96 7C961CA3 52 Bytes [ 42, 00, 00, 00, 0D, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFreeUserThreadStack + CB 7C961CD8 42 Bytes [ C5, 60, 3F, FE, 8C, 34, 11, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFreeUserThreadStack + F6 7C961D03 5 Bytes [ 16, 00, 00, 00, 02 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 6B 7C96215F 25 Bytes [ FF, 5C, 8C, 00, FF, 4A, 82, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 85 7C962179 238 Bytes [ 00, 00, 0C, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 174 7C962268 11 Bytes [ CB, F1, AE, FF, DF, E8, 9D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 180 7C962274 7 Bytes [ 17, C7, 5B, FF, 42, B2, 33 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 188 7C96227C 11 Bytes JMP 5B9522FF
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToElapsedTimeFields + 17 7C962304 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToElapsedTimeFields + 23 7C962310 62 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTimeToElapsedTimeFields + 62 7C96234F 33 Bytes [ 01, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSecondsSince1980ToTime + 1D 7C962371 75 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSecondsSince1970ToTime + 32 7C9623BD 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLocalTimeToSystemTime + A 7C9623CC 44 Bytes [ FF, C0, 00, 01, FC, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLocalTimeToSystemTime + 37 7C9623F9 6 Bytes [ 00, 03, FF, 00, 00, 03 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlSubtreeSuccessor + 2 7C962400 88 Bytes [ 00, 00, 03, FF, 00, 00, 03, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRealPredecessor + 38 7C962459 78 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteNoSplay + 4A 7C9624A8 21 Bytes [ E6, BE, 99, F1, F3, C2, 94, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteNoSplay + 60 7C9624BE 26 Bytes [ 00, 7B, 00, 00, 00, 78, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteNoSplay + 7B 7C9624D9 30 Bytes [ 00, 00, 01, 00, 00, 00, 09, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetElementGenericTable + 1A 7C9624F8 44 Bytes [ F3, CE, A7, FF, EC, C8, A2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetElementGenericTable + 47 7C962525 1 Byte [ 24 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetElementGenericTable + 49 7C962527 87 Bytes [ AA, 41, 1D, 00, B6, 21, 0E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnumerateGenericTable + 18 7C96257F 125 Bytes [ 91, 00, 00, 00, 7C, E0, C4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnumerateGenericTable + 96 7C9625FD 54 Bytes [ CC, AB, FF, F6, E5, C8, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnumerateGenericTable + CD 7C962634 47 Bytes [ F3, D1, A8, FF, F3, D8, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnumerateGenericTable + FD 7C962664 3 Bytes [ 00, 8B, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlEnumerateGenericTable + 101 7C962668 43 Bytes [ 68, 90, 3A, FF, D8, A6, 80, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsGenericTableEmptyAvl + 14 7C9628CC 35 Bytes [ A5, 03, 20, 20, 00, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetElementGenericTableAvl + 1F 7C9628F0 10 Bytes [ 08, 00, 68, 05, 00, 00, A8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetElementGenericTableAvl + 2B 7C9628FC 141 Bytes [ 01, 00, 20, 00, A8, 25, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGetElementGenericTableAvl + B9 7C96298A 156 Bytes [ EF, 00, C5, FD, FF, 00, B5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInsertElementGenericTableAvl + 14 7C962A27 50 Bytes CALL 56652B2B
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteElementGenericTableAvl + 14 7C962A5A 18 Bytes [ B9, 00, 7B, E0, FF, 00, 89, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteElementGenericTableAvl + 27 7C962A6D 5 Bytes [ DB, FF, 00, 43, E3 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteElementGenericTableAvl + 2D 7C962A73 20 Bytes [ 00, 6E, E1, F2, 00, 86, D6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteElementGenericTableAvl + 42 7C962A88 3 Bytes [ 9F, D9, EC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlDeleteElementGenericTableAvl + 46 7C962A8C 339 Bytes [ 80, FF, AA, 00, 8C, D5, F5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterSecureMemoryCacheCallback + 20 7C962BE0 5 Bytes [ A3, A2, A2, 00, 18 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRegisterSecureMemoryCacheCallback + 26 7C962BE6 81 Bytes [ D3, 00, 2B, A3, CB, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFlushSecureMemoryCache + 3C 7C962C38 15 Bytes [ 04, 92, C1, 00, 00, 71, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFlushSecureMemoryCache + 4C 7C962C48 7 Bytes [ 2C, 66, FF, 00, 00, 80, D9 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFlushSecureMemoryCache + 54 7C962C50 2 Bytes [ 00, 6C ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFlushSecureMemoryCache + 57 7C962C53 12 Bytes [ 00, 9C, 8A, 8A, 00, 08, 8B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlFlushSecureMemoryCache + 64 7C962C60 43 Bytes [ 3D, B0, 55, 00, 89, 87, 87, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIsNameLegalDOS8Dot3 + A6 7C962F8F 234 Bytes [ 97, 97, 97, 97, 97, 97, 97, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGenerate8dot3Name + 10 7C96307A 133 Bytes [ 97, 97, 97, 97, 97, 97, 97, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGenerate8dot3Name + 96 7C963100 265 Bytes [ 39, 39, 39, 39, 39, 39, 5C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGenerate8dot3Name + 1A0 7C96320A 69 Bytes [ 88, 7A, 48, 69, 69, 95, 24, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGenerate8dot3Name + 1E6 7C963250 303 Bytes [ 16, 16, 16, 16, 16, 16, 4A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlGenerate8dot3Name + 316 7C963380 743 Bytes [ E1, E1, DB, E6, 97, 97, 97, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInterlockedFlushSList + 71 7C963668 3 Bytes [ FF, F8, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInterlockedFlushSList + 75 7C96366C 16 Bytes [ 3F, FF, 00, 00, 80, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInterlockedFlushSList + 86 7C96367D 77 Bytes [ 03, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInterlockedFlushSList + D4 7C9636CB 42 Bytes [ 0F, FF, FF, 00, 00, E0, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeStackTraceDataBase + 1D 7C9636F6 7 Bytes [ 00, 00, E0, 00, 00, 00, 3F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeStackTraceDataBase + 25 7C9636FE 5 Bytes [ 00, 00, E0, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeStackTraceDataBase + 2B 7C963704 44 Bytes [ 1F, FF, 00, 00, E0, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeStackTraceDataBase + 58 7C963731 12 Bytes [ 00, 00, 00, 03, FF, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlInitializeStackTraceDataBase + 65 7C96373E 49 Bytes [ 00, 00, C0, 00, 00, 00, 03, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringA + 18 7C9638C3 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringA + 1E 7C9638C9 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringA + 28 7C9638D3 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringA + 30 7C9638DB 2 Bytes [ 66, 66 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringA + 33 7C9638DE 9 Bytes [ 66, 66, 66, 66, 66, 66, 66, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExA + 2C 7C963B03 162 Bytes [ 8D, 8C, 8B, 7B, 7A, 79, 68, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExA + CF 7C963BA6 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExA + D7 7C963BAE 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExA + DC 7C963BB3 43 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringA + 22 7C963BDF 32 Bytes [ 34, 30, 3B, 34, 30, 35, 33, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringA + 43 7C963C00 112 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExA + 67 7C963C72 55 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4AddressToStringExA + 9F 7C963CAA 28 Bytes [ 25, A2, CA, 59, AF, CC, 83, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringW + 18 7C963CC9 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringW + 1E 7C963CCF 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringW + 28 7C963CD9 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringW + 32 7C963CE3 48 Bytes [ 00, 00, 00, 63, B2, CC, 3F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringW + 63 7C963D14 97 Bytes [ 9D, CF, 07, 8A, B5, 15, 77, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExW + B 7C963F24 52 Bytes [ 00, 00, 30, A2, C7, 84, D2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExW + 40 7C963F59 34 Bytes [ 8C, F2, FF, B3, F2, FF, CF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExW + 63 7C963F7C 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExW + 99 7C963FB2 9 Bytes [ FF, B3, FF, FF, B3, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6AddressToStringExW + A3 7C963FBC 10 Bytes [ BC, F2, FF, D7, FF, FF, 37, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressA + 2 7C96400F 43 Bytes [ FF, C6, FF, FF, C6, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressA + 2F 7C96403C 64 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressA + 70 7C96407D 17 Bytes [ 33, FF, 56, 80, FF, 2D, 63, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressA + 82 7C96408F 11 Bytes [ 33, FF, 41, 4F, A4, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressA + 8E 7C96409B 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExA + 5B 7C964388 18 Bytes [ 66, 66, 66, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExA + 6F 7C96439C 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExA + 77 7C9643A4 101 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExA + DD 7C96440A 9 Bytes [ 01, FF, FF, 00, 01, FF, 80, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExA + E7 7C964414 1 Byte [ 80 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressExA + 12 7C96457C 43 Bytes [ 4B, 57, A6, 00, 2B, 3F, A9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressExA + 3E 7C9645A8 31 Bytes [ 0D, 2E, C4, 00, 53, 6A, C8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressExA + 5E 7C9645C8 11 Bytes [ 80, BF, D9, 00, 49, AD, DA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressExA + 6A 7C9645D4 31 Bytes [ 50, BC, DF, 00, 63, BC, DF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv4StringToAddressExA + 8A 7C9645F4 59 Bytes [ 47, C0, E6, 00, E6, E6, E6, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressW + 29 7C96472C 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressW + 34 7C964737 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressW + 3E 7C964741 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressW + 46 7C964749 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressW + 4B 7C96474E 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExW + 18 7C964A19 7 Bytes [ 00, 00, 01, 00, 00, 00, 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExW + 21 7C964A22 7 Bytes [ 00, 02, 00, 00, 00, 02, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExW + 2A 7C964A2B 7 Bytes [ 02, 00, 00, 00, 02, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExW + 32 7C964A33 113 Bytes [ 02, 00, 00, 00, 02, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlIpv6StringToAddressExW + A4 7C964AA5 16 Bytes [ 00, 00, 02, 00, 00, 00, 02, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerDivide + 34 7C964C98 47 Bytes [ D9, B3, B3, FF, D9, B3, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerDivide + 64 7C964CC8 327 Bytes [ D9, B3, B3, FF, D9, B3, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerDivide + 1AC 7C964E10 51 Bytes [ 9C, 8A, 8A, FF, 9C, 8A, 8A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerDivide + 1E0 7C964E44 27 Bytes [ 9C, 8A, 8A, FF, 9C, 8A, 8A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlLargeIntegerDivide + 1FC 7C964E60 46 Bytes [ 59, F2, 85, FF, 5F, F8, 8E, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandom + 2 7C964EDC 6 Bytes [ 7D, 75, 75, FF, 7D, 75 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandom + 9 7C964EE3 12 Bytes [ FF, 7D, 75, 75, FF, 7D, 75, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandom + 16 7C964EF0 7 Bytes [ 7D, 75, 75, FF, 7D, 75, 75 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandom + 1E 7C964EF8 15 Bytes [ 7D, 75, 75, FF, 7D, 75, 75, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlRandom + 2E 7C964F08 43 Bytes [ 7D, 75, 75, FF, 7D, 75, 75, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseEnumerate + 9 7C96510E 5 Bytes [ 75, FF, 75, 75, 75 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseEnumerate + F 7C965114 10 Bytes [ 75, 75, 75, FF, 75, 75, 75, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseEnumerate + 1A 7C96511F 15 Bytes [ FF, 75, 75, 75, FF, 75, 75, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseEnumerate + 2A 7C96512F 265 Bytes [ FF, 75, 75, 75, FF, 75, 75, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseCreate + AD 7C96523A 168 Bytes [ 00, 02, 00, 00, 00, 02, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseDestroy + 64 7C9652E3 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseDestroy + 94 7C965313 100 Bytes [ 00, 00, 00, 00, 02, 2B, 39, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseFind + 11 7C965378 36 Bytes [ 33, 23, 1A, DA, 34, 1F, 13, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseFind + 36 7C96539D 91 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseFind + 92 7C9653F9 96 Bytes [ 66, 80, F4, 1F, 4B, 56, E6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseFind + F5 7C96545C 37 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseFind + 11D 7C965484 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseAdd + D 7C965568 7 Bytes JMP 5408556C
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseAdd + 15 7C965570 2 Bytes [ 71, D7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseAdd + 18 7C965573 7 Bytes [ FF, 71, D7, FF, FF, 71, D7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseAdd + 20 7C96557B 7 Bytes [ FF, 71, D7, FF, FF, 71, D7 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlTraceDatabaseAdd + 29 7C965584 84 Bytes [ 55, C8, F2, FF, 39, B8, E6, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter2 + 12 7C96577F 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter2 + 24 7C965791 168 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter2 + CE 7C96583B 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter2 + D9 7C965846 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter2 + DD 7C96584A 65 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter + B 7C9660FA 5 Bytes [ FF, FF, C0, FF, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter + 11 7C966100 4 Bytes [ 83, BF, FF, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter + 16 7C966105 13 Bytes [ 33, FF, FF, 00, 33, FF, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter + 24 7C966113 36 Bytes [ FF, DF, FF, FF, FF, 38, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlUnhandledExceptionFilter + 49 7C966138 39 Bytes [ 02, 32, F3, FC, 2B, 1E, 38, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtCreateKey + 1D 7C9661D0 3 Bytes [ 8F, B3, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtCreateKey + 21 7C9661D4 2 Bytes [ E6, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtCreateKey + 24 7C9661D7 36 Bytes [ FF, 39, 66, FF, FF, 00, 33, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtSetValueKey + 1C 7C9661FC 43 Bytes [ 1D, 25, 7B, A8, 2A, 1E, 35, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtMakeTemporaryKey + 1C 7C966228 7 Bytes CALL 6519622C
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtMakeTemporaryKey + 24 7C966230 6 Bytes CALL 65196234
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtMakeTemporaryKey + 2B 7C966237 46 Bytes CALL 6519623B
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtMakeTemporaryKey + 5A 7C966266 36 Bytes CALL 5696626A
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!RtlpNtMakeTemporaryKey + 7F 7C96628B 3 Bytes [ FF, 00, 33 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isalpha + 30 7C96FB50 24 Bytes [ F5, D0, 96, 00, F7, D6, A1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isupper + 11 7C96FB69 6 Bytes [ E4, B9, 00, FF, E4, BA ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isupper + 18 7C96FB70 28 Bytes [ FF, E7, C2, 00, FF, E9, C7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!islower + 2 7C96FB8D 66 Bytes CALL 6695FC51
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isxdigit + 12 7C96FBD0 7 Bytes [ FF, F1, D2, 00, FF, FB, F2 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isxdigit + 1A 7C96FBD8 103 Bytes JMP 537BFC9B
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!ispunct + 17 7C96FC40 75 Bytes [ FF, FA, E1, 00, FD, F8, DF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isalnum + 30 7C96FC8C 55 Bytes [ FF, FD, DB, 00, FE, FC, E1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isprint + 30 7C96FCC4 55 Bytes [ FF, FF, E5, 00, B1, B1, 9F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!isgraph + 30 7C96FCFC 9 Bytes [ 89, 89, 81, 00, FF, FF, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!iscntrl + 2 7C96FD06 21 Bytes [ F4, 00, 6E, 6E, 6A, 00, 68, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!iscntrl + 18 7C96FD1C 63 Bytes [ FF, FF, FB, 00, FF, FF, FD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!__iscsymf + 13 7C96FD5C 7 Bytes [ 9F, D5, 94, 00, AF, DF, A6 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!__iscsymf + 1B 7C96FD64 19 Bytes [ BF, E6, B9, 00, DF, F2, DC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!__iscsymf + 2F 7C96FD78 112 Bytes [ 60, BF, 5E, 00, 9F, D9, 9D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_atoi64 + 16 7C96FDEB 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_atoi64 + 2A 7C96FDFF 109 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_atoi64 + 98 7C96FE6D 7 Bytes [ 7C, 77, 6F, 6F, 6D, 65, 65 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_atoi64 + A0 7C96FE75 22 Bytes [ 5F, 5F, 65, 67, 77, 93, AC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_atoi64 + B8 7C96FE8D 190 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_ultoa + 8E 7C96FF4C 151 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_ultow + D 7C96FFE4 44 Bytes [ 00, 00, 43, 43, 26, 26, 60, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_ultow + 3A 7C970011 92 Bytes [ 00, 00, 00, 00, 00, 28, 28, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_ultow + 97 7C97006E 243 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_snprintf + 4C 7C970162 95 Bytes [ 00, 00, 1A, 03, 03, 03, 03, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_splitpath + 4F 7C9701C3 237 Bytes [ 1E, 06, 06, 06, 06, 06, 06, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_splitpath + 13E 7C9702B2 45 Bytes [ 3D, 67, 67, 67, 67, 67, 67, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_strlwr + 24 7C9702E0 44 Bytes [ 00, 00, 40, 6E, 6E, 6E, 6E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_strupr + 24 7C97030D 51 Bytes [ 00, 00, 00, 00, 00, 52, 7C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!tolower + 19 7C970341 37 Bytes [ 0B, 66, 8C, 8C, 8C, 8C, 8C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_toupper + 4 7C970367 54 Bytes [ 8C, 8C, 8C, A1, FA, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnwprintf + 2B 7C9703A0 48 Bytes [ 00, 0B, 8C, AA, AA, AA, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_vsnwprintf + 5C 7C9703D1 173 Bytes [ 0B, B6, B6, B6, B6, B6, B6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtoi64 + 4E 7C97047F 34 Bytes [ 82, 94, B6, B6, B6, B6, B6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!_wtoi64 + 71 7C9704A2 140 Bytes [ 7D, 6B, 58, 49, 2A, 26, 27, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!fabs + 62 7C970530 41 Bytes [ 00, 00, 26, 33, 26, 27, 29, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!fabs + 8D 7C97055B 51 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!iswalpha + A 7C970590 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!iswxdigit + A 7C9705C3 77 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sscanf + 12 7C970613 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sscanf + 4B 7C97064C 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sscanf + 68 7C970669 56 Bytes [ 05, 06, F8, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sscanf + A2 7C9706A3 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!sscanf + AB 7C9706AC 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strtol + 7 7C9707FD 37 Bytes [ 07, 00, 00, E0, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strtoul + E 7C970823 5 Bytes [ E0, 00, 07, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!strtoul + 15 7C97082A 15 Bytes [ FF, F8, 00, 07, 00, 00, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!towupper + 6 7C97083A 4 Bytes [ FF, FF, 80, 0F ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!towupper + B 7C97083F 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!towupper + D 7C970841 8 Bytes [ FF, FF, FF, E0, 1F, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!vsprintf + 2 7C97084A 32 Bytes [ FF, FF, F8, 7F, 00, 00, 28, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!vsprintf + 25 7C97086D 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!vsprintf + 44 7C97088C 7 Bytes [ FE, CB, 97, 00, FF, CC, 99 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!vsprintf + 4C 7C970894 3 Bytes [ FE, CE, 9E ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!vsprintf + 50 7C970898 82 Bytes [ FB, CC, 9C, 00, FD, D1, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcspbrk + 45 7C9708EB 5 Bytes [ 00, F9, C9, 97, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcsspn + 2 7C9708F1 127 Bytes [ CF, 9D, 00, FF, D1, 9F, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstombs + 34 7C970971 94 Bytes [ D9, AA, 00, FF, DA, AC, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstombs + 93 7C9709D0 19 Bytes [ F1, C7, 89, 00, F6, CF, 96, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstombs + A7 7C9709E4 43 Bytes [ FF, E0, B3, 00, FF, DF, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstombs + D3 7C970A10 127 Bytes [ FF, E4, B9, 00, FF, E4, BA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ntdll.dll!wcstombs + 153 7C970A90 15 Bytes [ D1, C4, A6, 00, F7, E6, B7, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!SetConsoleMaximumWindowSize + FFF8240C 7C801621 14 Bytes [ 00, 70, 00, 75, 00, 74, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!DeviceIoControl + B 7C801630 7 Bytes [ 6E, 00, 0D, 00, 0A, 00, 64 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!DeviceIoControl + 13 7C801638 5 Bytes [ 20, 00, 74, 00, 68 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!DeviceIoControl + 19 7C80163E 1 Byte [ 61 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!DeviceIoControl + 1B 7C801640 41 Bytes [ 74, 00, 20, 00, 79, 00, 6F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!DeviceIoControl + 45 7C80166A 11 Bytes [ 74, 00, 20, 00, 75, 00, 70, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetSystemTime + B 7C801776 17 Bytes [ 74, 00, 65, 00, 64, 00, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetSystemTime + 1D 7C801788 87 Bytes [ 66, 00, 74, 00, 77, 00, 61, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetSystemTime + 75 7C8017E0 40 Bytes [ 69, 00, 6E, 00, 64, 00, 69, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetSystemTimeAsFileTime + 24 7C801809 16 Bytes [ 00, 00, 00, 60, 00, 01, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!ReadFile + C 7C80181A 15 Bytes [ 69, 00, 6E, 00, 64, 00, 69, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!ReadFile + 1C 7C80182A 15 Bytes [ 61, 00, 6E, 00, 64, 00, 6C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!ReadFile + 2C 7C80183A 7 Bytes [ 20, 00, 6E, 00, 6F, 00, 74 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!ReadFile + 34 7C801842 11 Bytes [ 20, 00, 74, 00, 68, 00, 65, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!ReadFile + 40 7C80184E 15 Bytes [ 6F, 00, 72, 00, 72, 00, 65, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!CreateFileA + C 7C801A30 29 Bytes [ 54, 00, 68, 00, 65, 00, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!CreateFileA + 2A 7C801A4E 61 Bytes [ 72, 00, 65, 00, 73, 00, 73, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!VirtualProtectEx + 2F 7C801A8C 3 Bytes [ 74, 00, 20 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!VirtualProtectEx + 33 7C801A90 53 Bytes [ 77, 00, 61, 00, 73, 00, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!VirtualProtectEx + 69 7C801AC6 37 Bytes [ 20, 00, 76, 00, 61, 00, 6C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!VirtualProtect + 1C 7C801AEC 15 Bytes [ 0A, 00, 00, 00, 84, 00, 01, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExW + B 7C801AFC 25 Bytes [ 6F, 00, 62, 00, 6A, 00, 65, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExW + 25 7C801B16 7 Bytes [ 73, 00, 61, 00, 6C, 00, 20 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExW + 2D 7C801B1E 1 Byte [ 75 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExW + 2F 7C801B20 25 Bytes [ 6E, 00, 69, 00, 71, 00, 75, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExW + 49 7C801B3A 27 Bytes [ 69, 00, 65, 00, 72, 00, 20, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExA + D 7C801D5C 21 Bytes [ 2E, 00, 0D, 00, 0A, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryExA + 23 7C801D72 13 Bytes [ 50, 00, 43, 00, 20, 00, 73, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryA + 9 7C801D80 25 Bytes [ 65, 00, 72, 00, 20, 00, 69, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryA + 23 7C801D9A 1 Byte [ 74 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryA + 25 7C801D9C 13 Bytes [ 65, 00, 6E, 00, 69, 00, 6E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryA + 33 7C801DAA 3 Bytes [ 0A, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!LoadLibraryA + 39 7C801DB0 7 Bytes [ 44, 00, 01, 00, 54, 00, 68 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!TerminateProcess + 12 7C801E28 27 Bytes [ 2E, 00, 0D, 00, 0A, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!TerminateProcess + 2E 7C801E44 21 Bytes [ 65, 00, 20, 00, 6E, 00, 6F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoW + A 7C801E5A 11 Bytes [ 67, 00, 73, 00, 2E, 00, 0D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoW + 16 7C801E66 1 Byte [ 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoW + 18 7C801E68 1 Byte [ 4C ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoW + 1A 7C801E6A 3 Bytes [ 01, 00, 54 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoW + 1E 7C801E6E 1 Byte [ 68 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoA + C 7C801EFA 3 Bytes [ 00, 00, 88 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoA + 10 7C801EFE 1 Byte [ 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoA + 12 7C801F00 27 Bytes [ 4E, 00, 6F, 00, 74, 00, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoA + 2E 7C801F1C 9 Bytes [ 6F, 00, 75, 00, 72, 00, 63, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] kernel32.dll!GetStartupInfoA + 38 7C801F26 94 Bytes [ 73, 00,

#13 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 February 2007 - 11:32 PM

.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleW + 1E 77E2B853 50 Bytes [ 01, 33, C0, EB, CF, 90, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleW + 51 77E2B886 68 Bytes [ 33, DB, F3, A6, 74, 05, 1B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleW + 96 77E2B8CB 19 Bytes [ 86, D0, B7, E0, 77, 89, 01, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleA + 65 77E2BA62 60 Bytes [ 90, 90, 90, 90, 90, FF, 25, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleA + A2 77E2BA9F 59 Bytes [ 25, 28, 11, DD, 77, 90, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleA + DE 77E2BADB 3 Bytes [ 4D, 08, 33 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleA + E2 77E2BADF 36 Bytes [ 85, C9, 74, 1E, 8B, 55, 0C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceMultipleA + 108 77E2BB05 170 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceW + 89 77E2BBB0 20 Bytes JMP 77E2BC62 C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceW + 9E 77E2BBC5 45 Bytes [ F8, 89, 7D, E4, 53, FF, 76, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceW + CC 77E2BBF3 98 Bytes [ 06, 89, 03, 8D, 7B, 04, 89, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceW + 132 77E2BC59 9 Bytes CALL FBB701E9
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceW + 13C 77E2BC63 25 Bytes CALL 77DC7D79 C:\WINDOWS\system32\USER32.dll
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleItemW + C 77E2BCD1 56 Bytes [ 55, 8B, EC, 8B, 45, 08, 8D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleItemW + 45 77E2BD0A 53 Bytes [ 55, 8B, EC, 8B, 45, 08, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleItemW + 7B 77E2BD40 332 Bytes [ 45, 08, 66, 8B, 4D, 0C, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodW + 28 77E2BE8D 127 Bytes CALL 8B7ED491
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodW + A8 77E2BF0D 3 Bytes [ F8, 74, 0D ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodW + AC 77E2BF11 24 Bytes [ 75, F8, 56, FF, 75, E8, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodW + C5 77E2BF2A 6 Bytes [ 75, FC, 0F, 86, CF, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodW + CD 77E2BF32 130 Bytes [ 8B, 75, 08, 83, C6, 08, 8B, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiNotificationRegistrationA + 12 77E2C18F 26 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameW + 5 77E2C1AA 51 Bytes [ 02, 03, F8, 59, 03, F0, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameW + 39 77E2C1DE 22 Bytes [ C1, 8D, 70, 01, 8A, 10, 40, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameW + 50 77E2C1F5 18 Bytes [ 8D, 47, 01, 5F, 5D, C2, 04, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameW + 63 77E2C208 281 Bytes [ 8B, 5D, 08, 85, DB, 74, 36, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameW + 17D 77E2C322 6 Bytes [ 55, 8B, EC, 83, EC, 10 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiEnumerateGuids + 1C 77E2C395 92 Bytes [ BD, 6A, FE, FF, FF, 89, BD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiEnumerateGuids + 79 77E2C3F2 88 Bytes [ FF, 59, 59, 8D, 85, 54, FE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiEnumerateGuids + D3 77E2C44C 140 Bytes [ 57, 49, 4E, 52, 45, 47, 3A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiEnumerateGuids + 160 77E2C4D9 13 Bytes [ 6F, 62, 6A, 65, 63, 74, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiEnumerateGuids + 16E 77E2C4E7 5 Bytes [ 90, 90, 90, 90, 8B ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiDevInstToInstanceNameA + A 77E2C53B 59 Bytes [ FF, 70, 18, FF, 15, 94, 13, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiDevInstToInstanceNameA + 46 77E2C577 186 Bytes [ FF, D7, 85, C0, 7C, 14, 68, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiDevInstToInstanceNameW + 45 77E2C632 15 Bytes [ 8B, 4D, 0C, 56, 8B, 75, 08, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiDevInstToInstanceNameW + 55 77E2C642 22 Bytes [ 83, F8, FF, 66, 89, BD, 68, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiDevInstToInstanceNameW + 6C 77E2C659 147 Bytes [ 75, 05, 33, C0, 40, EB, 63, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQueryGuidInformation + 6D 77E2C6F2 71 Bytes [ FF, 55, 8B, EC, 53, 56, 57, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiReceiveNotificationsA + 9 77E2C73A 41 Bytes [ 00, 8B, 40, 30, 8B, FE, C1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQueryAllDataA + C 77E2C764 86 Bytes [ 70, 18, FF, 15, 94, 13, DD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQueryAllDataMultipleA + 3B 77E2C7BB 42 Bytes [ 00, FF, 75, 10, 8B, 40, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceA + 26 77E2C7E6 16 Bytes [ 3D, B4, 13, DD, 77, 8D, 46, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceA + 37 77E2C7F7 44 Bytes CALL 77E2C366 C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceA + 64 77E2C824 10 Bytes [ 65, 0C, FC, 83, 65, F8, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiQuerySingleInstanceA + 6F 77E2C82F 43 Bytes [ 56, FF, 75, 0C, 8B, 75, 08, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceA + 14 77E2C85B 23 Bytes [ 15, C4, 11, DD, 77, 85, C0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceA + 2C 77E2C873 1 Byte [ 70 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceA + 2F 77E2C876 9 Bytes [ 15, 9C, 13, DD, 77, 8B, D0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceA + 39 77E2C880 14 Bytes [ 07, BB, 17, 00, 00, C0, EB, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleInstanceA + 49 77E2C890 70 Bytes CALL 77E2C4E9 C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleItemA + 2C 77E2C8D7 35 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleItemA + 50 77E2C8FB 15 Bytes [ 55, 8B, EC, 8B, 45, 10, C7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiSetSingleItemA + 60 77E2C90B 1 Byte [ 0C ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodA 77E2C912 24 Bytes [ 6A, 78, 58, C2, 0C, 00, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodA + 19 77E2C92B 15 Bytes [ 83, C2, 20, 89, 51, 04, 66, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodA + 29 77E2C93B 42 Bytes [ 01, 5D, C2, 08, 00, 90, 90, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodA + 54 77E2C966 4 Bytes [ 45, 1C, 56, 8B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiExecuteMethodA + 59 77E2C96B 90 Bytes [ 14, 89, 45, CC, 33, C0, 57, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameA + 40 77E2C9C6 271 Bytes [ 28, 8D, 45, D4, 50, 6A, 04, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameA + 151 77E2CAD7 51 Bytes JMP 77E2CBD0 C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameA + 185 77E2CB0B 45 Bytes [ 00, 0F, B7, 4F, 02, 8B, 40, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameA + 1B3 77E2CB39 30 Bytes [ 00, 00, 2B, C3, 66, 01, 45, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiFileHandleToInstanceNameA + 1D2 77E2CB58 18 Bytes [ 29, 75, FC, 8D, 45, F0, 89, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiMofEnumerateResourcesA + 1B 77E2CBC7 148 Bytes [ 70, 18, FF, 15, 94, 13, DD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiMofEnumerateResourcesA + B0 77E2CC5C 20 Bytes [ 45, 08, 6A, 3E, 68, 60, 8B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiMofEnumerateResourcesA + C5 77E2CC71 27 Bytes [ 0F, 8C, 97, 00, 00, 00, 8D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiMofEnumerateResourcesA + E1 77E2CC8D 77 Bytes [ 0F, B7, 87, F8, B8, E3, 77, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!WmiMofEnumerateResourcesA + 12F 77E2CCDB 142 Bytes [ 23, 66, 2B, 87, 00, B9, E3, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!InitiateSystemShutdownA + 96 77E34CD5 186 Bytes [ EE, 59, 06, B0, F4, FF, 3F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!AbortSystemShutdownA + 18 77E34D90 198 Bytes [ D4, 07, 46, 67, 55, 12, 9D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegOverridePredefKey + 83 77E34E57 81 Bytes JMP 91A08AFE
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegOverridePredefKey + D5 77E34EA9 684 Bytes [ 83, 3A, CC, 83, 1F, E3, 59, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegLoadKeyA + 127 77E35156 84 Bytes [ 7F, 6E, E0, 07, 11, C0, A7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegUnLoadKeyA + 3A 77E351AB 186 Bytes [ 76, 36, F5, 3C, 30, 37, 50, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegUnLoadKeyW + 54 77E35266 159 Bytes [ E0, 9D, C7, 48, C7, FC, 82, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegReplaceKeyA + 63 77E35306 446 Bytes [ 63, BC, 44, 1C, 9E, 47, 12, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegReplaceKeyW + 59 77E354C5 71 Bytes [ 7F, 01, 01, 8B, 40, 42, 69, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegReplaceKeyW + A1 77E3550D 23 Bytes [ A8, CB, 0B, B8, 06, E3, 7B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegReplaceKeyW + B9 77E35525 128 Bytes [ 05, 8F, 14, 3A, F4, 83, 40, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesA + 6B 77E355A6 56 Bytes [ 28, 9B, 01, DC, 0B, 35, F0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesA + A4 77E355DF 25 Bytes [ 71, 27, 15, C0, 67, 90, E5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesA + BE 77E355F9 559 Bytes [ 09, 1B, 50, 98, 67, 14, 5F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesA + 2EE 77E35829 79 Bytes [ C1, F9, D0, E4, 13, 06, 98, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesA + 33E 77E35879 50 Bytes [ 03, C1, 5C, 11, 7C, 16, C3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesW + F 77E358AC 178 Bytes [ FF, EF, 72, 54, 42, 7F, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesW + C2 77E3595F 320 Bytes [ 82, 5D, DD, B5, 08, EA, 10, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesW + 203 77E35AA0 35 Bytes [ C7, 2E, F6, 1C, D0, A7, 1C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegQueryMultipleValuesW + 227 77E35AC4 121 Bytes [ FF, 73, 04, 78, E7, 0D, 17, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegRestoreKeyA + 45 77E35B3E 8 Bytes [ E7, 77, 90, 0F, 1A, 7F, A3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegRestoreKeyA + 4E 77E35B47 190 Bytes [ 03, 3C, 1B, EC, 75, 8B, 5F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegRestoreKeyW + 5C 77E35C06 230 Bytes [ 1F, 38, 60, 5C, 7F, F1, 63, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSaveKeyA + AF 77E35CED 399 Bytes [ 90, C1, 78, 0C, 01, 7C, C6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSaveKeyExA + 80 77E35E7D 479 Bytes [ 50, 8C, E5, 03, 03, 10, 1A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSetValueW + 9B 77E3605D 282 Bytes [ FF, C9, F1, FB, AF, CF, 8F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSetValueW + 1B6 77E36178 126 Bytes [ 06, D8, FF, FF, 07, 0D, EC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSetValueW + 235 77E361F7 77 Bytes [ E3, 71, 0B, 77, D4, 00, E3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSetValueW + 283 77E36245 7 Bytes [ FA, 8E, 10, 4F, 1A, E0, F8 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!RegSetValueW + 28B 77E3624D 218 Bytes [ 9F, 34, E0, DD, 03, DE, 33, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 7F 77E36806 152 Bytes [ 33, 06, 3E, B6, 73, C0, 1C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumServicesStatusExW + 84 77E3689F 191 Bytes JMP 3F0AEF87
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumServiceGroupW + 76 77E3695F 131 Bytes [ C0, 46, 02, 84, 34, 1C, 52, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!I_ScSetServiceBitsA + 1A 77E369E3 62 Bytes [ B9, 8A, 91, D3, 13, 85, B4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!I_ScSetServiceBitsA + 59 77E36A22 10 Bytes [ 23, 02, BB, 71, 83, F9, C8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!I_ScSetServiceBitsA + 64 77E36A2D 58 Bytes [ 7F, E4, 06, AC, CB, 3F, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!SetServiceBits + F 77E36A68 386 Bytes CALL 1F22ED2D
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!SetServiceObjectSecurity + A 77E36BEB 59 Bytes [ 9F, 3C, BA, 47, 3F, 70, DD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!SetServiceObjectSecurity + 46 77E36C27 76 Bytes [ 29, 7E, 5C, D8, C3, 26, 1B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!SetServiceObjectSecurity + 93 77E36C74 61 Bytes [ D8, E1, DE, 3C, A2, FC, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!SetServiceObjectSecurity + D1 77E36CB2 305 Bytes [ D9, F2, 86, 0C, 9A, 11, C0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ChangeServiceConfigA + 11B 77E36DE4 247 Bytes [ 00, 48, C2, 08, 16, 26, CA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ChangeServiceConfigW + 7B 77E36EDC 62 Bytes [ FF, 08, E0, 1C, 11, 80, 8B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ChangeServiceConfigW + BA 77E36F1B 166 Bytes [ 13, 79, 4C, F1, 18, 04, AA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ChangeServiceConfig2A + 61 77E36FC2 197 Bytes [ 8F, CF, A6, 0B, BE, BB, BB, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!CreateServiceA + 17 77E37088 68 Bytes [ FF, 7F, 80, B8, 4F, 95, 2F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!CreateServiceA + 5C 77E370CD 361 Bytes [ FF, 39, 13, 38, 9C, 02, 70, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!CreateServiceW + 2E 77E37237 83 Bytes [ D1, 0E, CE, B9, C3, 83, C6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!CreateServiceW + 82 77E3728B 4 Bytes [ 7F, 34, 67, 97 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!CreateServiceW + 87 77E37290 131 Bytes [ 1C, 36, 83, F0, D0, C1, 29, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!DeleteService + 3 77E37314 64 Bytes [ 8F, 16, 22, FE, A3, AA, 61, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!DeleteService + 44 77E37355 169 Bytes [ 7F, B8, 06, CE, D2, 09, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesA + 76 77E373FF 50 Bytes [ 8B, 82, 41, 9D, 95, 2C, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesA + A9 77E37432 16 Bytes [ 9F, 07, 8C, 61, C0, 38, 36, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesW + 2 77E37443 20 Bytes [ B0, 0F, DF, 6C, 34, 0F, 40, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesW + 17 77E37458 42 Bytes JMP BAD9209D
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesW + 42 77E37483 38 Bytes [ A7, 25, DF, 5E, 5E, 00, 70, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesW + 69 77E374AA 3 Bytes [ 47, 6B, FF ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumDependentServicesW + 6D 77E374AE 54 Bytes [ CF, 16, E0, 98, E1, 6B, C0, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!GetServiceDisplayNameA + 6 77E374FF 101 Bytes [ 1B, E5, 18, 4E, FC, E1, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!GetServiceDisplayNameA + 6D 77E37566 382 Bytes [ 28, F9, 00, F0, 87, 1C, F0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!GetServiceKeyNameW + C 77E376E5 167 Bytes [ BF, 64, C0, BF, 5E, 81, 4D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!LockServiceDatabase + 14 77E3778D 247 Bytes [ 9F, BA, 5D, 1F, 05, C8, 04, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!QueryServiceConfig2A + 8C 77E37885 440 Bytes [ 3B, 10, BB, D0, 81, FF, CC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!QueryServiceLockStatusA + 45 77E37A3E 295 Bytes [ 01, 86, 5B, 0C, EC, 1B, 05, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!UnlockServiceDatabase + 4D 77E37B66 427 Bytes [ FF, 81, 04, 0C, E3, 78, 1D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumServicesStatusW + 181 77E37D12 12 Bytes [ 1C, A8, 74, 40, A2, 43, E2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!EnumServicesStatusW + 18E 77E37D1F 153 Bytes [ 4E, 67, 67, 8B, 1B, 2E, FC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!StartServiceCtrlDispatcherA + 80 77E37DB9 22 Bytes [ 3C, 43, C0, 4E, C5, 43, C0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!StartServiceCtrlDispatcherA + 98 77E37DD1 172 Bytes [ EF, 01, B8, 33, 0A, B8, EE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!StartServiceCtrlDispatcherA + 145 77E37E7E 38 Bytes [ 1F, 5F, 80, 0F, 66, C0, 20, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!StartServiceCtrlDispatcherA + 16C 77E37EA5 771 Bytes [ FF, 1F, B3, 80, 5F, 70, 3B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!StartServiceCtrlDispatcherA + 470 77E381A9 170 Bytes [ EA, 71, 17, 7D, C8, F0, 11, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!Wow64Win32ApiEntry + 1 77E38254 248 Bytes CALL 586CFFDD
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!Wow64Win32ApiEntry + FA 77E3834D 793 Bytes [ FF, 0B, 12, F0, 18, 08, BC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfBackupEventLogFileW + 76 77E38667 132 Bytes [ 1F, 8F, 7D, DF, E0, B7, 0F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfReadEventLogW + 5B 77E386EC 237 Bytes [ 9B, 04, 3D, 30, F8, 20, 81, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfClearEventLogFileA + 9 77E387DA 111 Bytes [ 40, DF, 0D, 7D, 06, 8C, 70, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfBackupEventLogFileA + 11 77E3884A 50 Bytes [ 71, 0D, CC, F3, E0, 63, E2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfBackupEventLogFileA + 44 77E3887D 173 Bytes [ 5E, CB, C1, 30, 80, 20, 1E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfFlushEventLog + 52 77E3892B 474 Bytes JMP 704068CF
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfFlushEventLog + 22D 77E38B06 245 Bytes [ FF, 71, 00, CC, 31, 8E, 03, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfFlushEventLog + 323 77E38BFC 151 Bytes [ C9, CF, C3, 62, 07, 1A, CC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfFlushEventLog + 3BB 77E38C94 264 Bytes [ F1, 4E, 8E, 43, 7A, 1E, F8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] ADVAPI32.dll!ElfFlushEventLog + 4C4 77E38D9D 81 Bytes [ F9, 08, 61, 5F, 0E, C0, 0F, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!pfnUnmarshallRoutines + FFF770BD 77E71365 137 Bytes [ 4D, E7, 8B, 40, 04, 8A, 40, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!pfnUnmarshallRoutines + FFF77148 77E713F0 34 Bytes CALL 77DF5321 C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!pfnUnmarshallRoutines + FFF7716B 77E71413 281 Bytes [ 50, F8, FF, 33, C9, 39, 4F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!pfnUnmarshallRoutines + FFF77285 77E7152D 33 Bytes [ C7, 45, FC, 01, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!pfnUnmarshallRoutines + FFF772A7 77E7154F 4 Bytes [ 0F, 85, 41, 14 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeAlignment + 15 77E7165D 13 Bytes [ 90, 90, 90, 90, 90, F6, 46, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeAlignment + 24 77E7166C 11 Bytes [ F6, 85, 6B, FD, FF, FF, 08, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeAlignment + 31 77E71679 63 Bytes [ 8B, 85, 60, FD, FF, FF, 83, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeAlignment + 72 77E716BA 7 Bytes [ 89, 45, 0C, 0F, 84, DD, 0B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeAlignment + 7B 77E716C3 8 Bytes [ 8B, 06, 3B, C7, 0F, 84, 1C, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeBufferSize + 12 77E7171A 3 Bytes [ 89, B3, 90 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeBufferSize + 18 77E71720 5 Bytes [ 66, C7, 43, 0E, 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeBufferSize + 1E 77E71726 4 Bytes [ 0F, 84, A8, 0B ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeBufferSize + 24 77E7172C 23 Bytes JMP 038D0A33
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeBufferSize + 3D 77E71745 21 Bytes [ AB, AB, AB, AB, 8B, 45, 08, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeMemorySize + 18 77E717E0 9 Bytes [ 8D, 14, 1F, 8B, 14, 10, E9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeMemorySize + 23 77E717EB 7 Bytes [ B9, B0, 95, E8, 77, E9, AD ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeMemorySize + 2D 77E717F5 7 Bytes [ 39, 1C, 0E, 0F, 84, 88, 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeMemorySize + 36 77E717FE 6 Bytes [ 6A, 02, 5B, E9, 80, 01 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!SimpleTypeMemorySize + 3E 77E71806 9 Bytes [ FF, B5, 88, FD, FF, FF, 57, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrTypeFlags + 13 77E75D3B 27 Bytes [ 74, 08, FF, 75, C0, E8, 52, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrTypeFlags + 2F 77E75D57 20 Bytes [ 90, 90, 90, 90, 90, 6A, 58, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrTypeFlags + 44 77E75D6C 3 Bytes [ 83, 65, C8 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrTypeFlags + 48 77E75D70 3 Bytes [ 83, 65, CC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrTypeFlags + 4C 77E75D74 30 Bytes [ 8B, 55, 08, 8B, 72, 30, 89, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!UuidCreate + 52 77E7629B 23 Bytes [ FF, C1, E1, 1C, C1, F9, 1F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!UuidCreate + 6A 77E762B3 27 Bytes [ 00, 00, 56, 8D, 85, AC, FE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!UuidCreate + 87 77E762D0 122 Bytes CALL 77DF5308 C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!UuidCreate + 103 77E7634C 56 Bytes [ 8B, 45, E4, 66, 25, FC, FF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!UuidCreate + 13C 77E76385 304 Bytes [ EC, 8D, 45, 08, 50, FF, 75, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBCacheFree + 2 77E7663A 15 Bytes [ FF, 89, 11, 8B, 8D, E8, FE, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBCacheFree + 12 77E7664A 18 Bytes [ FF, A3, 14, AD, EF, 77, 89, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBCacheFree + 25 77E7665D 59 Bytes CALL 77DF303C C:\WINDOWS\system32\ADVAPI32.dll
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBCacheFree + 61 77E76699 38 Bytes [ 06, 00, 00, F7, F6, 83, A5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBCacheFree + 88 77E766C0 16 Bytes [ FF, FF, FF, 8D, 1C, 40, C1, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingFree + 10 77E7888B 56 Bytes [ 33, BD, 33, 3F, 34, 49, 35, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingFree + 49 77E788C4 70 Bytes [ 48, 00, 00, 00, 09, 33, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingFree + 91 77E7890C 537 Bytes [ 50, 00, 00, 00, D8, 34, E0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcAllocate + 1BB 77E78B26 53 Bytes [ 6C, 39, 70, 39, 74, 39, 78, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcAllocate + 1F1 77E78B5C 156 Bytes [ D8, 39, DC, 39, E0, 39, E4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcAllocate + 28E 77E78BF9 12 Bytes [ 3E, 60, 3E, 64, 3E, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcAllocate + 29D 77E78C08 432 Bytes [ 26, 30, DF, 30, E6, 30, FA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcGetBufferWithObject + 38 77E78DB9 337 Bytes [ F0, 01, 00, 74, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcGetBuffer + 11A 77E78F0B 211 Bytes [ 00, 3C, 30, 4B, 30, 52, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrClientInitialize + 6F 77E78FE0 1 Byte [ 64 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrClientInitialize + 71 77E78FE2 485 Bytes [ 00, 00, 5E, 30, E3, 30, 6A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrClientInitialize + 257 77E791C8 14 Bytes [ B0, 00, 00, 00, B2, 30, C3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrClientInitialize + 266 77E791D7 157 Bytes [ 31, 27, 31, 3B, 31, 39, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrClientInitialize + 304 77E79275 45 Bytes [ 80, 02, 00, 28, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrGetBuffer + 23 77E79428 126 Bytes [ 01, 37, 26, 37, 6E, 37, 0D, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrFreeBuffer + 1C 77E794A8 5 Bytes [ 00, F0, 02, 00, FC ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrFreeBuffer + 22 77E794AE 252 Bytes [ 00, 00, 00, 30, 18, 30, 1C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcFreeBuffer + 44 77E795AC 443 Bytes [ 36, 30, E2, 30, 23, 31, 53, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrGetTypeFlags + A5 77E79768 260 Bytes [ 68, 00, 00, 00, 42, 30, 8C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrGetTypeFlags + 1AA 77E7986D 9 Bytes [ 31, 90, 32, 94, 32, 98, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrGetTypeFlags + 1B4 77E79877 10 Bytes [ 33, 1C, 33, 24, 33, 28, 33, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrGetTypeFlags + 1BF 77E79882 269 Bytes [ 48, 33, 4C, 33, 50, 33, 54, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrGetTypeFlags + 2CD 77E79990 3 Bytes [ 5C, 00, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrCorrelationPass + DC 77E79C41 4 Bytes [ E0, 03, 00, 3C ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrCorrelationPass + E2 77E79C47 251 Bytes [ 00, 9A, 30, AC, 30, 69, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrCorrelationPass + 1DE 77E79D43 173 Bytes [ 00, 2C, 00, 00, 00, 98, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!CheckVerificationTrailer + 9D 77E79DF1 155 Bytes [ 40, 04, 00, 6C, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!CheckVerificationTrailer + 139 77E79E8D 147 Bytes [ 34, 2C, 35, 76, 35, 8F, 35, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerInitialize + 5C 77E79F21 126 Bytes [ 3C, 10, 3C, 14, 3C, 18, 3C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerInitialize + DB 77E79FA0 104 Bytes [ 90, 30, 94, 30, 98, 30, 9C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerInitialize + 144 77E7A009 248 Bytes [ 3B, 64, 3B, 9A, 3B, C6, 3B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerInitialize + 23D 77E7A102 56 Bytes [ 00, 00, 26, 30, 45, 30, 58, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerInitialize + 276 77E7A13B 215 Bytes [ 39, 16, 39, 1C, 39, 29, 39, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrOutInit + 3B 77E7A3D2 48 Bytes [ 05, 00, DC, 00, 00, 00, 02, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrOutInit + 6C 77E7A403 218 Bytes [ 30, 85, 30, 9E, 30, A9, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrOutInit + 148 77E7A4DF 174 Bytes [ 00, 03, 30, 34, 31, 38, 31, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrOutInit + 1F7 77E7A58E 53 Bytes [ 21, 3B, 4B, 3B, 8D, 3B, 93, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrOutInit + 22D 77E7A5C4 97 Bytes [ A5, 30, F6, 30, 15, 31, 44, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrAllocate + 16 77E7A626 518 Bytes [ 00, 00, 9A, 31, 04, 32, 6B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcImpersonateClient + 1F 77E7A82D 157 Bytes [ A0, 05, 00, 44, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcRevertToSelfEx + 36 77E7A8CC 84 Bytes [ 0E, 30, B0, 30, F0, 30, 25, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcRevertToSelfEx + 8B 77E7A921 128 Bytes [ 3A, 3A, 3A, 52, 3A, 7D, 3A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcRevertToSelfEx + 10E 77E7A9A4 301 Bytes [ 7D, 30, 9E, 30, C3, 30, F1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrpMemoryIncrement + FD 77E7AAD2 1 Byte [ 06 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrpMemoryIncrement + FF 77E7AAD4 28 Bytes [ 20, 00, 00, 00, 13, 30, 18, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrpMemoryIncrement + 11C 77E7AAF1 303 Bytes [ 10, 06, 00, 9C, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrpMemoryIncrement + 24C 77E7AC21 85 Bytes [ 3A, 90, 3A, 94, 3A, 98, 3A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrpMemoryIncrement + 2A2 77E7AC77 277 Bytes [ 30, 8E, 30, C0, 30, D0, 30, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructUnmarshall + 62 77E7AEA8 135 Bytes [ 76, 37, 7A, 37, 7E, 37, 82, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructUnmarshall + EA 77E7AF30 128 Bytes [ 84, 00, 00, 00, 0F, 30, 1C, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerFree + 19 77E7AFB1 102 Bytes [ A0, 06, 00, 30, 00, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerFree + 80 77E7B018 79 Bytes [ 2E, 39, 35, 39, 17, 3A, 1E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerFree + D0 77E7B068 3 Bytes [ 18, 00, 00 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerFree + D4 77E7B06C 12 Bytes [ F0, 30, 0D, 31, 33, 31, B0, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerFree + E1 77E7B079 173 Bytes [ 34, 17, 34, 00, D0, 06, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerBufferSize + 26 77E7B127 28 Bytes [ 3E, 3C, 3E, 40, 3E, 44, 3E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrPointerUnmarshall + 11 77E7B144 315 Bytes [ BC, 3E, C0, 3E, C4, 3E, C8, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleTypeMarshall + EB 77E7B280 114 Bytes [ 46, 30, C4, 30, CD, 30, 2E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleTypeMarshall + 15E 77E7B2F3 25 Bytes [ 38, 74, 38, 78, 38, 7C, 38, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleTypeMarshall + 178 77E7B30D 36 Bytes [ 39, 04, 39, 08, 39, 0C, 39, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleTypeMarshall + 19D 77E7B332 3 Bytes [ 29, 3A, 43 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleTypeMarshall + 1A1 77E7B336 420 Bytes [ 7B, 3B, E0, 3B, ED, 3B, 14, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructBufferSize + 109 77E7B4DB 139 Bytes [ 00, 84, 00, 00, 00, 0C, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructBufferSize + 195 77E7B567 131 Bytes [ 31, 3E, 31, 81, 31, C8, 31, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructBufferSize + 219 77E7B5EB 139 Bytes [ 38, CD, 38, 61, 3A, 67, 3A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructFree + 6B 77E7B677 6 Bytes [ 00, 00, 80, 07, 00, 3C ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructFree + 72 77E7B67E 179 Bytes [ 00, 00, 36, 30, 65, 30, 73, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrSimpleStructFree + 126 77E7B732 213 Bytes [ 00, 00, 36, 30, 41, 30, 77, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayMarshall + 9F 77E7B808 81 Bytes [ 40, 00, 00, 00, 49, 30, 30, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayMarshall + F1 77E7B85A 93 Bytes [ 00, 00, B8, 34, BF, 34, C5, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayUnmarshall + 59 77E7B8B8 27 Bytes [ 00, F0, 07, 00, 84, 00, 00, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayUnmarshall + 75 77E7B8D4 465 Bytes [ 35, 33, 42, 33, 86, 34, 16, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayFree + 1C9 77E7BAA8 191 Bytes [ 0B, 30, 15, 30, 04, 34, 72, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayFree + 289 77E7BB68 22 Bytes [ 16, 30, 26, 30, 37, 30, 2B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayFree + 2A0 77E7BB7F 63 Bytes [ 32, 67, 33, 4E, 34, D2, 35, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayFree + 2E1 77E7BBC0 200 Bytes [ C5, 30, FE, 30, A8, 31, E7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantArrayFree + 3AA 77E7BC89 5 Bytes [ 90, 08, 00, 48, 00 ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingInqTransportType + 76 77E7C827 84 Bytes [ 91, 34, B2, E3, D7, 64, 73, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingInqTransportType + CB 77E7C87C 302 Bytes CALL 1CC79D5D
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingInqTransportType + 1FA 77E7C9AB 710 Bytes [ 4A, CA, 48, 42, 35, 7B, B7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingInqTransportType + 4C1 77E7CC72 114 Bytes [ B5, 19, DF, FB, 8A, D2, 79, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingInqTransportType + 534 77E7CCE5 1129 Bytes [ AD, 13, 01, 84, D0, F1, CF, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextUnmarshall2 + 1BF 77E7D14F 77 Bytes [ B6, D3, 4F, 43, 51, 09, BA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextUnmarshall2 + 20D 77E7D19D 289 Bytes [ 09, 68, EA, E5, DF, 5D, A6, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextUnmarshall2 + 32F 77E7D2BF 136 Bytes [ 00, 58, 83, 2A, F0, 47, 5F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRCContextMarshall + 15 77E7D348 53 Bytes [ A9, 0B, 51, 17, 11, 8E, E4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRCContextMarshall + 4B 77E7D37E 150 Bytes [ 4A, AF, 92, B5, DE, 66, 0F, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerContextNewUnmarshall + 7C 77E7D415 4 Bytes [ 4D, BA, 45, A1 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerContextNewUnmarshall + 81 77E7D41A 93 Bytes [ 6D, 21, 77, 82, B8, F3, 7A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerContextNewUnmarshall + DF 77E7D478 372 Bytes [ 93, 80, 00, 54, 97, FE, 10, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrServerContextNewUnmarshall + 254 77E7D5ED 401 Bytes [ 2C, AF, 8A, 3B, 19, 3E, 83, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRCContextBinding + A4 77E7D77F 31 Bytes [ 52, E0, 6C, CB, 34, 47, 79, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRCContextBinding + C4 77E7D79F 103 Bytes [ 65, 69, EF, 5C, 3B, E7, E4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRCContextUnmarshall + 32 77E7D807 453 Bytes [ 2A, 69, 72, FE, 7E, 10, 1E, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextMarshall2 + 5D 77E7D9CD 69 Bytes [ 6A, 4C, C7, 27, C1, 10, 43, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextMarshall2 + A3 77E7DA13 110 Bytes CALL F4E3AA56
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextMarshall2 + 112 77E7DA82 70 Bytes [ 7A, 66, 0C, 46, E3, 9A, 1A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NDRSContextMarshall2 + 159 77E7DAC9 478 Bytes [ 4B, B3, BC, 5A, C5, 69, 81, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingCopy + 76 77E7DCA8 15 Bytes [ 73, FB, A1, 25, 9F, 46, B7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingCopy + 86 77E7DCB8 3 Bytes [ DC, 47, 84 ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingCopy + 8A 77E7DCBC 478 Bytes [ 91, 09, B4, A7, B6, 82, 6A, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingCopy + 269 77E7DE9B 86 Bytes [ D5, FC, 31, 8F, 7A, 55, 60, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcBindingCopy + 2C0 77E7DEF2 456 Bytes [ E6, FE, 06, 02, 16, D1, 17, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcStringBindingParseW + DA 77E7ED80 410 Bytes [ 69, A6, 25, 66, 0C, 45, 71, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingFromStringBindingW + 166 77E7EF1B 71 Bytes [ 02, 12, 46, F5, 35, 25, 09, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingFromStringBindingW + 1AE 77E7EF63 62 Bytes [ 5B, FA, B1, CA, 99, 14, F2, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingFromStringBindingW + 1ED 77E7EFA2 605 Bytes [ 88, A4, 30, 4D, 80, 12, B1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcStringBindingComposeW + 1EF 77E7F200 164 Bytes [ 7D, CD, 07, E4, 6E, FD, D4, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcStringBindingComposeW + 294 77E7F2A5 17 Bytes [ 6F, C7, 5D, C6, 54, 43, B3, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcStringBindingComposeW + 2A6 77E7F2B7 282 Bytes CALL AB98447E
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcParseSecurity + 105 77E7F3D2 23 Bytes [ 69, 2E, 4F, D4, 0F, 45, 67, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcParseSecurity + 11D 77E7F3EA 83 Bytes [ 99, D9, 9B, A3, 7A, 1B, 76, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcParseSecurity + 171 77E7F43E 169 Bytes [ 1B, 82, B8, D8, E2, 69, BD, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStringBufferSize + 8B 77E7F4E8 109 Bytes [ 9C, B5, 0A, 8A, 71, B3, 1B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStringMarshall + 56 77E7F556 643 Bytes [ C5, B0, A3, 21, 86, 07, 19, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStringUnmarshall + 1FA 77E7F7DA 69 Bytes JMP 15880E02
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructBufferSize + 6 77E7F820 14 Bytes [ 0A, 45, 77, 59, C0, 9E, 32, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructBufferSize + 15 77E7F82F 206 Bytes [ 19, 7F, C9, 8A, 32, E6, 60, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructMarshall + 6E 77E7F8FE 396 Bytes [ 5A, 81, 24, 44, 7E, C2, 35, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructUnmarshall + 142 77E7FA8B 225 Bytes [ 89, 13, DD, A2, 5B, 56, D9, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructUnmarshall + 224 77E7FB6D 741 Bytes [ E2, 79, 8F, DB, 83, 7F, C1, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructUnmarshall + 50A 77E7FE53 183 Bytes [ 9B, D6, 9F, 40, 9E, CF, D7, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructUnmarshall + 5C2 77E7FF0B 461 Bytes [ 5A, FE, 81, 70, A0, 3A, EC, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!NdrConformantStructUnmarshall + 790 77E800D9 259 Bytes [ 53, F5, BF, AE, BE, 5A, 71, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcTransGetThreadEvent + 10C 77E80A11 310 Bytes [ 9E, 27, 87, FC, 16, BA, 4B, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcTransGetThreadEvent + 243 77E80B48 548 Bytes [ DA, 04, EA, 16, 31, 11, EA, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcTransGetThreadEvent + 468 77E80D6D 468 Bytes [ 2A, FF, 4E, A2, 12, 70, 61, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcTransGetThreadEvent + 63D 77E80F42 16 Bytes [ 67, 69, CF, 9B, 2A, 59, 79, ... ]
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!I_RpcTransGetThreadEvent + 64E 77E80F53 342 Bytes [ 83, C1, E0, 90, 34, 73, 56, ... ]
.text ...
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2972] RPCRT4.dll!RpcBindingServerFromClient + 258 77E82696 376 Bytes

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:53 AM

Posted 08 February 2007 - 02:32 PM

I'll assume that you know nothing at all, and walk you through this - if i'm explaining stuff you already know, just scroll on by.

Right click an empty area of your Desktop and select New > Compressed (zipped) Folder.
Drag the GMER logs onto the compressed folder and drop them there.
Click the ADDREPLY button as you would normally to make a post.
Under the window where you would normally enter the text, you will find a File Attachments section.
Click the Browse... button and navigate to the compressed folder, left click it and then click Open
Click Add This Attachment
Complete the post as normal with Add Reply.

All being well, that should be that, and I can download the folder when I next turn up here.

So long, and thanks for all the fish.

 

 


#15 malonja

malonja
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 February 2007 - 07:55 PM

Gotcha. I didn't know attaching files was an option. I'll do it.

Here is the autostart file and I'll attach the other in a subsequent post. thanks

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-07 19:55:25
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxdev.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
McDetect.exe /*McAfee WSC Integration*/@ = c:\program files\mcafee.com\agent\mcdetect.exe
McShield /*McAfee.com McShield*/@ = c:\PROGRA~1\mcafee.com\vso\mcshield.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
MpfService /*McAfee Personal Firewall Service*/@ = C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WinDefend /*Windows Defender*/@ = "C:\Program Files\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundMAXPnPC:\Program Files\Analog Devices\Core\smax4pnp.exe = C:\Program Files\Analog Devices\Core\smax4pnp.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
@IntelMeMC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
@VSOCheckTask"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
@MCAgentExec:\PROGRA~1\mcafee.com\agent\mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
@MCUpdateExec:\PROGRA~1\mcafee.com\agent\mcupdate.exe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
@VirusScan OnlineC:\Program Files\McAfee.com\VSO\mcvsshld.exe = C:\Program Files\McAfee.com\VSO\mcvsshld.exe
@MPSExec:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding = c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@OASClntC:\Program Files\McAfee.com\VSO\oasclnt.exe = C:\Program Files\McAfee.com\VSO\oasclnt.exe
@Dell Photo AIO Printer 922"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" = "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
@MPFExeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AIMC:\Program Files\AIM\aim.exe -cnetwait.odl /*file not found*/ = C:\Program Files\AIM\aim.exe -cnetwait.odl /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WINDOW~4\MpShHook.dll = C:\PROGRA~1\WINDOW~4\MpShHook.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Program Files\Sonic\RecordNow!\shlext.dll = C:\Program Files\Sonic\RecordNow!\shlext.dll
@{7D5C4BDD-B015-4401-8731-1507B87DE297} /*QBVersionTool*/C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll = C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll = C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}c:\program files\mcafee.com\mps\mcbrhlpr.dll = c:\program files\mcafee.com\mps\mcbrhlpr.dll
@{3EC8255F-E043-4cae-8B3B-B191550C2A22}c:\program files\mcafee.com\mps\popupkiller.dll = c:\program files\mcafee.com\mps\popupkiller.dll
@{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL = C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.dell4me.com/myway = http://www.dell4me.com/myway
@Start Pagehttp://www.auburnsports.com/ = http://www.auburnsports.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000006@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000007@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000008@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000009@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000010@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll
000000000011@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = C:\WINDOWS\system32\mclsp.dll

C:\Documents and Settings\Jason\Start Menu\Programs\Startup = DESKTOP.INI

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
DESKTOP.INI = DESKTOP.INI
HotSync Manager.lnk = HotSync Manager.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users