it seemed to scan fine.........it actually blue screened on me after I closed teh program and tried to open the log file.
Anyway.....here it is. (in three parts)
Thanks!
Part 1
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-15 12:34:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\flabuski\LOCALS~1\Temp\uwryqpob.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA8F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA8F8BFE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xBA5B2662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA5B2610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA5B2624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA5B26A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA5B25D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xBA5B25E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xBA5B2676]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA5B264E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA5B263A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA5B26D1]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA5B26B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA5B268C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80502244 7 Bytes JMP BA5B2690 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2EE 5 Bytes JMP BA5B2666 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP BA5B26A6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP BA5B26BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA88 7 Bytes JMP BA5B267A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP BA5B25D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP BA5B25EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DD4 5 Bytes JMP BA5B263E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP BA5B2628 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74A0 5 Bytes JMP BA5B2614 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79AA 5 Bytes JMP BA5B2652 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CAA 5 Bytes JMP BA5B26D5 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB89C9380, 0x22091D, 0xE8000020]
.text autochk.exe 010011C4 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 010011CC 1 Byte [00]
.text autochk.exe 010011D0 1 Byte [00]
.text autochk.exe 010011D4 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 010011D8 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...
.text comctl32.dll!DllGetVersion + FFF96ACE 773D1679 41 Bytes [78, 42, 7E, C4, 29, 43, 7E, ...]
.text comctl32.dll!DllGetVersion + FFF97189 773D1D34 3 Bytes [65, 00, 72]
.text comctl32.dll!DllGetVersion + FFF9718D 773D1D38 3 Bytes [73, 00, 69]
.text comctl32.dll!DllGetVersion + FFF97191 773D1D3C 3 Bytes [6F, 00, 6E]
.text comctl32.dll!DllGetVersion + FFF97195 773D1D40 3 Bytes [5C, 00, 46]
.text ...
.text comctl32.dll!InitCommonControlsEx + 8B 773D36A4 326 Bytes [98, A7, 50, 9C, 90, 5D, 30, ...]
.text comctl32.dll!InitCommonControlsEx + 1D2 773D37EB 7 Bytes [40, 89, B3, 32, 8F, 2F, E6] {INC EAX; MOV [EBX-0x19d070ce], ESI}
.text comctl32.dll!InitCommonControlsEx + 1DA 773D37F3 141 Bytes CALL B78A5108
.text comctl32.dll!InitCommonControlsEx + 268 773D3881 268 Bytes [FB, D2, C7, 61, 79, 46, 98, ...]
.text comctl32.dll!InitCommonControlsEx + 375 773D398E 112 Bytes [4B, 50, D1, 0D, 64, 6E, 02, ...]
.text ...
.text comctl32.dll!DefSubclassProc + 5C 773D5FFA 24 Bytes [8B, 45, A0, 5F, 5E, 5B, C9, ...]
.text comctl32.dll!DefSubclassProc + 75 773D6013 13 Bytes [75, 08, FF, 15, B8, 13, 3D, ...]
.text comctl32.dll!DefSubclassProc + 83 773D6021 50 Bytes [74, 49, 21, 5D, F8, 21, 5D, ...]
.text comctl32.dll!DefSubclassProc + B6 773D6054 122 Bytes [15, FC, 13, 3D, 77, 6A, 00, ...]
.text comctl32.dll!DefSubclassProc + 131 773D60CF 11 Bytes [EC, 81, EC, F8, 01, 00, 00, ...]
.text ...
.text comctl32.dll!RemoveWindowSubclass + 46 773D623A 21 Bytes [00, CC, CC, CC, CC, CC, 8B, ...]
.text comctl32.dll!RemoveWindowSubclass + 5C 773D6250 31 Bytes [80, FF, 15, 50, 12, 3D, 77, ...]
.text comctl32.dll!RemoveWindowSubclass + 7C 773D6270 79 Bytes [75, 08, FF, 35, 00, 25, 46, ...]
.text comctl32.dll!RemoveWindowSubclass + CC 773D62C0 115 Bytes [08, 8B, 50, 04, 89, 10, 8B, ...]
.text comctl32.dll!RemoveWindowSubclass + 140 773D6334 8 Bytes [55, 8B, EC, 53, 56, 57, FF, ...]
.text ...
.text comctl32.dll!SetWindowSubclass + 4E 773D63B8 32 Bytes [00, 00, 56, 57, FF, 75, 08, ...]
.text comctl32.dll!SetWindowSubclass + 6F 773D63D9 9 Bytes [FF, 15, 7C, 10, 3D, 77, 3B, ...]
.text comctl32.dll!SetWindowSubclass + 79 773D63E3 53 Bytes [FC, 75, 09, 57, FF, 15, 5C, ...]
.text comctl32.dll!SetWindowSubclass + AF 773D6419 53 Bytes [D7, 56, FF, 75, 0C, E8, 96, ...]
.text comctl32.dll!SetWindowSubclass + E5 773D644F 15 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ...
.text comctl32.dll!InitCommonControls + 19 773D65E8 249 Bytes [00, 00, 8B, 0B, 8B, 53, 08, ...]
.text comctl32.dll!InitCommonControls + 113 773D66E2 7 Bytes [C9, 74, 09, 88, 0A, 42, 46] {LEAVE ; JZ 0xc; MOV [EDX], CL; INC EDX; INC ESI}
.text comctl32.dll!InitCommonControls + 11B 773D66EA 7 Bytes [4D, 0C, 75, F1, 83, 7D, 0C]
.text comctl32.dll!InitCommonControls + 123 773D66F2 11 Bytes [5E, 75, 06, 4A, B8, 7A, 00, ...]
.text comctl32.dll!InitCommonControls + 12F 773D66FE 2 Bytes [5D, C2]
.text ...
.text comctl32.dll!DPA_InsertPtr + 28 773D68A4 20 Bytes [77, F7, D8, 1B, C0, 40, 5D, ...]
.text comctl32.dll!DPA_InsertPtr + 3D 773D68B9 30 Bytes [45, 08, 6A, 00, FF, 75, 0C, ...]
.text comctl32.dll!DPA_InsertPtr + 5C 773D68D8 15 Bytes [55, 8B, EC, 8B, 45, 08, F6, ...] {PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; TEST BYTE [EAX+0x18], 0x20; JNZ 0x24; PUSH DWORD [EBP+0x14]}
.text comctl32.dll!DPA_InsertPtr + 6C 773D68E8 40 Bytes [75, 10, FF, 75, 0C, FF, 15, ...]
.text comctl32.dll!DPA_InsertPtr + 96 773D6912 25 Bytes [A1, E0, 23, 46, 77, 53, 56, ...]
.text ...
.text comctl32.dll!DPA_Destroy + 44 773D6B0C 79 Bytes [46, 18, 8B, 4E, 14, 8B, 56, ...]
.text comctl32.dll!DPA_Destroy + 94 773D6B5C 1 Byte [55]
.text comctl32.dll!DPA_Destroy + 94 773D6B5C 76 Bytes [55, 8B, EC, 83, EC, 18, 56, ...]
.text comctl32.dll!DPA_Destroy + E1 773D6BA9 50 Bytes [75, 18, FF, 75, 08, FF, 15, ...]
.text comctl32.dll!DPA_Destroy + 188 773D6C50 122 Bytes [35, 40, 2A, 46, 77, 8D, 45, ...]
.text ...
.text comctl32.dll!DSA_GetItemPtr + 2D 773D8639 56 Bytes [F0, FF, 15, 70, 14, 3D, 77, ...]
.text comctl32.dll!DSA_GetItemPtr + 66 773D8672 28 Bytes [C6, 5E, 5D, C2, 18, 00, CC, ...]
.text comctl32.dll!DSA_GetItemPtr + 83 773D868F 60 Bytes [75, 08, FF, 15, 24, 14, 3D, ...]
.text comctl32.dll!DSA_GetItemPtr + C0 773D86CC 45 Bytes [00, 00, 8B, 4D, 0C, 89, 11, ...]
.text comctl32.dll!DSA_GetItemPtr + EE 773D86FA 43 Bytes [08, 74, 06, F6, 45, 10, 02, ...]
.text ...
.text comctl32.dll!DSA_Destroy + 2 773D9CC6 138 Bytes [75, F4, FF, 15, EC, 11, 3D, ...]
.text comctl32.dll!DSA_Destroy + 8D 773D9D51 33 Bytes [30, 84, E4, 79, 11, A9, 00, ...]
.text comctl32.dll!DSA_Destroy + AF 773D9D73 65 Bytes [00, 10, 00, 75, 0A, 8B, 76, ...]
.text comctl32.dll!DSA_Destroy + F3 773D9DB7 68 Bytes [57, 57, 8B, 3D, FC, 13, 3D, ...]
.text comctl32.dll!DSA_Destroy + 139 773D9DFD 6 Bytes [76, 40, 56, E8, A9, E9]
.text ...
.text comctl32.dll!DSA_Create + B 773DB17C 35 Bytes [35, 0C, 2A, 46, 77, E8, D5, ...]
.text comctl32.dll!DSA_InsertItem + 2 773DB1A0 67 Bytes [FF, B5, 14, FD, FF, FF, E8, ...]
.text comctl32.dll!DSA_InsertItem + 46 773DB1E4 46 Bytes [FF, 01, 00, 00, 00, F6, 43, ...]
.text comctl32.dll!DSA_InsertItem + 75 773DB213 11 Bytes [12, FF, B5, 18, FD, FF, FF, ...]
.text comctl32.dll!DSA_InsertItem + 81 773DB21F 53 Bytes [FF, FF, 8D, 18, FD, FF, FF, ...]
.text comctl32.dll!DSA_InsertItem + B7 773DB255 6 Bytes [FF, D0, 8D, 85, FC, FC]
.text ...
.text comctl32.dll!ImageList_SetBkColor + 2 773DB66E 17 Bytes [FF, 2B, 85, 10, FD, FF, FF, ...]
.text comctl32.dll!ImageList_SetBkColor + 14 773DB680 34 Bytes [FF, EB, 0B, A1, 0C, 2A, 46, ...]
.text comctl32.dll!ImageList_SetBkColor + 37 773DB6A3 38 Bytes [15, C8, 14, 3D, 77, 8D, 8D, ...]
.text comctl32.dll!ImageList_SetBkColor + 5E 773DB6CA 27 Bytes [8B, 8D, 10, FD, FF, FF, 8D, ...]
.text comctl32.dll!ImageList_SetBkColor + 7A 773DB6E6 39 Bytes [85, 60, FC, FF, FF, 3B, 85, ...]
.text ...
.text comctl32.dll!ImageList_DrawIndirect + 31 773DC305 80 Bytes [50, FF, 15, AC, 24, 46, 77, ...]
.text comctl32.dll!ImageList_DrawIndirect + 82 773DC356 73 Bytes [D7, F6, 46, 0A, 02, 75, 0A, ...]
.text comctl32.dll!ImageList_DrawIndirect + CC 773DC3A0 41 Bytes [85, C0, 74, 03, 50, FF, D7, ...]
.text comctl32.dll!ImageList_DrawIndirect + 135 773DC409 98 Bytes [00, 39, 7E, 38, 0F, 84, F5, ...]
.text comctl32.dll!ImageList_DrawIndirect + 198 773DC46C 16 Bytes [74, 14, 3D, D9, FD, FF, FF, ...]
.text ...
.text comctl32.dll!ImageList_ReplaceIcon + A 773DC7FE 30 Bytes [15, 6C, 14, 3D, 77, 6A, 01, ...]
.text comctl32.dll!ImageList_ReplaceIcon + 2A 773DC81E 1 Byte [B8]
.text comctl32.dll!ImageList_ReplaceIcon + 2A 773DC81E 42 Bytes [B8, FF, 15, FC, 13, 3D, 77, ...]
.text comctl32.dll!ImageList_ReplaceIcon + 55 773DC849 74 Bytes [74, 3D, 77, 53, 57, 56, E8, ...]
.text comctl32.dll!ImageList_ReplaceIcon + A0 773DC894 2 Bytes CALL 77423F56 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text ...
.text comctl32.dll!ImageList_GetImageCount + 16 773DD58E 25 Bytes [7E, 39, 8B, 7D, 10, 8D, 48, ...]
.text comctl32.dll!ImageList_GetImageCount + 30 773DD5A8 6 Bytes [C2, 39, 01, 74, 09, C7]
.text comctl32.dll!ImageList_GetImageCount + 38 773DD5B0 3 Bytes [01, 00, 00]
.text comctl32.dll!ImageList_GetImageCount + 3C 773DD5B4 5 Bytes [89, 01, FF, 45, 08] {MOV [ECX], EAX; INC DWORD [EBP+0x8]}
.text comctl32.dll!ImageList_GetImageCount + 42 773DD5BA 87 Bytes [5D, 0C, 83, C1, 20, 83, C7, ...]
.text ...
.text comctl32.dll!ImageList_GetIconSize + 1E 773DE358 24 Bytes [15, 24, 12, 3D, 77, 8B, F0, ...]
.text comctl32.dll!ImageList_GetIconSize + 37 773DE371 22 Bytes [57, 74, 0A, FF, 75, 14, 56, ...]
.text comctl32.dll!ImageList_GetIconSize + 4E 773DE388 13 Bytes [F0, 74, 12, 57, FF, 15, EC, ...]
.text comctl32.dll!ImageList_GetIconSize + 5C 773DE396 5 Bytes [74, 03, C6, 06, 00] {JZ 0x5; MOV BYTE [ESI], 0x0}
.text comctl32.dll!ImageList_GetIconSize + 62 773DE39C 25 Bytes [F6, 80, 65, 09, 0F, EB, 23, ...]
.text ...
.text comctl32.dll!DPA_GetPtr + 27 773DE3ED 74 Bytes CALL DFB52103
.text comctl32.dll!DPA_GetPtr + 72 773DE438 139 Bytes [FF, 8B, 86, 80, 00, 00, 00, ...]
.text comctl32.dll!DPA_GetPtr + FE 773DE4C4 44 Bytes [77, 8B, 15, 34, 2A, 46, 77, ...]
.text comctl32.dll!DPA_GetPtr + 12B 773DE4F1 37 Bytes [48, 8B, 45, FC, 2B, 45, F4, ...]
.text comctl32.dll!DPA_GetPtr + 151 773DE517 131 Bytes [CC, CC, CC, CC, 8B, FF, 55, ...]
.text ...
.text comctl32.dll!ImageList_Create + AF 773E02B4 52 Bytes [46, 5C, 3B, C7, 74, 0A, 50, ...]
.text comctl32.dll!ImageList_Create + E4 773E02E9 68 Bytes [8B, 5D, 0C, 83, FB, 01, 0F, ...]
.text comctl32.dll!ImageList_Create + 129 773E032E 14 Bytes CALL FAB0773B
.text comctl32.dll!ImageList_Create + 159 773E035E 95 Bytes [7D, 14, F4, 0F, 85, DF, 03, ...]
.text comctl32.dll!ImageList_Create + 1B9 773E03BE 68 Bytes [8B, 46, 58, 3B, C7, 74, 0A, ...]
.text comctl32.dll!ImageList_Destroy + 2B 773E0403 100 Bytes [FF, 15, 28, 14, 3D, 77, E9, ...]
.text comctl32.dll!ImageList_Destroy + 90 773E0468 24 Bytes [2C, 0A, 00, 00, 00, 89, 7E, ...]
.text comctl32.dll!ImageList_Destroy + A9 773E0481 138 Bytes CALL B2B54197
.text comctl32.dll!ImageList_Destroy + 134 773E050C 109 Bytes [15, C0, 13, 3D, 77, F6, 46, ...]
.text comctl32.dll!ImageList_Destroy + 1A2 773E057A 79 Bytes [75, F8, 8D, 45, DC, FF, 75, ...]
.text ...
.text comctl32.dll!DPA_DestroyCallback + 8 773E0671 5 Bytes [83, C8, 08, F6, 46]
.text comctl32.dll!DPA_DestroyCallback + E 773E0677 12 Bytes [40, 50, 74, 0F, 68, 14, 01, ...] {INC EAX; PUSH EAX; JZ 0x13; PUSH 0x114; PUSH DWORD [ESI+0x4]}
.text comctl32.dll!DPA_DestroyCallback + 2E 773E0697 47 Bytes [0F, 50, FF, 15, 80, 14, 3D, ...]
.text comctl32.dll!DPA_EnumCallback + 23 773E06C7 25 Bytes [15, 78, 14, 3D, 77, 8B, 45, ...]
.text comctl32.dll!ImageList_Remove + 2 773E06E1 100 Bytes [2B, C7, 0F, 84, CA, 00, 00, ...]
.text comctl32.dll!ImageList_Remove + 67 773E0746 23 Bytes [FF, 75, 14, FF, 75, 10, 53, ...]
.text comctl32.dll!ImageList_Remove + 7F 773E075E 15 Bytes [45, 14, 0F, BF, C8, C1, E8, ...] {INC EBP; ADC AL, 0xf; MOV EDI, 0x10e8c1c8; MOVSX EAX, AX; PUSH ESI; MOV [ESI+0x30], ECX}
.text comctl32.dll!ImageList_Remove + 9D 773E077C 121 Bytes [FF, 83, F8, 0C, 0F, 87, B4, ...]
.text comctl32.dll!ImageList_Remove + 11B 773E07FA 53 Bytes [85, C0, 7E, 02, 8B, DA, 8B, ...]
.text ...
.text comctl32.dll!DPA_Sort + 9 773E0A8C 153 Bytes [4D, 0C, 85, C9, 7F, 03, 33, ...]
.text comctl32.dll!DPA_Sort + A3 773E0B26 48 Bytes [3B, 11, 7D, 0B, 8B, 41, 0C, ...]
.text comctl32.dll!DPA_Sort + D4 773E0B57 197 Bytes [46, 08, 03, CA, 3B, C8, 57, ...]
.text comctl32.dll!DPA_Create + 4C 773E0C1D 6 Bytes [CC, CC, CC, CC, CC, 8B]
.text comctl32.dll!DPA_Create + 53 773E0C24 38 Bytes [55, 8B, EC, 53, 8B, 5D, 0C, ...]
.text comctl32.dll!DPA_Create + 7A 773E0C4B 95 Bytes [8B, 46, 10, 03, C1, 0F, AF, ...]
.text comctl32.dll!DPA_Create + DA 773E0CAB 130 Bytes [75, 10, 50, FF, D7, 83, C4, ...]
.text comctl32.dll!DPA_Create + 15D 773E0D2E 29 Bytes [46, 10, 29, 46, 08, 33, C0, ...]
.text ...
.text comctl32.dll!DPA_DeleteAllPtrs + 4 773E170C 22 Bytes [45, 0C, 89, 45, F0, 8B, 45, ...]
.text comctl32.dll!DPA_DeleteAllPtrs + 1B 773E1723 57 Bytes [C9, C2, 0C, 00, CC, CC, CC, ...]
.text comctl32.dll!DPA_DeleteAllPtrs + 55 773E175D 3 Bytes [FF, 8B, F0]
.text comctl32.dll!DPA_DeleteAllPtrs + 59 773E1761 23 Bytes [F6, 74, 28, FF, 75, 0C, 53, ...]
.text comctl32.dll!DPA_DeleteAllPtrs + 71 773E1779 25 Bytes [74, 0C, 83, F8, FF, 74, 07, ...]
.text ...
.text comctl32.dll!DSA_DestroyCallback + 6 773E1D1C 88 Bytes [FF, FF, 85, C0, 74, 04, 8B, ...]
.text comctl32.dll!DSA_DestroyCallback + 5F 773E1D75 41 Bytes [3B, C7, 74, 27, 89, 38, 2B, ...]
.text comctl32.dll!DSA_DestroyCallback + 89 773E1D9F 15 Bytes [47, 8B, C7, 5E, 5F, 5D, C2, ...]
.text comctl32.dll!DSA_DestroyCallback + 99 773E1DAF 42 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]
.text comctl32.dll!DSA_DestroyCallback + C4 773E1DDA 2 Bytes [45, 0C]
.text ...
.text comctl32.dll!ImageList_AddMasked + 1A 773E2012 94 Bytes [15, 74, 15, 3D, 77, 85, C0, ...]
.text comctl32.dll!ImageList_AddMasked + 7A 773E2072 10 Bytes [0C, FF, 75, 08, 56, E8, 02, ...] {OR AL, 0xff; JNZ 0xc; PUSH ESI; CALL 0xfffffffffffffe0c}
.text comctl32.dll!ImageList_AddMasked + 85 773E207D 67 Bytes [F8, 5E, 8B, C7, 5F, 5D, C2, ...]
.text comctl32.dll!ImageList_AddMasked + C9 773E20C1 14 Bytes [8D, 45, D4, 50, 56, E8, 06, ...] {LEA EAX, [EBP-0x2c]; PUSH EAX; PUSH ESI; CALL 0xfffffffffffffd10; AND DWORD [EBP-0x4], 0x0}
.text comctl32.dll!ImageList_AddMasked + D8 773E20D0 5 Bytes [75, 14, FF, 75, 10] {JNZ 0x16; PUSH DWORD [EBP+0x10]}
.text ...
.text comctl32.dll!DPA_DeletePtr + 52 773E684C 25 Bytes [08, 53, 8D, 55, 18, 52, 68, ...]
.text comctl32.dll!DPA_DeletePtr + 6C 773E6866 58 Bytes [00, 0F, B7, 4D, 0C, 56, 8B, ...]
.text comctl32.dll!DPA_DeletePtr + A8 773E68A2 36 Bytes [00, FF, 53, 53, 51, 50, FF, ...]
.text comctl32.dll!DPA_DeletePtr + CD 773E68C7 47 Bytes [F8, 08, 7E, 15, 83, CF, 10, ...]
.text comctl32.dll!DPA_DeletePtr + FD 773E68F7 28 Bytes [50, FF, 75, 1C, FF, 75, 18, ...]
.text comctl32.dll!ImageList_DrawEx + 17 773E6914 2 Bytes [8B, CF] {MOV ECX, EDI}
.text comctl32.dll!ImageList_DrawEx + 1E 773E691B 70 Bytes [F7, D8, 1B, C0, F7, D8, 50, ...]
.text comctl32.dll!ImageList_DrawEx + 9A 773E6997 19 Bytes [15, 7C, 10, 3D, 77, 8B, F8, ...]
.text comctl32.dll!ImageList_DrawEx + AE 773E69AB 114 Bytes [CC, 00, 56, 56, FF, 75, 0C, ...]
.text comctl32.dll!ImageList_DrawEx + 121 773E6A1E 6 Bytes [12, 3D, 77, FF, 75, 10] {ADC BH, [0x1075ff77]}
.text ...
.text comctl32.dll!ImageList_GetBkColor + 21 773E84A1 22 Bytes [DA, FF, C6, 45, DB, 01, 88, ...]
.text comctl32.dll!ImageList_GetBkColor + 38 773E84B8 8 Bytes [8B, 46, 14, FF, 76, 1C, 2B, ...]
.text comctl32.dll!ImageList_GetBkColor + 41 773E84C1 3 Bytes [FF, 33, 50] {PUSH DWORD [EBX]; PUSH EAX}
.text comctl32.dll!ImageList_GetBkColor + 45 773E84C5 27 Bytes [46, 10, 2B, 45, 98, 50, FF, ...]
.text comctl32.dll!ImageList_GetBkColor + 61 773E84E1 12 Bytes [75, D0, FF, 15, 64, 10, 3D, ...] {JNZ 0xffffffffffffffd2; CALL [0x773d1064]; OR DWORD [ESI+0x30], 0x1}
.text ...
.text comctl32.dll!DPA_SetPtr + 91 773EC78A 45 Bytes [D7, 83, 7E, 28, 00, 74, 0F, ...]
.text comctl32.dll!DPA_SetPtr + BF 773EC7B8 50 Bytes [10, 5E, 5D, C2, 0C, 00, CC, ...]
.text comctl32.dll!DPA_SetPtr + F2 773EC7EB 39 Bytes [A8, 40, C7, 45, 08, 00, 00, ...]
.text comctl32.dll!DPA_SetPtr + 11A 773EC813 1 Byte [70]
.text comctl32.dll!DPA_SetPtr + 11A 773EC813 113 Bytes [70, 00, 00, FF, 36, FF, 15, ...]
.text ...
.text comctl32.dll!AddMRUStringW + 21 773ED303 19 Bytes [8B, C7, 2D, 0D, 04, 00, 00, ...] {MOV EAX, EDI; SUB EAX, 0x40d; JZ 0x7c; DEC EAX; JZ 0x6e; SUB EAX, 0x1bfd; JZ 0x3a}
.text comctl32.dll!AddMRUStringW + 35 773ED317 16 Bytes [45, FC, 50, FF, 75, 14, FF, ...] {INC EBP; CLD ; PUSH EAX; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]; PUSH EDI; PUSH ESI; CALL 0xfffffffffffe913d}
.text comctl32.dll!AddMRUStringW + 47 773ED329 34 Bytes [75, 41, FF, 75, 14, FF, 75, ...]
.text comctl32.dll!AddMRUStringW + 6A 773ED34C 40 Bytes [53, FF, 75, 08, FF, D7, 8B, ...]
.text comctl32.dll!AddMRUStringW + 94 773ED376 5 Bytes [14, 56, E8, C8, F3]
.text ...
.text comctl32.dll!Str_SetPtrW + 38 773ED4F1 77 Bytes [FF, 55, 8B, EC, 83, EC, 1C, ...]
.text comctl32.dll!CreateMRUListW + E 773ED53F 94 Bytes CALL BC79DE2F
.text comctl32.dll!CreateMRUListW + 6D 773ED59E 6 Bytes [FC, 33, CA, 2B, CA, 99] {CLD ; XOR ECX, EDX; SUB ECX, EDX; CDQ }
.text comctl32.dll!CreateMRUListW + 74 773ED5A5 185 Bytes [C2, 2B, C2, 3B, C1, 7F, 23, ...]
.text comctl32.dll!CreateMRUListW + 12E 773ED65F 71 Bytes [73, 24, 5E, 89, 43, 20, 5B, ...]
.text comctl32.dll!CreateMRUListW + 176 773ED6A7 94 Bytes [55, 8B, EC, 83, 7D, 0C, 02, ...]
.text ...
.text comctl32.dll!FreeMRUList + 17 773ED75B 95 Bytes CALL F740BDE1
.text comctl32.dll!FreeMRUList + 77 773ED7BB 22 Bytes [85, C0, 5F, 74, 04, 83, 4D, ...]
.text comctl32.dll!FreeMRUList + 8E 773ED7D2 36 Bytes [56, 56, 56, 56, 68, AC, 17, ...]
.text comctl32.dll!FreeMRUList + B3 773ED7F7 269 Bytes [55, 8B, EC, 83, EC, 34, 53, ...]
.text comctl32.dll!FreeMRUList + 1C1 773ED905 10 Bytes [76, 34, FF, 76, 30, 53, 53, ...] {JBE 0x36; PUSH DWORD [ESI+0x30]; PUSH EBX; PUSH EBX; PUSH DWORD [EBP+0x10]}
.text ...
.text comctl32.dll!CreateMappedBitmap + 6D 773ED99E 29 Bytes [EB, 18, A8, 01, 74, 09, C7, ...]
.text comctl32.dll!CreateMappedBitmap + 8C 773ED9BD 2 Bytes [6A, EC] {PUSH -0x14}
.text comctl32.dll!CreateMappedBitmap + 8F 773ED9C0 68 Bytes [75, 08, FF, D6, 68, 00, 00, ...]
.text comctl32.dll!CreateMappedBitmap + 13B 773EDA6C 73 Bytes [15, F0, 13, 3D, 77, 56, FF, ...]
.text comctl32.dll!CreateMappedBitmap + 186 773EDAB7 7 Bytes [76, 49, 81, F9, 15, 02, 00]
.text ...
.text comctl32.dll!EnumMRUListW + 3D 773EDFA7 20 Bytes [15, FC, 13, 3D, 77, 5F, 5E, ...]
.text comctl32.dll!EnumMRUListW + 52 773EDFBC 41 Bytes [EC, 8B, 45, 08, 56, 8B, 70, ...]
.text comctl32.dll!EnumMRUListW + 7C 773EDFE6 62 Bytes [56, FF, 15, FC, 13, 3D, 77, ...]
.text comctl32.dll!ImageList_Draw + 34 773EE025 25 Bytes [D8, 85, DB, 74, 43, 43, 8D, ...]
.text comctl32.dll!ImageList_Draw + 4F 773EE040 135 Bytes [E0, 85, C0, 74, 28, 83, 65, ...]
.text comctl32.dll!ImageList_Draw + D7 773EE0C8 12 Bytes [77, 40, FF, D6, 6A, 00, FF, ...]
.text comctl32.dll!ImageList_Draw + E5 773EE0D6 36 Bytes [FF, 77, 40, FF, D6, E8, 1B, ...]
.text comctl32.dll!ImageList_Draw + 10A 773EE0FB 46 Bytes [C0, 0F, 84, E2, 00, 00, 00, ...]
.text ...
.text comctl32.dll!CreateToolbarEx + 2 773EE56D 72 Bytes [15, B4, 13, 3D, 77, FF, 75, ...]
.text comctl32.dll!CreateToolbarEx + 4B 773EE5B6 58 Bytes [00, 00, FF, 75, F8, FF, 15, ...]
.text comctl32.dll!CreateToolbarEx + 86 773EE5F1 55 Bytes [76, 40, FF, 15, FC, 13, 3D, ...]
.text comctl32.dll!CreateToolbarEx + BE 773EE629 20 Bytes [76, 40, 8B, 1D, FC, 13, 3D, ...]
.text comctl32.dll!CreateToolbarEx + D4 773EE63F 25 Bytes [74, 40, 6A, 00, 57, 68, 8A, ...]
.text ...
.text comctl32.dll!_TrackMouseEvent + 2 773F1228 44 Bytes CALL 2E4E623D
.text comctl32.dll!_TrackMouseEvent + 2F 773F1255 49 Bytes [01, 00, 00, 74, 38, 49, 74, ...]
.text comctl32.dll!_TrackMouseEvent + 61 773F1287 71 Bytes CALL 77429F13 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!_TrackMouseEvent + A9 773F12CF 28 Bytes [8D, 81, 78, FE, FF, FF, 83, ...]
.text comctl32.dll!_TrackMouseEvent + C6 773F12EC 33 Bytes CALL 7742A768 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text ...
.text comctl32.dll!DSA_DeleteAllItems + 44 7740003D 16 Bytes [15, 70, 14, 3D, 77, 85, C0, ...]
.text comctl32.dll!DSA_DeleteAllItems + 55 7740004E 68 Bytes JMP 7740010C \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!DSA_DeleteAllItems + 9A 77400093 7 Bytes [00, 00, 56, 89, 8E, 28, 01]
.text comctl32.dll!DSA_DeleteAllItems + CA 774000C3 72 Bytes [0C, 85, DB, 74, 08, 56, E8, ...]
.text comctl32.dll!DSA_DeleteAllItems + 113 7740010C 125 Bytes [5F, 5B, 33, C0, 5E, C9, C2, ...]
.text ...
.text comctl32.dll!DrawStatusTextW + 1E 7740056D 32 Bytes [66, 8B, 96, 16, 07, 00, 00, ...]
.text comctl32.dll!DrawStatusTextW + 3F 7740058E 109 Bytes [86, F4, 06, 00, 00, 66, 89, ...]
.text comctl32.dll!DrawStatusTextW + AD 774005FC 77 Bytes [55, 8B, EC, 83, EC, 18, 56, ...]
.text comctl32.dll!DrawStatusTextW + FB 7740064A 12 Bytes [86, 94, 06, 00, 00, 50, E8, ...]
.text comctl32.dll!DrawStatusTextW + 108 77400657 14 Bytes [08, 66, 8B, 86, 06, 07, 00, ...]
.text ...
.text comctl32.dll!ImageList_SetOverlayImage + 2D 7740142D 58 Bytes [C6, EB, 03, 83, C8, FF, 5B, ...]
.text comctl32.dll!ImageList_SetOverlayImage + 95 77401495 14 Bytes [A9, FF, FF, C1, E0, 0E, 66, ...]
.text comctl32.dll!ImageList_SetOverlayImage + A4 774014A4 40 Bytes [66, 25, 00, 40, 66, 31, 86, ...]
.text comctl32.dll!ImageList_SetOverlayImage + CE 774014CE 12 Bytes [FF, B6, A8, 08, 00, 00, 66, ...]
.text comctl32.dll!ImageList_SetOverlayImage + DB 774014DB 87 Bytes [8B, 1D, 80, 12, 3D, 77, FF, ...]
.text ...
.text comctl32.dll!ImageList_GetIcon + 21 774022BB 7 Bytes CALL E1287910
.text comctl32.dll!ImageList_GetIcon + 29 774022C3 33 Bytes [68, 16, FD, FF, FF, 56, E8, ...]
.text comctl32.dll!GetEffectiveClientRect + 4 774022E5 25 Bytes [45, 0C, 53, 8B, 5D, 08, 56, ...]
.text comctl32.dll!GetEffectiveClientRect + 1E 774022FF 31 Bytes CALL 11C43214
.text comctl32.dll!GetEffectiveClientRect + 3E 7740231F 54 Bytes [39, B3, 9C, 08, 00, 00, 74, ...]
.text comctl32.dll!GetEffectiveClientRect + 75 77402356 7 Bytes [00, 66, 8B, 93, 9A, 06, 00]
.text comctl32.dll!GetEffectiveClientRect + 7D 7740235E 49 Bytes [66, 89, 4D, EE, 0F, B7, C9, ...]
.text ...
.text comctl32.dll!DPA_Search + 11 77402862 2 Bytes [14, FF] {ADC AL, 0xff}
.text comctl32.dll!DPA_Search + 15 77402866 11 Bytes CALL 774022DB \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!DPA_Search + 21 77402872 2 Bytes [75, 14] {JNZ 0x16}
.text comctl32.dll!DPA_Search + 25 77402876 15 Bytes [10, 53, FF, 75, 08, E8, 23, ...] {ADC [EBX-0x1], DL; JNZ 0xd; CALL 0xffffffffffffaa2d; JMP 0x905}
.text comctl32.dll!DPA_Search + 35 77402886 9 Bytes [75, 14, FF, 75, 10, 53, E8, ...]
.text ...
.text comctl32.dll!DllInstall + 1 77403116 42 Bytes [83, 24, 07, 00, 00, EB, 5B, ...]
.text comctl32.dll!DllInstall + 2C 77403141 181 Bytes [DF, EB, 37, 80, 8B, B9, 08, ...]
.text comctl32.dll!DllInstall + E2 774031F7 72 Bytes [40, 00, 00, C7, 45, D4, E3, ...]
.text comctl32.dll!DllInstall + 12C 77403241 2 Bytes [F8, 11]
.text comctl32.dll!DllInstall + 130 77403245 15 Bytes [EB, 09, FF, 15, A4, 12, 3D, ...] {JMP 0xb; CALL [0x773d12a4]; MOV [EBP+0xc], EAX; CMP [EBP-0x8], SI}
.text ...
.text comctl32.dll!DestroyPropertySheetPage + 3F 774036D3 13 Bytes [15, 40, 11, 3D, 77, FF, B5, ...] {ADC EAX, 0x773d1140; PUSH DWORD [EBP-0x210]; MOV ESI, EAX}
.text comctl32.dll!DestroyPropertySheetPage + 4D 774036E1 37 Bytes [33, FF, 15, 58, 17, 3D, 77, ...]
.text comctl32.dll!DestroyPropertySheetPage + 73 77403707 106 Bytes [15, 54, 17, 3D, 77, 8B, 85, ...]
.text comctl32.dll!DestroyPropertySheetPage + DF 77403773 37 Bytes [6A, 16, 50, 8B, 85, E4, FD, ...]
.text comctl32.dll!DestroyPropertySheetPage + 105 77403799 75 Bytes [6A, FF, 68, 65, 04, 00, 00, ...]
.text ...
.text comctl32.dll!CreatePropertySheetPageW + 7 77403976 144 Bytes CALL 77403873 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!CreatePropertySheetPage + 7E 77403A07 21 Bytes [46, 18, 50, FF, 15, 14, 12, ...]
.text comctl32.dll!CreatePropertySheetPage + 94 77403A1D 48 Bytes [15, 28, 14, 3D, 77, E9, 47, ...]
.text comctl32.dll!CreatePropertySheetPage + C5 77403A4E 54 Bytes [15, 40, 15, 3D, 77, 89, 46, ...]
.text comctl32.dll!CreatePropertySheetPage + FC 77403A85 79 Bytes CALL 77403509 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!CreatePropertySheetPage + 14C 77403AD5 30 Bytes [15, 9C, 12, 3D, 77, 33, C9, ...]
.text ...
.text comctl32.dll!PropertySheetW + 8 77408C69 6 Bytes [FF, 50, FF, B5, EC, FD] {CALL [EAX-0x1]; MOV CH, 0xec; STD }
.text comctl32.dll!PropertySheetW + F 77408C70 46 Bytes [FF, FF, 15, 30, 15, 3D, 77, ...]
.text comctl32.dll!PropertySheet + 26 77408C9F 70 Bytes [80, 4E, 24, 80, 6A, 00, 53, ...]
.text comctl32.dll!CreateStatusWindowW + 16 77408CE7 24 Bytes [50, 56, C7, 85, C4, FD, FF, ...]
.text comctl32.dll!CreateStatusWindowW + 2F 77408D00 23 Bytes [50, 68, 3B, FE, FF, FF, 56, ...]
.text comctl32.dll!CreateStatusWindow + A 77408D18 8 Bytes CALL 77408D1D \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!CreateStatusWindow + 13 77408D21 47 Bytes [15, 58, 14, 3D, 77, 8B, 85, ...]
.text comctl32.dll!CreateStatusWindow + 43 77408D51 25 Bytes [16, 3D, 7B, FC, FF, FF, 74, ...]
.text comctl32.dll!CreateStatusWindow + 5E 77408D6C 202 Bytes CALL 7740855E \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
.text comctl32.dll!CreateStatusWindow + 129 77408E37 118 Bytes [85, F6, 74, 30, 83, FE, FF, ...]
.text comctl32.dll!DrawStatusText + 5A 77408EAE 8 Bytes CALL B0408EB3
.text comctl32.dll!DrawStatusText + 63 77408EB7 2 Bytes [85, 82]
.text comctl32.dll!DrawStatusText + 6A 77408EBE 70 Bytes CALL BF8B02EB \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text comctl32.dll!DrawStatusText + B1 77408F05 13 Bytes [38, EB, 0A, 80, 66, 24, 7F, ...] {CMP BL, CH; OR AL, [EAX-0x1480db9a]; ADD AL, 0x80; DEC ESI; AND AL, 0x80}
.text comctl32.dll!DrawStatusText + BF 77408F13 54 Bytes [75, 10, FF, 15, EC, 13, 3D, ...]
.text ...