T
themagizian
date/time : 2009-04-16, 04:04:24, 203ms
computer name : MAGIZIANET
user name : MagHRB <admin>
registered owner : HRBtheMagizian / Magizia
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 12 hours 10 minutes
program up time : 1 second
processor : Intel(R) Pentium(R) M processor 1.60GHz
physical memory : 396/1527 MB (free/total)
free disk space : (C 23.52 GB
display mode : 1024x768, 32 bit
process id : $d04
allocated memory : 9.42 MB
command line : "C:\Program Files\Auslogics\Auslogics BoostSpeed
\TaskManager.exe" taskmgr.exe
executable : TaskManager.exe
current module : madExcept_.bpl
exec. date/time : 2009-01-25 02:01
version : 1.1.1.25
compiled with : Delphi 7
madExcept version : 3.0e
callstack crc : $00000000, $3cd3e00c, $65449b8a
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 00000000. Read of
address 00000000.
main thread ($f8c):
00000000 +000 ???
028447e4 +01c TaskManager.dll PsAPI
GetModuleFileNameEx
02853e5c +088 TaskManager.dll uProcess 439 +9
TProcess.GetProcessFileName
028531f0 +0a0 TaskManager.dll uProcess 173 +10 TProcess.Create
02846aba +062 TaskManager.dll uApplication 63 +4
TApplication.Create
028476c2 +05a TaskManager.dll uApplication 336 +4
TApplicationList.DoAddWindow
02847c74 +02c TaskManager.dll uApplication 462 +3 EnumWindowsProc
7e41cda8 +011 user32.dll EnumWindows
02847d25 +0a1 TaskManager.dll uApplication 478 +13
TApplicationList.Update
004399cd +079 TaskManager.exe uListItems 1253 +6
TApplicationList.Refresh
40005ddd +051 rtl70.bpl System
TObject.GetInterface
400096ab +00f rtl70.bpl System
TInterfacedObject.QueryInterface
40009646 +012 rtl70.bpl System @IntfCast
0041522f +043 TaskManager.exe uApplications 1924 +4
TfrmApplications.RefreshApplicationList
0040fe53 +04f TaskManager.exe uApplications 278 +4
TfrmApplications.tmApplicationsTimer
00414c64 +078 TaskManager.exe uApplications 1801 +8
TfrmApplications.SortByColumn
004324fc +03c TaskManager.exe uMain 2262 +2
TfrmMain.SortAllListsByFirstColumn
0042da54 +054 TaskManager.exe uMain 637 +4
TfrmMain.AxSimpleSkinFormShow
7c90eae0 +010 ntdll.dll
KiUserCallbackDispatcher
0051e0f1 +015 vcl70.bpl Forms
TCustomForm.DoShow
00521115 +0a9 vcl70.bpl Forms
TCustomForm.CMShowingChanged
00501a98 +188 vcl70.bpl Controls TControl.WndProc
00504c97 +157 vcl70.bpl Controls
TWinControl.WndProc
0051e87d +421 vcl70.bpl Forms
TCustomForm.WndProc
0042f76d +0b9 TaskManager.exe uMain 1279 +29 TfrmMain.WndProc
00501868 +024 vcl70.bpl Controls TControl.Perform
005047eb +0c7 vcl70.bpl Controls
TWinControl.UpdateShowing
00504856 +036 vcl70.bpl Controls
TWinControl.UpdateControlState
00506716 +026 vcl70.bpl Controls
TWinControl.CMVisibleChanged
00501a98 +188 vcl70.bpl Controls TControl.WndProc
00504c97 +157 vcl70.bpl Controls
TWinControl.WndProc
0051e87d +421 vcl70.bpl Forms
TCustomForm.WndProc
0042f76d +0b9 TaskManager.exe uMain 1279 +29 TfrmMain.WndProc
00501868 +024 vcl70.bpl Controls TControl.Perform
00500427 +027 vcl70.bpl Controls
TControl.SetVisible
0051e372 +03a vcl70.bpl Forms
TCustomForm.SetVisible
005258dc +080 vcl70.bpl Forms TApplication.Run
00447d9f +127 TaskManager.exe TaskManager 83 +36 initialization
thread $1bc:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90d85a +0a ntdll.dll NtDelayExecution
7c8023e7 +4b kernel32.dll SleepEx
7c80244c +0a kernel32.dll Sleep
598399b5 +0d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +37 madExcept_.bpl madExcept ThreadExceptFrame0229370f +00 ???
thread $7a0 (TProcessThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025c5 +85 kernel32.dll WaitForSingleObjectEx
7c80252d +0d kernel32.dll WaitForSingleObject
02855541 +a9 TaskManager.dll uProcess 917 +12
TProcessThread.FindProcesses
0285526b +eb TaskManager.dll uProcess 862 +23 TProcessThread.Execute
59839ad3 +2b madExcept_.bpl madExcept HookedTThreadExecute
598399b5 +0d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +37 madExcept_.bpl madExcept ThreadExceptFrame028557ff +57 TaskManager.dll uProcess 977 +3
TThreadProcessList.Create
02849664 +50 TaskManager.dll uService 543 +3 TServiceThread.Create
0284d9f9 +49 TaskManager.dll uOpenFile 527 +2 TOpenFileThread.Create
thread $c10 (TTraceThread):
7c90eb94 +000 ntdll.dll KiFastSystemCallRet
7c90e9a9 +00a ntdll.dll
NtWaitForMultipleObjects
77e28e25 +339 advapi32.dll ProcessTrace
0284b355 +08d TaskManager.dll uEventTrace 70 +8
TTraceThread.Execute
59839ad3 +02b madExcept_.bpl madExcept
HookedTThreadExecute
598399b5 +00d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +037 madExcept_.bpl madExcept ThreadExceptFrame0284bf6b +08f TaskManager.dll uTaskManager 276 +14
TTaskManager.StartNtKernelLogger
thread $880:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
598399b5 +0d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +37 madExcept_.bpl madExcept ThreadExceptFrame77dfa17c +00 advapi32.dll
modules:
00400000 TaskManager.exe 1.1.1.25 C:\Program Files\Auslogics
\Auslogics BoostSpeed
00480000 vcl70.bpl 7.0.8.1 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01210000 Localizer.dll 1.2.3.35 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01230000 helper.dll 3.2.5.222 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01250000 armaccess.dll 4.20.0.0 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01fb0000 commonforms.dll 3.2.5.172 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01fd0000 aushelper.dll 1.0.0.1 C:\Program Files\Auslogics
\Auslogics BoostSpeed
02840000 TaskManager.dll 1.1.1.22 C:\Program Files\Auslogics
\Auslogics BoostSpeed
02870000 spychecker.dll C:\Program Files\Auslogics
\Auslogics BoostSpeed
10000000 UnlockerHook.dll C:\Program Files\Unlocker
40000000 rtl70.bpl 7.0.8.1 C:\Program Files\Auslogics
\Auslogics BoostSpeed
50000000 AxPackage10.bpl 1.0.1.344 C:\Program Files\Auslogics
\Auslogics BoostSpeed
57000000 madBasic_.bpl C:\Program Files\Auslogics
\Auslogics BoostSpeed
57800000 madDisAsm_.bpl C:\Program Files\Auslogics
\Auslogics BoostSpeed
59800000 madExcept_.bpl C:\Program Files\Auslogics
\Auslogics BoostSpeed
5ad70000 uxtheme.dll 6.0.2900.2180 C:\WM9HT38D\system32
5b860000 NETAPI32.dll 5.1.2600.3462 C:\WM9HT38D\system32
666f0000 inetmib1.dll 5.1.2600.2180 C:\WM9HT38D\system32
71aa0000 WS2HELP.dll 5.1.2600.2180 C:\WM9HT38D\system32
71ab0000 WS2_32.dll 5.1.2600.2180 C:\WM9HT38D\system32
71ad0000 wsock32.dll 5.1.2600.2180 C:\WM9HT38D\system32
71b20000 mpr.dll 5.1.2600.2180 C:\WM9HT38D\system32
71bf0000 SAMLIB.dll 5.1.2600.2180 C:\WM9HT38D\system32
71f60000 snmpapi.dll 5.1.2600.2180 C:\WM9HT38D\system32
73000000 winspool.drv 5.1.2600.2180 C:\WM9HT38D\system32
755c0000 msctfime.ime 5.1.2600.2180 C:\WM9HT38D\system32
76380000 msimg32.dll 5.1.2600.2180 C:\WM9HT38D\system32
76390000 IMM32.DLL 5.1.2600.2180 C:\WM9HT38D\system32
763b0000 comdlg32.dll 6.0.2900.2180 C:\WM9HT38D\system32
76780000 SHFolder.dll 6.0.2900.2180 C:\WM9HT38D\system32
76b20000 ATL.DLL 3.5.2284.0 C:\WM9HT38D\system32
76b40000 winmm.dll 5.1.2600.2180 C:\WM9HT38D\system32
76bf0000 PSAPI.dll 5.1.2600.2180 C:\WM9HT38D\system32
76d40000 MPRAPI.dll 5.1.2600.2180 C:\WM9HT38D\system32
76d60000 iphlpapi.dll 5.1.2600.2912 C:\WM9HT38D\system32
76e10000 adsldpc.dll 5.1.2600.2180 C:\WM9HT38D\system32
76e80000 rtutils.dll 5.1.2600.2180 C:\WM9HT38D\system32
76f60000 WLDAP32.dll 5.1.2600.2180 C:\WM9HT38D\system32
77120000 oleaut32.dll 5.1.2600.3266 C:\WM9HT38D\system32
773d0000 comctl32.dll 6.0.2900.2982 C:\WM9HT38D\WinSxS
\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
774e0000 ole32.dll 5.1.2600.2726 C:\WM9HT38D\system32
77920000 SETUPAPI.dll 5.1.2600.2180 C:\WM9HT38D\system32
77c00000 version.dll 5.1.2600.2180 C:\WM9HT38D\system32
77c10000 msvcrt.dll 7.0.2600.2180 C:\WM9HT38D\system32
77cc0000 ACTIVEDS.dll 5.1.2600.2180 C:\WM9HT38D\system32
77dd0000 advapi32.dll 5.1.2600.2180 C:\WM9HT38D\system32
77e70000 RPCRT4.dll 5.1.2600.3173 C:\WM9HT38D\system32
77f10000 GDI32.dll 5.1.2600.3466 C:\WM9HT38D\system32
77f60000 SHLWAPI.dll 6.0.2900.3462 C:\WM9HT38D\system32
77fe0000 Secur32.dll 5.1.2600.2180 C:\WM9HT38D\system32
7c800000 kernel32.dll 5.1.2600.3119 C:\WM9HT38D\system32
7c900000 ntdll.dll 5.1.2600.2180 C:\WM9HT38D\system32
7c9c0000 SHELL32.dll 6.0.2900.3402 C:\WM9HT38D\system32
7df70000 oledlg.dll 5.1.2600.3016 C:\WM9HT38D\system32
7e410000 user32.dll 5.1.2600.3099 C:\WM9HT38D\system32
processes:
000 Idle
004 System
realtime
654 smss.exe above
normal C:\WM9HT38D\system32
6ec csrss.exe
realtime C:\WM9HT38D\system32
708 winlogon.exe
high h:\core
734 services.exe
high C:\WM9HT38D\system32
744 lsass.exe
high C:\WM9HT38D\system32
7d0 svchost.exe
high C:\WM9HT38D\system32
0a4 svchost.exe
high C:\WM9HT38D\system32
20c EvtEng.exe
realtime C:\Program Files\Intel\Wireless\Bin
238 S24EvMon.exe
realtime C:\Program Files\Intel\Wireless\Bin
25c WLKeeper.exe
realtime C:\Program Files\Intel\Wireless\Bin
2f4 svchost.exe
realtime C:\WM9HT38D\system32
35c svchost.exe
realtime C:\WM9HT38D\system32
2b0 WLTRYSVC.EXE
realtime C:\WM9HT38D\System32
4f8 bcmwltry.exe
realtime C:\WM9HT38D\System32
560 spoolsv.exe
realtime C:\WM9HT38D\system32
638 SCardSvr.exe
realtime C:\WM9HT38D\System32
698 Explorer.EXE
realtime C:\WM9HT38D
424 hkcmd.exe
realtime C:\WM9HT38D\system32
42c igfxpers.exe
realtime C:\WM9HT38D\system32
43c WLTRAY.exe
realtime C:\WM9HT38D\system32
450 ZCfgSvc.exe
realtime C:\Program Files\Intel\Wireless\bin
470 ifrmewrk.exe
realtime C:\Program Files\Intel\Wireless\Bin
4a4 UnlockerAssistant.exe
idle C:\Program Files\Unlocker
79c eBoostrCP.exe
realtime C:\Program Files\eBoostr
0dc RegSrvc.exe
realtime C:\Program Files\Intel\Wireless\Bin
488 tcpsvcs.exe
realtime C:\WM9HT38D\system32
4c0 snmp.exe
realtime C:\WM9HT38D\System32
9b8 alg.exe
realtime C:\WM9HT38D\System32
d58 svchost.exe
high C:\WM9HT38D\System32
d78 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup IV.exe
realtime I:\components\Plugins
be4 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup V.exe
realtime I:\components\Plugins
b78 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup VII.exe
realtime I:\components\Plugins
408 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup VIII.exe
realtime I:\components\Plugins
eac WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup I.exe
realtime I:\components\Plugins
630 Dot1XCfg.exe
realtime C:\Program Files\Intel\Wireless\Bin
548 svchost.exe
realtime C:\WM9HT38D\system32
fbc ccSvcHst.exe
normal C:\Program Files\Norton AntiVirus\Engine\16.5.0.134
180 ccSvcHst.exe
normal C:\Program Files\Norton AntiVirus\Engine\16.5.0.134
c30 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
918 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
a34 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
6a0 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
ee4 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
ae8 WinBuilder.exe
realtime C:\Documents and Settings\MagHRB\Desktop
4d4 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
420 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
9a4 EBstrSvc.exe
realtime C:\Program Files\eBoostr
2d0 wmiapsrv.exe
realtime C:\WM9HT38D\system32\wbem
8b0 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
858 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
cc4 uTorrent.exe
normal C:\Program Files\uTorrent
d8c wmiprvse.exe
normal C:\WM9HT38D\system32\wbem
d04 TaskManager.exe
high C:\Program Files\Auslogics\Auslogics BoostSpeed
hardware:
+ Batteries
- Microsoft AC Adapter
- Microsoft ACPI-Compliant Control Method Battery
- Microsoft ACPI-Compliant Control Method Battery
+ Computer
- ACPI Uniprocessor PC
+ Disk drives
- IC25N080ATMR04-0
- PNY USB 2.0 FD USB Device
- USB Flash Memory USB Device
- USB Flash Memory USB Device
- USB Flash Memory USB Device
+ Display adapters
- Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family (driver
6.14.10.4693)
- Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family (driver
6.14.10.4693)
+ IDE ATA/ATAPI controllers
- Intel(R) 82801FBM Ultra ATA Storage Controllers - 2653
- Primary IDE Channel
- Secondary IDE Channel
+ Keyboards
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ Mice and other pointing devices
- PS/2 Compatible Mouse
+ Monitors
- Plug and Play Monitor
- Plug and Play Monitor
- Plug and Play Monitor
+ Network adapters
- Broadcom NetXtreme 57xx Gigabit Controller (driver 9.52.0.0)
- Intel(R) PRO/Wireless 2200BG Network Connection (driver 9.0.4.39)
- MAC Bridge Miniport
+ PCMCIA adapters
- Texas Instruments PCIx515 Cardbus Controller
+ PCMCIA and Flash memory devices
- M-Systems DiskOnChip 2000
+ Ports (COM & LPT)
- Communications Port (COM1)
- ECP Printer Port (LPT1)
+ Processors
- Intel(R) Pentium(R) M processor 1.60GHz
+ Smart card readers
- Texas Instruments PCI GemCore based SmartCard controller (driver
1.0.1.19)
+ Sound, video and game controllers
- Audio Codecs
- Legacy Audio Drivers
- Legacy Video Capture Devices
- Media Control Devices
- SigmaTel C-Major Audio (driver 5.10.0.4255)
- Video Codecs
+ System devices
- ACPI Lid
- ACPI Power Button
- ACPI Sleep Button
- ACPI Thermal Zone
- Direct memory access controller
- Intel(R) 82801 PCI Bridge - 2448
- Intel(R) 82801FB/FBM PCI Express Root Port - 2660
- Intel(R) 82801FBM LPC Interface Controller - 2641
- ISAPNP Read Data Port
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft Composite Battery
- Microsoft System Management BIOS Driver
- Mobile Intel(R) 915GM/PM/GMS/910GML Express Processor to DRAM
Controller - 2590 (driver 6.1.0.1008)
- Numeric data processor
- PCI bus
- Plug and Play Software Device Enumerator
- Printer Port Logical Interface
- Programmable interrupt controller
- System board
- System board
- System board
- System board
- System board
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Terminal Server Device Redirector
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- Volume Manager
+ Universal Serial Bus controllers
- Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
- Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
- Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
- Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
- Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C
- USB Mass Storage Device
- USB Mass Storage Device
- USB Mass Storage Device
- USB Mass Storage Device
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
cpu registers:
eax = 00000104
ebx = 0000022c
ecx = 0012edc3
edx = 00000000
esi = 00000000
edi = 0012edc3
eip = 00000000
esp = 0012ec44
ebp = 0012ec64
stack dump:
0012ec44 ea 47 84 02 2c 02 00 00 - 00 00 00 00 c3 ed 12
00 .G..,...........
0012ec54 04 01 00 00 00 00 00 00 - b0 08 00 00 28 f0 12
00 ............(...
0012ec64 d0 ee 12 00 61 3e 85 02 - 04 01 00 00 7c ec 12
00 ....a>......|...
0012ec74 e8 64 00 40 d0 ee 12 00 - 88 ec 12 00 27 66 00
40 .d.@........'f.@
0012ec84 d0 ee 12 00 d8 ee 12 00 - e8 64 00 40 d0 ee 12
00 .........d.@....
0012ec94 00 00 00 00 b0 08 00 00 - 01 eb 90 7c 08 54 50
72 ...........|.TPr
0012eca4 6f 63 65 73 73 ee 12 00 - bb 54 50 00 88 ee 12 00
ocess....TP.....
0012ecb4 8c 1e 77 02 c8 2e 4d 00 - 58 ee 12 00 96 30 4d
00 ..w...M.X....0M.
0012ecc4 9e 30 4d 00 4e 00 00 00 - 8c 1e 77 02 88 ee 12 00 .
0M.N.....w.....
0012ecd4 00 00 00 00 99 69 91 7c - 18 1f 25 00 00 f0 fd 7f .....i.|..
%.....
0012ece4 c4 ed 12 00 1c 00 00 00 - 00 00 00 00 98 5f 00
40 ............._.@
0012ecf4 8c 1e 77 02 20 ee 12 00 - 9b 1a 50 00 4e 00 00
00 ..w.......P.N...
0012ed04 88 ee 12 00 8c 1e 77 02 - 18 1f 25 00 1c 84 ad 00 ......w...
%.....
0012ed14 1d 69 91 7c 48 00 00 00 - 4f 2a 00 40 20 84 ad 00 .i.|
H...O*.@....
0012ed24 1c 84 ad 00 1c 84 ad 00 - 64 ed 12 00 00 00 00
00 ........d.......
0012ed34 b0 08 00 00 48 00 00 00 - 34 2c 00 40 57 2c 00 40 ....H...
4,.@W,.@
0012ed44 d4 75 07 40 5f 2c 00 40 - 44 00 00 00 00 00 00
00 .u.@_,.@D.......
0012ed54 00 00 00 00 14 00 0a 02 - 00 00 00 00 d1 13 00
40 ...............@
0012ed64 0c 78 85 02 00 00 00 00 - 2c 02 00 00 20 84 ad
00 .x......,.......
0012ed74 d0 ee 12 00 2a 7e 85 02 - 88 ed 12 00 79 96 00
40 ....*~......y..@
disassembling:
[...]
02853e49 mov fs:[eax], esp
02853e4c 0439 push $104
02853e51 lea ecx, [ebp-$10d]
02853e57 xor edx, edx
02853e59 mov eax, [ebp-8]
02853e5c > call -$f699 ($28447c8) ;
PsAPI.GetModuleFileNameEx (TaskManager.dll)
02853e61 test eax, eax
02853e63 jbe loc_2853e94
02853e65 0440 mov al, [$2853f94]
02853e6a push eax
02853e6b push ebx
[...]
computer name : MAGIZIANET
user name : MagHRB <admin>
registered owner : HRBtheMagizian / Magizia
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 12 hours 10 minutes
program up time : 1 second
processor : Intel(R) Pentium(R) M processor 1.60GHz
physical memory : 396/1527 MB (free/total)
free disk space : (C 23.52 GB
display mode : 1024x768, 32 bit
process id : $d04
allocated memory : 9.42 MB
command line : "C:\Program Files\Auslogics\Auslogics BoostSpeed
\TaskManager.exe" taskmgr.exe
executable : TaskManager.exe
current module : madExcept_.bpl
exec. date/time : 2009-01-25 02:01
version : 1.1.1.25
compiled with : Delphi 7
madExcept version : 3.0e
callstack crc : $00000000, $3cd3e00c, $65449b8a
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 00000000. Read of
address 00000000.
main thread ($f8c):
00000000 +000 ???
028447e4 +01c TaskManager.dll PsAPI
GetModuleFileNameEx
02853e5c +088 TaskManager.dll uProcess 439 +9
TProcess.GetProcessFileName
028531f0 +0a0 TaskManager.dll uProcess 173 +10 TProcess.Create
02846aba +062 TaskManager.dll uApplication 63 +4
TApplication.Create
028476c2 +05a TaskManager.dll uApplication 336 +4
TApplicationList.DoAddWindow
02847c74 +02c TaskManager.dll uApplication 462 +3 EnumWindowsProc
7e41cda8 +011 user32.dll EnumWindows
02847d25 +0a1 TaskManager.dll uApplication 478 +13
TApplicationList.Update
004399cd +079 TaskManager.exe uListItems 1253 +6
TApplicationList.Refresh
40005ddd +051 rtl70.bpl System
TObject.GetInterface
400096ab +00f rtl70.bpl System
TInterfacedObject.QueryInterface
40009646 +012 rtl70.bpl System @IntfCast
0041522f +043 TaskManager.exe uApplications 1924 +4
TfrmApplications.RefreshApplicationList
0040fe53 +04f TaskManager.exe uApplications 278 +4
TfrmApplications.tmApplicationsTimer
00414c64 +078 TaskManager.exe uApplications 1801 +8
TfrmApplications.SortByColumn
004324fc +03c TaskManager.exe uMain 2262 +2
TfrmMain.SortAllListsByFirstColumn
0042da54 +054 TaskManager.exe uMain 637 +4
TfrmMain.AxSimpleSkinFormShow
7c90eae0 +010 ntdll.dll
KiUserCallbackDispatcher
0051e0f1 +015 vcl70.bpl Forms
TCustomForm.DoShow
00521115 +0a9 vcl70.bpl Forms
TCustomForm.CMShowingChanged
00501a98 +188 vcl70.bpl Controls TControl.WndProc
00504c97 +157 vcl70.bpl Controls
TWinControl.WndProc
0051e87d +421 vcl70.bpl Forms
TCustomForm.WndProc
0042f76d +0b9 TaskManager.exe uMain 1279 +29 TfrmMain.WndProc
00501868 +024 vcl70.bpl Controls TControl.Perform
005047eb +0c7 vcl70.bpl Controls
TWinControl.UpdateShowing
00504856 +036 vcl70.bpl Controls
TWinControl.UpdateControlState
00506716 +026 vcl70.bpl Controls
TWinControl.CMVisibleChanged
00501a98 +188 vcl70.bpl Controls TControl.WndProc
00504c97 +157 vcl70.bpl Controls
TWinControl.WndProc
0051e87d +421 vcl70.bpl Forms
TCustomForm.WndProc
0042f76d +0b9 TaskManager.exe uMain 1279 +29 TfrmMain.WndProc
00501868 +024 vcl70.bpl Controls TControl.Perform
00500427 +027 vcl70.bpl Controls
TControl.SetVisible
0051e372 +03a vcl70.bpl Forms
TCustomForm.SetVisible
005258dc +080 vcl70.bpl Forms TApplication.Run
00447d9f +127 TaskManager.exe TaskManager 83 +36 initialization
thread $1bc:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90d85a +0a ntdll.dll NtDelayExecution
7c8023e7 +4b kernel32.dll SleepEx
7c80244c +0a kernel32.dll Sleep
598399b5 +0d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +37 madExcept_.bpl madExcept ThreadExceptFrame0229370f +00 ???
thread $7a0 (TProcessThread):
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025c5 +85 kernel32.dll WaitForSingleObjectEx
7c80252d +0d kernel32.dll WaitForSingleObject
02855541 +a9 TaskManager.dll uProcess 917 +12
TProcessThread.FindProcesses
0285526b +eb TaskManager.dll uProcess 862 +23 TProcessThread.Execute
59839ad3 +2b madExcept_.bpl madExcept HookedTThreadExecute
598399b5 +0d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +37 madExcept_.bpl madExcept ThreadExceptFrame028557ff +57 TaskManager.dll uProcess 977 +3
TThreadProcessList.Create
02849664 +50 TaskManager.dll uService 543 +3 TServiceThread.Create
0284d9f9 +49 TaskManager.dll uOpenFile 527 +2 TOpenFileThread.Create
thread $c10 (TTraceThread):
7c90eb94 +000 ntdll.dll KiFastSystemCallRet
7c90e9a9 +00a ntdll.dll
NtWaitForMultipleObjects
77e28e25 +339 advapi32.dll ProcessTrace
0284b355 +08d TaskManager.dll uEventTrace 70 +8
TTraceThread.Execute
59839ad3 +02b madExcept_.bpl madExcept
HookedTThreadExecute
598399b5 +00d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +037 madExcept_.bpl madExcept ThreadExceptFrame0284bf6b +08f TaskManager.dll uTaskManager 276 +14
TTaskManager.StartNtKernelLogger
thread $880:
7c90eb94 +00 ntdll.dll KiFastSystemCallRet
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
598399b5 +0d madExcept_.bpl madExcept CallThreadProcSafe
59839a1f +37 madExcept_.bpl madExcept ThreadExceptFrame77dfa17c +00 advapi32.dll
modules:
00400000 TaskManager.exe 1.1.1.25 C:\Program Files\Auslogics
\Auslogics BoostSpeed
00480000 vcl70.bpl 7.0.8.1 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01210000 Localizer.dll 1.2.3.35 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01230000 helper.dll 3.2.5.222 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01250000 armaccess.dll 4.20.0.0 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01fb0000 commonforms.dll 3.2.5.172 C:\Program Files\Auslogics
\Auslogics BoostSpeed
01fd0000 aushelper.dll 1.0.0.1 C:\Program Files\Auslogics
\Auslogics BoostSpeed
02840000 TaskManager.dll 1.1.1.22 C:\Program Files\Auslogics
\Auslogics BoostSpeed
02870000 spychecker.dll C:\Program Files\Auslogics
\Auslogics BoostSpeed
10000000 UnlockerHook.dll C:\Program Files\Unlocker
40000000 rtl70.bpl 7.0.8.1 C:\Program Files\Auslogics
\Auslogics BoostSpeed
50000000 AxPackage10.bpl 1.0.1.344 C:\Program Files\Auslogics
\Auslogics BoostSpeed
57000000 madBasic_.bpl C:\Program Files\Auslogics
\Auslogics BoostSpeed
57800000 madDisAsm_.bpl C:\Program Files\Auslogics
\Auslogics BoostSpeed
59800000 madExcept_.bpl C:\Program Files\Auslogics
\Auslogics BoostSpeed
5ad70000 uxtheme.dll 6.0.2900.2180 C:\WM9HT38D\system32
5b860000 NETAPI32.dll 5.1.2600.3462 C:\WM9HT38D\system32
666f0000 inetmib1.dll 5.1.2600.2180 C:\WM9HT38D\system32
71aa0000 WS2HELP.dll 5.1.2600.2180 C:\WM9HT38D\system32
71ab0000 WS2_32.dll 5.1.2600.2180 C:\WM9HT38D\system32
71ad0000 wsock32.dll 5.1.2600.2180 C:\WM9HT38D\system32
71b20000 mpr.dll 5.1.2600.2180 C:\WM9HT38D\system32
71bf0000 SAMLIB.dll 5.1.2600.2180 C:\WM9HT38D\system32
71f60000 snmpapi.dll 5.1.2600.2180 C:\WM9HT38D\system32
73000000 winspool.drv 5.1.2600.2180 C:\WM9HT38D\system32
755c0000 msctfime.ime 5.1.2600.2180 C:\WM9HT38D\system32
76380000 msimg32.dll 5.1.2600.2180 C:\WM9HT38D\system32
76390000 IMM32.DLL 5.1.2600.2180 C:\WM9HT38D\system32
763b0000 comdlg32.dll 6.0.2900.2180 C:\WM9HT38D\system32
76780000 SHFolder.dll 6.0.2900.2180 C:\WM9HT38D\system32
76b20000 ATL.DLL 3.5.2284.0 C:\WM9HT38D\system32
76b40000 winmm.dll 5.1.2600.2180 C:\WM9HT38D\system32
76bf0000 PSAPI.dll 5.1.2600.2180 C:\WM9HT38D\system32
76d40000 MPRAPI.dll 5.1.2600.2180 C:\WM9HT38D\system32
76d60000 iphlpapi.dll 5.1.2600.2912 C:\WM9HT38D\system32
76e10000 adsldpc.dll 5.1.2600.2180 C:\WM9HT38D\system32
76e80000 rtutils.dll 5.1.2600.2180 C:\WM9HT38D\system32
76f60000 WLDAP32.dll 5.1.2600.2180 C:\WM9HT38D\system32
77120000 oleaut32.dll 5.1.2600.3266 C:\WM9HT38D\system32
773d0000 comctl32.dll 6.0.2900.2982 C:\WM9HT38D\WinSxS
\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
774e0000 ole32.dll 5.1.2600.2726 C:\WM9HT38D\system32
77920000 SETUPAPI.dll 5.1.2600.2180 C:\WM9HT38D\system32
77c00000 version.dll 5.1.2600.2180 C:\WM9HT38D\system32
77c10000 msvcrt.dll 7.0.2600.2180 C:\WM9HT38D\system32
77cc0000 ACTIVEDS.dll 5.1.2600.2180 C:\WM9HT38D\system32
77dd0000 advapi32.dll 5.1.2600.2180 C:\WM9HT38D\system32
77e70000 RPCRT4.dll 5.1.2600.3173 C:\WM9HT38D\system32
77f10000 GDI32.dll 5.1.2600.3466 C:\WM9HT38D\system32
77f60000 SHLWAPI.dll 6.0.2900.3462 C:\WM9HT38D\system32
77fe0000 Secur32.dll 5.1.2600.2180 C:\WM9HT38D\system32
7c800000 kernel32.dll 5.1.2600.3119 C:\WM9HT38D\system32
7c900000 ntdll.dll 5.1.2600.2180 C:\WM9HT38D\system32
7c9c0000 SHELL32.dll 6.0.2900.3402 C:\WM9HT38D\system32
7df70000 oledlg.dll 5.1.2600.3016 C:\WM9HT38D\system32
7e410000 user32.dll 5.1.2600.3099 C:\WM9HT38D\system32
processes:
000 Idle
004 System
realtime
654 smss.exe above
normal C:\WM9HT38D\system32
6ec csrss.exe
realtime C:\WM9HT38D\system32
708 winlogon.exe
high h:\core
734 services.exe
high C:\WM9HT38D\system32
744 lsass.exe
high C:\WM9HT38D\system32
7d0 svchost.exe
high C:\WM9HT38D\system32
0a4 svchost.exe
high C:\WM9HT38D\system32
20c EvtEng.exe
realtime C:\Program Files\Intel\Wireless\Bin
238 S24EvMon.exe
realtime C:\Program Files\Intel\Wireless\Bin
25c WLKeeper.exe
realtime C:\Program Files\Intel\Wireless\Bin
2f4 svchost.exe
realtime C:\WM9HT38D\system32
35c svchost.exe
realtime C:\WM9HT38D\system32
2b0 WLTRYSVC.EXE
realtime C:\WM9HT38D\System32
4f8 bcmwltry.exe
realtime C:\WM9HT38D\System32
560 spoolsv.exe
realtime C:\WM9HT38D\system32
638 SCardSvr.exe
realtime C:\WM9HT38D\System32
698 Explorer.EXE
realtime C:\WM9HT38D
424 hkcmd.exe
realtime C:\WM9HT38D\system32
42c igfxpers.exe
realtime C:\WM9HT38D\system32
43c WLTRAY.exe
realtime C:\WM9HT38D\system32
450 ZCfgSvc.exe
realtime C:\Program Files\Intel\Wireless\bin
470 ifrmewrk.exe
realtime C:\Program Files\Intel\Wireless\Bin
4a4 UnlockerAssistant.exe
idle C:\Program Files\Unlocker
79c eBoostrCP.exe
realtime C:\Program Files\eBoostr
0dc RegSrvc.exe
realtime C:\Program Files\Intel\Wireless\Bin
488 tcpsvcs.exe
realtime C:\WM9HT38D\system32
4c0 snmp.exe
realtime C:\WM9HT38D\System32
9b8 alg.exe
realtime C:\WM9HT38D\System32
d58 svchost.exe
high C:\WM9HT38D\System32
d78 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup IV.exe
realtime I:\components\Plugins
be4 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup V.exe
realtime I:\components\Plugins
b78 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup VII.exe
realtime I:\components\Plugins
408 WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup VIII.exe
realtime I:\components\Plugins
eac WinDoze(tm) Magizia(c) HyperTurbo OS 3.5c ~ Startup I.exe
realtime I:\components\Plugins
630 Dot1XCfg.exe
realtime C:\Program Files\Intel\Wireless\Bin
548 svchost.exe
realtime C:\WM9HT38D\system32
fbc ccSvcHst.exe
normal C:\Program Files\Norton AntiVirus\Engine\16.5.0.134
180 ccSvcHst.exe
normal C:\Program Files\Norton AntiVirus\Engine\16.5.0.134
c30 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
918 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
a34 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
6a0 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
ee4 Cheat Engine.exe above
normal C:\Program Files\Cheat Engine
ae8 WinBuilder.exe
realtime C:\Documents and Settings\MagHRB\Desktop
4d4 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
420 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
9a4 EBstrSvc.exe
realtime C:\Program Files\eBoostr
2d0 wmiapsrv.exe
realtime C:\WM9HT38D\system32\wbem
8b0 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
858 Cheat Engine.exe
normal C:\Program Files\Cheat Engine
cc4 uTorrent.exe
normal C:\Program Files\uTorrent
d8c wmiprvse.exe
normal C:\WM9HT38D\system32\wbem
d04 TaskManager.exe
high C:\Program Files\Auslogics\Auslogics BoostSpeed
hardware:
+ Batteries
- Microsoft AC Adapter
- Microsoft ACPI-Compliant Control Method Battery
- Microsoft ACPI-Compliant Control Method Battery
+ Computer
- ACPI Uniprocessor PC
+ Disk drives
- IC25N080ATMR04-0
- PNY USB 2.0 FD USB Device
- USB Flash Memory USB Device
- USB Flash Memory USB Device
- USB Flash Memory USB Device
+ Display adapters
- Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family (driver
6.14.10.4693)
- Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family (driver
6.14.10.4693)
+ IDE ATA/ATAPI controllers
- Intel(R) 82801FBM Ultra ATA Storage Controllers - 2653
- Primary IDE Channel
- Secondary IDE Channel
+ Keyboards
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ Mice and other pointing devices
- PS/2 Compatible Mouse
+ Monitors
- Plug and Play Monitor
- Plug and Play Monitor
- Plug and Play Monitor
+ Network adapters
- Broadcom NetXtreme 57xx Gigabit Controller (driver 9.52.0.0)
- Intel(R) PRO/Wireless 2200BG Network Connection (driver 9.0.4.39)
- MAC Bridge Miniport
+ PCMCIA adapters
- Texas Instruments PCIx515 Cardbus Controller
+ PCMCIA and Flash memory devices
- M-Systems DiskOnChip 2000
+ Ports (COM & LPT)
- Communications Port (COM1)
- ECP Printer Port (LPT1)
+ Processors
- Intel(R) Pentium(R) M processor 1.60GHz
+ Smart card readers
- Texas Instruments PCI GemCore based SmartCard controller (driver
1.0.1.19)
+ Sound, video and game controllers
- Audio Codecs
- Legacy Audio Drivers
- Legacy Video Capture Devices
- Media Control Devices
- SigmaTel C-Major Audio (driver 5.10.0.4255)
- Video Codecs
+ System devices
- ACPI Lid
- ACPI Power Button
- ACPI Sleep Button
- ACPI Thermal Zone
- Direct memory access controller
- Intel(R) 82801 PCI Bridge - 2448
- Intel(R) 82801FB/FBM PCI Express Root Port - 2660
- Intel(R) 82801FBM LPC Interface Controller - 2641
- ISAPNP Read Data Port
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft Composite Battery
- Microsoft System Management BIOS Driver
- Mobile Intel(R) 915GM/PM/GMS/910GML Express Processor to DRAM
Controller - 2590 (driver 6.1.0.1008)
- Numeric data processor
- PCI bus
- Plug and Play Software Device Enumerator
- Printer Port Logical Interface
- Programmable interrupt controller
- System board
- System board
- System board
- System board
- System board
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Terminal Server Device Redirector
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- Volume Manager
+ Universal Serial Bus controllers
- Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
- Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
- Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
- Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
- Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C
- USB Mass Storage Device
- USB Mass Storage Device
- USB Mass Storage Device
- USB Mass Storage Device
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub
cpu registers:
eax = 00000104
ebx = 0000022c
ecx = 0012edc3
edx = 00000000
esi = 00000000
edi = 0012edc3
eip = 00000000
esp = 0012ec44
ebp = 0012ec64
stack dump:
0012ec44 ea 47 84 02 2c 02 00 00 - 00 00 00 00 c3 ed 12
00 .G..,...........
0012ec54 04 01 00 00 00 00 00 00 - b0 08 00 00 28 f0 12
00 ............(...
0012ec64 d0 ee 12 00 61 3e 85 02 - 04 01 00 00 7c ec 12
00 ....a>......|...
0012ec74 e8 64 00 40 d0 ee 12 00 - 88 ec 12 00 27 66 00
40 .d.@........'f.@
0012ec84 d0 ee 12 00 d8 ee 12 00 - e8 64 00 40 d0 ee 12
00 .........d.@....
0012ec94 00 00 00 00 b0 08 00 00 - 01 eb 90 7c 08 54 50
72 ...........|.TPr
0012eca4 6f 63 65 73 73 ee 12 00 - bb 54 50 00 88 ee 12 00
ocess....TP.....
0012ecb4 8c 1e 77 02 c8 2e 4d 00 - 58 ee 12 00 96 30 4d
00 ..w...M.X....0M.
0012ecc4 9e 30 4d 00 4e 00 00 00 - 8c 1e 77 02 88 ee 12 00 .
0M.N.....w.....
0012ecd4 00 00 00 00 99 69 91 7c - 18 1f 25 00 00 f0 fd 7f .....i.|..
%.....
0012ece4 c4 ed 12 00 1c 00 00 00 - 00 00 00 00 98 5f 00
40 ............._.@
0012ecf4 8c 1e 77 02 20 ee 12 00 - 9b 1a 50 00 4e 00 00
00 ..w.......P.N...
0012ed04 88 ee 12 00 8c 1e 77 02 - 18 1f 25 00 1c 84 ad 00 ......w...
%.....
0012ed14 1d 69 91 7c 48 00 00 00 - 4f 2a 00 40 20 84 ad 00 .i.|
H...O*.@....
0012ed24 1c 84 ad 00 1c 84 ad 00 - 64 ed 12 00 00 00 00
00 ........d.......
0012ed34 b0 08 00 00 48 00 00 00 - 34 2c 00 40 57 2c 00 40 ....H...
4,.@W,.@
0012ed44 d4 75 07 40 5f 2c 00 40 - 44 00 00 00 00 00 00
00 .u.@_,.@D.......
0012ed54 00 00 00 00 14 00 0a 02 - 00 00 00 00 d1 13 00
40 ...............@
0012ed64 0c 78 85 02 00 00 00 00 - 2c 02 00 00 20 84 ad
00 .x......,.......
0012ed74 d0 ee 12 00 2a 7e 85 02 - 88 ed 12 00 79 96 00
40 ....*~......y..@
disassembling:
[...]
02853e49 mov fs:[eax], esp
02853e4c 0439 push $104
02853e51 lea ecx, [ebp-$10d]
02853e57 xor edx, edx
02853e59 mov eax, [ebp-8]
02853e5c > call -$f699 ($28447c8) ;
PsAPI.GetModuleFileNameEx (TaskManager.dll)
02853e61 test eax, eax
02853e63 jbe loc_2853e94
02853e65 0440 mov al, [$2853f94]
02853e6a push eax
02853e6b push ebx
[...]