> PENGUMUMAN <

**indraramadhan094** · 26-03-2012 19:18:57

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Topic: PC Media Predator Technical Preview

Mohon ijin momod dan mimin,

Ane liat di section ini belum ada topic khusus dengan judul pelaporan Bug PC Media Antivirus Predator Technical Preview, untuk itu ane berinisiatif membuat topic ini.

Pertama, Saya mau Lapor Bug PC Media Antivirus Predator Technical Preview yang ada di PC saya.

OS : Windows XP SP3 build 2600
RAM : 1GB

Masalah Pertama adalah PCMAV ini selalu Not Responding, mau click Buttom aja Susah...

Lalu file yang di scan ini2 juga. Mentok sampai objeck ini aja, bingung mau lihat nama file apa yang di scan. --"

Lalu Clamav yang tak bisa diupdate (File Clamav tidak saya tempatkan, saya inginnya library sama main bisa didownload lewat update PCMAV).
Lalu Program tak dapat dibuka, sebagai contoh notepad. sampai PCMAV Exit, process menggantung dan Program2 dapat dibuka setelah PCMAV Exit.
Berikut Screenshotnya untuk 2 masalah tersebut

Lalu ketika klik tray ketika main loading PCMAV, Ada 3 tulisan tray yg hilang.

Ketika PCMAV di exit, muncul MadExcept tetapi tidak menampilkan Log Bug Repot.

Ketika di Restart, Process PCMAV menggantung karena saya tunggu beberapa lama... PCMAV tidak muncul dilayar.

Berikut Log Bug Reportnya

date/time         : 2012-03-26, 18:52:15, 78ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 3 hours 19 minutes
program up time   : 3 minutes 38 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 412/958 MB (free/total)
free disk space   : (C:) 9.06 GB
display mode      : 1024x768, 32 bit
process id        : $b8
allocated memory  : 32.95 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $9c14c702, $41f1a36d, $41f1a36d
exception number  : 1
exception class   : EPrivilege
exception message : Privileged instruction.

main thread ($d18):
0067006f +817 PCMAV.exe  segment%98  public%13580
00406924 +008 PCMAV.exe  segment%0   public%227
008dbd71 +0cd PCMAV.exe  segment%265 public%20726
008d518a +01e PCMAV.exe  segment%265 public%20623
005a23a5 +055 PCMAV.exe  segment%79  public%9701
005a22cd +021 PCMAV.exe  segment%79  public%9700
008da48b +007 PCMAV.exe  segment%265 public%20682
0058ecaf +0a7 PCMAV.exe  segment%77  public%9314
005902b3 +013 PCMAV.exe  segment%77  public%9377
00591546 +082 PCMAV.exe  segment%77  public%9426
00591495 +01d PCMAV.exe  segment%77  public%9425
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
007825aa +19a PCMAV.exe  segment%149 public%17411
008c9ce4 +218 PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e42a034 +016 USER32.dll             CallWindowProcW
00842a4c +034 PCMAV.exe  segment%174 public%18475
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008da986 +15e PCMAV.exe  segment%265 public%20693
004fd7f3 +06f PCMAV.exe  segment%62  public%6006
00517c2a +01e PCMAV.exe  segment%63  public%6738
005cd828 +068 PCMAV.exe  segment%83  public%10707
00518718 +010 PCMAV.exe  segment%63  public%6770
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
004fcebc +024 PCMAV.exe  segment%62  public%5992
00501d33 +023 PCMAV.exe  segment%62  public%6160
005027bf +00b PCMAV.exe  segment%62  public%6168
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e4292de +044 USER32.dll             SendMessageW
7e42a034 +016 USER32.dll             CallWindowProcW
00501ce0 +0d8 PCMAV.exe  segment%62  public%6159
004fdc48 +010 PCMAV.exe  segment%62  public%6023
004fdbb2 +07e PCMAV.exe  segment%62  public%6020
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a71a6 +00a PCMAV.exe  segment%79  public%9878
005a74d9 +0c9 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $45c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $b04:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($d18) at:
02f716e9 +00 IDMShellExt.dll

thread $efc (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($d18) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $e24:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($d18) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $a24:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($d18) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $fe4:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($d18) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $844:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($d18) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $ef8:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($d18) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $820:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($d18) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $738 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($d18) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $adc:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $db8:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $8c0:
7c90df48 +00a ntdll.dll               NtWaitForMultipleObjects
7c80958a +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a110 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by main thread ($d18) at:
769c887a +273 Userenv.dll             RegisterGPNotification

processes:
000 Idle                 0   0
004 System               0   0   normal
188 smss.exe             0   0   normal C:\WINDOWS\system32
2b4 csrss.exe            62  62  normal C:\WINDOWS\system32
2d0 winlogon.exe         51  14  high   C:\WINDOWS\system32
2fc services.exe         4   2   normal C:\WINDOWS\system32
308 lsass.exe            4   2   normal C:\WINDOWS\system32
3d4 svchost.exe          4   1   normal C:\WINDOWS\system32
6c0 svchost.exe          4   1   normal C:\WINDOWS\system32
6e8 MsMpEng.exe          4   2   normal C:\Program Files\Microsoft Security Client\Antimalware
70c svchost.exe          11  30  normal C:\WINDOWS\System32
138 svchost.exe          4   1   normal C:\WINDOWS\system32
228 svchost.exe          4   2   normal C:\WINDOWS\system32
408 spoolsv.exe          4   4   normal C:\WINDOWS\system32
468 alg.exe              4   2   normal C:\WINDOWS\System32
59c ekrn.exe             11  11  normal C:\Program Files\ESET\ESET Smart Security
5fc Explorer.EXE         309 140 normal C:\WINDOWS
628 svchost.exe          4   1   normal C:\WINDOWS\System32
3b4 wscntfy.exe          35  11  normal C:\WINDOWS\system32
8d0 egui.exe             191 59  normal C:\Program Files\ESET\ESET Smart Security
8d8 VTTimer.exe          15  5   normal C:\WINDOWS\system32
8e0 taskmgr.exe          112 123 high   C:\WINDOWS\system32
900 VTtrayp.exe          22  5   normal C:\WINDOWS\system32
97c SOUNDMAN.EXE         21  8   normal C:\WINDOWS
bec IDMan.exe            134 69  normal C:\Program Files\Internet Download Manager
c4c xwidget.exe          97  96  normal C:\Program Files\XWidget
ca4 ctfmon.exe           93  44  normal C:\WINDOWS\system32
ecc DllHost.exe          8   3   normal C:\WINDOWS\system32
b38 ping.exe             4   1   normal C:\WINDOWS\system32
a50 firefox.exe          559 77  normal C:\Program Files\Mozilla Firefox
630 plugin-container.exe 14  8   normal C:\Program Files\Mozilla Firefox
84c svchost.exe          4   4   normal C:\WINDOWS\system32
818 mspaint.exe          142 73  normal C:\WINDOWS\system32
0b8 PCMAV.exe            216 105 normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview
9f8 notepad.exe          15  5   normal C:\WINDOWS\system32
fc8 notepad.exe          15  5   normal C:\WINDOWS\system32

disassembling:
0066f858 public segment%98.public%13580 (PCMAV.exe):  ; function entry point
0066f858   mov     al, $f8
0066f85a   add     [eax], al
0066f85d   add     [eax], al
0066f85f   add     [eax], al
0066f861   add     [eax], al
0066f863   add     [eax], dh
0066f865   std
0066f866   add     [eax+5], bl
0066f86a   add     [bp+si-3], al
0066f86e   add     [esi-2], bh
0066f872   add     [edi+edi*8], dl
0066f876   add     [edi+edi*8], bl
0066f87a   add     [eax+ecx-$7efc0000], cl
0066f882   add     al, bl
0066f885   imul    eax, [eax], $4069e0    ; segment%0.public%232 (PCMAV.exe)
0066f88c   shr     byte ptr [eax+eax*2], 1
0066f890   fcom    dword ptr [ebp+$48]
0066f893   add     ah, dl
0066f895   xchg    ch, [ecx]
0066f898   or      al, $47
0066f89a   dec     eax
0066f89b   add     al, dh
0066f89d   insb
0066f89e   inc     eax
0066f89f   add     [eax], cl
0066f8a1   sbb     al, $50
0066f8a3   add     [eax+ebp*2+$68d00040], dh
0066f8aa   inc     eax
0066f8ab   add     [eax], dl
0066f8ad   cmp     [eax], ebp
0066f8b0   push    edi
0066f8b2   push    eax
0066f8b3   add     [esp+ecx*2], al
0066f8b6   push    0
0066f8b8   hlt
0066f8b9   xchg    ch, [ecx]
0066f8bc   insb
0066f8bd   dec     edx
0066f8be   imul    eax, [eax], $695064    ; segment%98.public%14257 (PCMAV.exe)
0066f8c4   add     cl, dh
0066f8c6   dec     edi
0066f8c7   add     [eax], bl
0066f8c9   push    ebp
0066f8ca   dec     eax
0066f8cb   add     [edx*2+$53940048], bl
0066f8d2   dec     eax
0066f8d3   add     [edi+esi*4], bh
0066f8d6   dec     edi
0066f8d7   add     [eax], al
0066f8d9   push    esi
0066f8da   dec     eax
0066f8db   add     al, dl
0066f8dd   dec     ebx
0066f8de   dec     eax
0066f8df   add     al, cl
0066f8e1   dec     ebx
0066f8e2   dec     eax
0066f8e3   add     [eax], cl
0066f8e5   push    esi
0066f8e6   dec     eax
0066f8e7   add     [ebp+edi+$6a], al
0066f8eb   add     [eax-$77ff95d4], bl
0066f8f1   push    ecx
0066f8f2   push    eax
0066f8f3   add     [edi+edx*2+$56e00050], dl
0066f8fa   push    eax
0066f8fb   add     [eax], bh
0066f8fd   loop    loc_66f94e
0066f8fd
0066f8ff   add     [eax-$3d], al
0066f902   dec     edi
0066f903   add     [ebx+eax*8+$4f], al
0066f907   add     [eax+ebp*4+$4b54004f], ch
0066f90e   push    eax
0066f90f   add     [ebx+ecx*2+$50], dh
0066f913   add     [eax-$13ffafb9], cl
0066f919   cmpsd
0066f91a   dec     edi
0066f91b   add     [eax], bl
0066f91d   out     $4f, eax
0066f91f   add     [edi+$4f], al
0066f923   add     [eax+$2d], ah
0066f926   push    eax
0066f927   add     [edi+esi*4], ah
0066f92a   dec     edi
0066f92b   add     [eax-$53ffb056], cl
0066f931   mov     eax, $6aa4004f
0066f936   push    eax
0066f937   add     [ebx+edi*4-$45e7ffb1], ch
0066f93e   dec     edi
0066f93f   add     ah, dh
0066f941   jg      loc_66f9ac
0066f941
0066f943   add     al, ch
0066f945   cmpsd
0066f946   dec     edi
0066f947   add     al, cl
0066f949   out     $4f, eax
0066f94b   add     ah, bl
0066f94d   inc     edi
0066f94b
0066f94e loc_66f94e:
0066f94e   push    eax
0066f94f   add     al, dh
0066f951   dec     eax
0066f952   push    eax
0066f953   add     [eax+$42], cl
0066f956   push    eax
0066f957   add     ah, dl
0066f959   dec     eax
0066f95a   push    eax
0066f95b   add     [eax-$f], bh
0066f95e   dec     edi
0066f95f   add     al, bl
0066f961   cld
0066f962   dec     edi
0066f963   add     [esp+ecx+$50], ch
0066f967   add     [eax+edx*8+$9180068], bl
0066f96e   push    eax
0066f96f   add     [ecx+edx*8], ch
0066f972   push    $500d0400
0066f96f
0066f973 loc_66f973:
0066f973   add     [ecx+$d280050], al
0066f97a   push    eax
0066f97b   add     [ebp+ecx+$ba80050], bh
0066f982   push    eax
0066f983   add     [eax+$b], al
0066f986   push    eax
0066f987   add     [eax+$69], ah
0066f98a   push    eax
0066f98b   add     [eax], ah
0066f98d   dec     edx
0066f98e   push    eax
0066f98f   add     al, al
0066f991   ja      +$50 ($66f9e3)
0066f991
0066f993   add     al, bl
0066f995   push    $10fc0050
0066f99a   push    eax
0066f99b   add     [esi+eax*2], dh
0066f99e   push    eax
0066f99f   add     [eax], ch
0066f9a1   push    $50
0066f9a3   add     [eax-$3fffafb7], cl
0066f9a9   push    edx
0066f9aa   imul    eax, [eax], $68c05c    ; segment%98.public%14078 (PCMAV.exe)
0066f9a9
0066f9ac loc_66f9ac:
0066f9ac   pop     esp
0066f9ad   shr     byte ptr [eax], $70
0066f9b1   shr     dword ptr [eax], $d8
0066f9b5   shr     dword ptr [eax], $2c
0066f9b9   dec     edx
0066f9ba   push    0
0066f9bc   dec     eax
0066f9bd   ret     $68

-Update-
Ketika Loading Database, saya pilih Quick Scan.

date/time         : 2012-03-26, 20:07:01, 843ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 23 minutes 30 seconds
program up time   : 40 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 128/958 MB (free/total)
free disk space   : (C:) 8.94 GB
display mode      : 1024x768, 32 bit
process id        : $d2c
allocated memory  : 21.80 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $23a58092, $936e4963, $936e4963
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 007A51B6 in module 'PCMAV.exe'. Read of address 0000000C.

main thread ($1a8):
007a51b6 +07e PCMAV.exe  segment%155 public%17676
008c9be0 +114 PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008d9f0c +15c PCMAV.exe  segment%265 public%20674
0058ecaf +0a7 PCMAV.exe  segment%77  public%9314
005902b3 +013 PCMAV.exe  segment%77  public%9377
00591546 +082 PCMAV.exe  segment%77  public%9426
00591495 +01d PCMAV.exe  segment%77  public%9425
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
0054f130 +238 PCMAV.exe  segment%74  public%7970
0048668c +014 PCMAV.exe  segment%30  public%3805
7c90e470 +010 ntdll.dll              KiUserCallbackDispatcher
008d5aab +5bb PCMAV.exe  segment%265 public%20629
00406f7a +002 PCMAV.exe  segment%0   public%260
004dacd6 +05a PCMAV.exe  segment%52  public%5330
00406924 +008 PCMAV.exe  segment%0   public%227
004dac74 +018 PCMAV.exe  segment%52  public%5329
004dcc41 +0bd PCMAV.exe  segment%52  public%5375
004dbcd2 +06e PCMAV.exe  segment%52  public%5344
005cbc13 +5c3 PCMAV.exe  segment%83  public%10648
004fcebc +024 PCMAV.exe  segment%62  public%5992
00500fe1 +10d PCMAV.exe  segment%62  public%6149
005010f0 +0bc PCMAV.exe  segment%62  public%6150
00503cae +026 PCMAV.exe  segment%62  public%6249
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
0059e072 +5f2 PCMAV.exe  segment%79  public%9586
004fcebc +024 PCMAV.exe  segment%62  public%5992
004fb89a +026 PCMAV.exe  segment%62  public%5908
0059d90a +03a PCMAV.exe  segment%79  public%9581
005a74c3 +0b3 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $e24:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $eb4:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($1a8) at:
02f716e9 +00 IDMShellExt.dll

thread $2b0 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($1a8) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $934:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($1a8) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $f5c:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($1a8) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $f78:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($1a8) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $de4 (TRunningItemThread):
7c90df48 +0a ntdll.dll                NtWaitForMultipleObjects
7c80958a +00 kernel32.dll             WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll             WaitForMultipleObjects
007ac20b +2b PCMAV.exe    segment%157 public%17725
007ac48d +39 PCMAV.exe    segment%157 public%17737
004bc4c3 +2b PCMAV.exe    segment%36  public%4586
00483662 +42 PCMAV.exe    segment%30  public%3630
00408520 +28 PCMAV.exe    segment%0   public%327
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($1a8) at:
007ac3bf +23 PCMAV.exe    segment%157 public%17735

thread $d04 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($1a8) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

processes:
000 Idle                         0   0
004 System                       0   0   normal
1b0 smss.exe                     0   0   normal       C:\WINDOWS\system32
2b4 csrss.exe                    0   0
2d0 winlogon.exe                 51  14  high         C:\WINDOWS\system32
2fc services.exe                 4   2   normal       C:\WINDOWS\system32
308 lsass.exe                    4   2   normal       C:\WINDOWS\system32
3d8 svchost.exe                  4   1   normal       C:\WINDOWS\system32
6c4 svchost.exe                  0   0
6ec MsMpEng.exe                  4   2   normal       C:\Program Files\Microsoft Security Client\Antimalware
710 svchost.exe                  11  29  normal       C:\WINDOWS\System32
104 svchost.exe                  0   0
224 svchost.exe                  0   0
408 spoolsv.exe                  4   4   normal       C:\WINDOWS\system32
56c alg.exe                      0   0
5a8 Explorer.EXE                 348 242 normal       C:\WINDOWS
5bc ekrn.exe                     11  13  normal       C:\Program Files\ESET\ESET Smart Security
628 svchost.exe                  4   1   normal       C:\WINDOWS\System32
7f0 TuneUpUtilitiesService32.exe 4   5   normal       C:\Program Files\TuneUp Utilities 2012
24c wscntfy.exe                  35  11  normal       C:\WINDOWS\system32
484 TuneUpUtilitiesApp32.exe     220 99  normal       C:\Program Files\TuneUp Utilities 2012
808 egui.exe                     188 59  normal       C:\Program Files\ESET\ESET Smart Security
81c VTTimer.exe                  15  5   normal       C:\WINDOWS\system32
82c VTtrayp.exe                  22  5   normal       C:\WINDOWS\system32
840 SOUNDMAN.EXE                 21  8   normal       C:\WINDOWS
848 IDMan.exe                    147 109 normal       C:\Program Files\Internet Download Manager
850 xwidget.exe                  97  96  normal       C:\Program Files\XWidget
860 ctfmon.exe                   145 70  normal       C:\WINDOWS\system32
86c WinSnap.exe                  58  73  normal       C:\Program Files\WinSnap
948 ping.exe                     4   1   normal       C:\WINDOWS\system32
490 mspaint.exe                  96  65  normal       C:\WINDOWS\system32
668 svchost.exe                  4   3   normal       C:\WINDOWS\system32
9fc taskmgr.exe                  107 123 normal       C:\WINDOWS\system32
c1c notepad.exe                  31  21  normal       C:\WINDOWS\system32
f48 firefox.exe                  246 47  normal       C:\Program Files\Mozilla Firefox
8d4 chrome.exe                   97  71  normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
568 chrome.exe                   15  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
b34 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
ca4 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
978 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
4b0 chrome.exe                   45  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
c80 chrome.exe                   25  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
a3c chrome.exe                   8   7   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
d2c PCMAV.exe                    214 97  below normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview

disassembling:
007a5138 public segment%155.public%17676 (PCMAV.exe):  ; function entry point
007a5138   push    ebp
007a5139   mov     ebp, esp
007a513b   push    ecx
007a513c   mov     ecx, $26
007a513b
007a5141 loc_7a5141:
007a5141   push    0
007a5143   push    0
007a5145   dec     ecx
007a5146   jnz     loc_7a5141
007a5146
007a5148   xchg    ecx, [ebp-4]
007a514b   push    ebx
007a514c   push    esi
007a514d   mov     [ebp-$94], ecx
007a5153   mov     [ebp-$90], edx
007a5159   mov     [ebp-$8c], eax
007a515f   lea     eax, [ebp-$88]
007a5165   mov     edx, [$7a1c68]
007a516b   call    -$39b0b8 ($40a0b8)     ; segment%0.public%441 (PCMAV.exe)
007a516b
007a5170   xor     eax, eax
007a5172   push    ebp
007a5173   push    $7a5860                ; segment%0.public%300 (PCMAV.exe)
007a5178   push    dword ptr fs:[eax]
007a517b   mov     fs:[eax], esp
007a517e   mov     byte ptr [ebp-$95], 0
007a5185   mov     eax, [ebp-$90]
007a518b   mov     byte ptr [eax], 0
007a518e   mov     byte ptr [ebp-$bd], 1
007a5195   mov     eax, [ebp-$94]
007a519b   mov     eax, [eax]
007a519d   mov     dl, 1
007a519f   call    -$329ae4 ($47b6c0)     ; segment%30.public%3370 (PCMAV.exe)
007a519f
007a51a4   mov     eax, [ebp-$94]
007a51aa   mov     eax, [eax]
007a51ac   mov     byte ptr [eax+$39], 0
007a51b0   mov     eax, [ebp-$8c]
007a51b6 > mov     eax, [eax+$c]
007a51b9   call    -$2e8a ($7a2334)       ; segment%154.public%17642 (PCMAV.exe)
007a51b9
007a51be   lea     edx, [ebp-4]
007a51c1   mov     eax, $7a5884
007a51c6   call    -$5456f ($750c5c)      ; segment%133.public%16904 (PCMAV.exe)
007a51c6
007a51cb   mov     dword ptr [ebp-$a0], 3
007a51d5   mov     dword ptr [ebp-$c8], $900a78
007a51cb
007a51df loc_7a51df:
007a51df   lea     eax, [ebp-$18]
007a51e2   mov     edx, [ebp-$c8]
007a51e8   mov     edx, [edx]
007a51ea   call    -$39c753 ($408a9c)     ; segment%0.public%355 (PCMAV.exe)
007a51ea
007a51ef   mov     eax, [ebp-4]
007a51f2   mov     edx, [eax]
007a51f4   call    dword ptr [edx+$70]
007a51f4
007a51f7   dec     eax
007a51f8   test    eax, eax
007a51fa   jl      loc_7a5756
007a51fa
007a5200   inc     eax
007a5201   mov     [ebp-$c4], eax
007a5207   mov     dword ptr [ebp-$a4], 0
007a5201
007a5211 loc_7a5211:
007a5211   lea     ecx, [ebp-8]
007a5214   mov     edx, [ebp-$a4]
007a521a   mov     eax, [ebp-4]
007a521d   mov     ebx, [eax]
007a521f   call    dword ptr [ebx+$d8]
007a521f
007a5225   lea     edx, [ebp-$f4]
007a522b   mov     eax, [ebp-8]
007a522e   mov     ecx, [eax]
007a5230   call    dword ptr [ecx+$a0]
007a5230
007a5236   mov     edx, [ebp-$f4]
007a523c   lea     eax, [ebp-$f0]
007a5242   call    -$39ba1b ($40982c)     ; segment%0.public%421 (PCMAV.exe)
007a5242
007a5247   mov     eax, [ebp-$f0]
007a524d   lea     edx, [ebp-$ec]
007a5253   call    -$3560a4 ($44f1b4)     ; segment%26.public%2256 (PCMAV.exe)
007a5253
007a5258   mov     eax, [ebp-$ec]
007a525e   lea     edx, [ebp-$e8]
007a5264   call    -$358261 ($44d008)     ; segment%26.public%2181 (PCMAV.exe)
007a5264
007a5269   mov     eax, [ebp-$e8]
007a526f   mov     edx, [ebp-$18]
007a5272   call    -$39b71f ($409b58)     ; segment%0.public%431 (PCMAV.exe)
007a5272
007a5277   jnz     loc_7a5744
007a5277
007a527d   mov     eax, [ebp-8]
007a5280   mov     edx, [eax]
007a5282   call    dword ptr [edx+$80]
007a5282
007a5288   mov     [ebp-$ac], eax
007a528e   lea     edx, [ebp-$c]
007a5291   mov     eax, [ebp-8]
007a5294   mov     ecx, [eax]
007a5296   call    dword ptr [ecx+$110]
007a5296
007a529c   mov     eax, [ebp-$c]
007a529f   mov     edx, [eax]
007a52a1   call    dword ptr [edx+$70]
007a52a1
007a52a4   mov     esi, eax
007a52a6   dec     esi
007a52a7   test    esi, esi
007a52a9   jl      loc_7a555a
007a52a9
007a52af   inc     esi
007a52b0   mov     dword ptr [ebp-$a8], 0
007a52af
007a52ba loc_7a52ba:
007a52ba   mov     eax, [$904798]
007a52bf   mov     eax, [eax]
007a52c1   call    -$1fe142 ($5a7184)     ; segment%79.public%9877 (PCMAV.exe)
007a52c1
007a52c6   lea     ecx, [ebp-$10]
007a52c9   mov     edx, [ebp-$a8]
007a52cf   mov     eax, [ebp-$c]
007a52d2   mov     ebx, [eax]
007a52d4   call    dword ptr [ebx+$d8]
007a52d4
007a52da   mov     eax, [ebp-$10]
007a52dd   mov     edx, [eax]
007a52df   call    dword ptr [edx+$80]
007a52df
007a52e5   mov     ebx, eax
007a52e7   mov     edx, ebx
007a52e9   mov     eax, [ebp-$8c]
007a52ef   call    -$eb0 ($7a4444)        ; segment%155.public%17671 (PCMAV.exe)
007a52ef
007a52f4   mov     [ebp-$9c], eax
007a52fa   lea     eax, [ebp-$14]
007a52fd   push    eax
007a52fe   mov     ecx, ebx
007a5300   mov     edx, [ebp-$ac]
007a5306   mov     eax, [ebp-$8c]
007a530c   call    -$d9d ($7a4574)        ; segment%155.public%17672 (PCMAV.exe)
007a530c
007a5311   cmp     dword ptr [ebp-$14], 0
007a5315   jz      loc_7a5329
007a5315
007a5317   mov     dl, 1
007a5319   mov     eax, [ebp-$14]
007a531c   call    -$356aa5 ($44e87c)     ; segment%26.public%2235 (PCMAV.exe)
007a531c
007a5321   test    al, al
007a5323   jnz     loc_7a554d
007a5323
007a5329 loc_7a5329:
007a5329   xor     ebx, ebx
007a532b   lea     eax, [ebp-$e4]
007a5331   xor     ecx, ecx
007a5333   mov     edx, $1c
007a5338   call    -$39ffe5 ($405358)     ; segment%0.public%174 (PCMAV.exe)
007a5338
007a533d   jmp     loc_7a5519
007a533d
007a533d ; ---------------------------------------------------------
007a533d
007a5342 loc_7a5342:
007a5342   mov     eax, [ebp-$dc]
007a5348   or      eax, 4
007a534b   or      eax, $10
007a534e   jz      loc_7a550d
007a534e
007a5354   cmp     dword ptr [ebp-$d4], $1000
007a535e   jnz     loc_7a550d
007a535e
007a5364   mov     eax, [ebp-$e4]
007a536a   mov     [ebp-$b8], eax
007a5370   mov     eax, [ebp-$e4]
007a5376   add     eax, [ebp-$d8]
007a537c   mov     [ebp-$bc], eax
007a5382   mov     eax, [ebp-$b8]
007a5388   cmp     eax, [ebp-$9c]
007a538e   ja      loc_7a550d
007a538e
007a5394   mov     eax, [ebp-$bc]
007a539a   cmp     eax, [ebp-$9c]
007a53a0   jbe     loc_7a550d
007a53a0
007a53a6   push    4
007a53a8   push    $1000
007a53ad   mov     eax, [ebp-$d8]
007a53b3   push    eax
007a53b4   push    0
007a53b6   call    -$392e2f ($41258c)     ; segment%4.public%974 (PCMAV.exe)
007a53b6
007a53bb   mov     [ebp-$b4], eax
007a53c1   cmp     dword ptr [ebp-$b4], 0
007a53c8   jz      loc_7a550d
007a53c8
007a53ce   lea     eax, [ebp-$20]
007a53d1   xor     ecx, ecx
007a53d3   mov     edx, [ebp-$d8]
007a53d9   call    -$39c172 ($40926c)     ; segment%0.public%395 (PCMAV.exe)
007a53d9
007a53de   lea     eax, [ebp-$b0]
007a53e4   push    eax
007a53e5   mov     eax, [ebp-$d8]
007a53eb   push    eax
007a53ec   mov     eax, [ebp-$20]
007a53ef   push    eax
007a53f0   mov     eax, [ebp-$e4]
007a53f6   push    eax
007a53f7   lea     edx, [ebp-$f8]
007a53fd   mov     eax, [ebp-8]
007a5400   mov     ecx, [eax]
007a5402   call    dword ptr [ecx+$88]
007a5402
007a5408   mov     eax, [ebp-$f8]
007a540e   mov     edx, [eax]
007a5410   call    dword ptr [edx+$78]
007a5410
007a5413   push    eax
007a5414   call    -$392f9d ($41247c)     ; segment%4.public%940 (PCMAV.exe)
007a5414
007a5419   test    eax, eax
007a541b   jz      loc_7a54fa
007a541b
007a5421   mov     eax, [ebp-$b0]
007a5427   cmp     eax, [ebp-$d8]
007a542d   jnz     loc_7a54fa
007a542d
007a5433   push    1
007a5435   lea     eax, [ebp-$100]
007a543b   mov     edx, [$900ac8]         ; 'A0CF252481C21173A0CF252481C21173E7C8AA3464283264C1B768EFE95004B6F1069F8D9023FBE8BFE591A6CB762EDD41BC'
007a5441   call    -$39bc1a ($40982c)     ; segment%0.public%421 (PCMAV.exe)
007a5441
007a5446   mov     eax, [ebp-$100]
007a544c   lea     edx, [ebp-$fc]
007a5452   call    -$af0fb ($6f635c)      ; segment%112.public%15854 (PCMAV.exe)
007a5452
007a5457   mov     eax, [ebp-$fc]
007a545d   push    eax
007a545e   lea     eax, [ebp-$104]
007a5464   mov     edx, [ebp-$20]
007a5467   call    -$39bc40 ($40982c)     ; segment%0.public%421 (PCMAV.exe)
007a5467
007a546c   mov     eax, [ebp-$104]
007a5472   xor     ecx, ecx
007a5474   pop     edx
007a5475   call    -$af2ee ($6f618c)      ; segment%112.public%15852 (PCMAV.exe)
007a5475
007a547a   test    eax, eax
007a547c   jz      loc_7a54fa
007a547c
007a547e   cmp     byte ptr [ebp-$95], 0
007a5485   jnz     loc_7a548e
007a5485
007a5487   mov     byte ptr [ebp-$95], 1
007a5485
007a548e loc_7a548e:
007a548e   cmp     byte ptr [ebp-$bd], 0
007a5495   jz      loc_7a54ca
007a5495
007a5497   push    0
007a5499   push    $ffffffff
007a549b   push    $ffffffff
007a549d   push    0
007a549f   movzx   ecx, word ptr [$7a5888]
007a54a6   mov     dl, 2
007a54a8   mov     eax, $7a5898
007a54ad   call    -$25d9da ($547ad8)     ; segment%73.public%7866 (PCMAV.exe)
007a54ad
007a54b2   cmp     eax, 6
007a54b5   jz      loc_7a54c3
007a54b5
007a54b7   mov     byte ptr [ebp-$95], 1
007a54be   jmp     loc_7a5769
007a54be
007a54be ; ---------------------------------------------------------
007a54be
007a54c3 loc_7a54c3:
007a54c3   mov     byte ptr [ebp-$bd], 0
007a54be
007a54ca loc_7a54ca:
007a54ca   mov     eax, [ebp-$10]
007a54cd   mov     edx, [eax]
007a54cf   call    dword ptr [edx+$9c]
007a54cf
007a54d5   test    al, al
007a54d7   jz      loc_7a54e6
007a54d7
007a54d9   xor     edx, edx
007a54db   mov     eax, [ebp-$10]
007a54de   mov     ecx, [eax]
007a54e0   call    dword ptr [ecx+$108]
007a54e0
007a54e6 loc_7a54e6:
007a54e6   mov     eax, [ebp-$90]
007a54ec   cmp     byte ptr [eax], 0
007a54ef   jnz     loc_7a54fa
007a54ef
007a54f1   mov     eax, [ebp-$90]
007a54f7   mov     byte ptr [eax], 1
007a54f1
007a54fa loc_7a54fa:
007a54fa   push    $8000
007a54ff   push    0
007a5501   mov     eax, [ebp-$b4]
007a5507   push    eax
007a5508   call    -$392f79 ($412594)     ; segment%4.public%975 (PCMAV.exe)
007a5508
007a550d loc_7a550d:
007a550d   mov     ebx, [ebp-$e4]
007a5513   add     ebx, [ebp-$d8]
007a550d
007a5519 loc_7a5519:
007a5519   push    $1c
007a551b   lea     eax, [ebp-$e4]
007a5521   push    eax
007a5522   push    ebx
007a5523   lea     edx, [ebp-$108]
007a5529   mov     eax, [ebp-8]
007a552c   mov     ecx, [eax]
007a552e   call    dword ptr [ecx+$88]
007a552e
007a5534   mov     eax, [ebp-$108]
007a553a   mov     edx, [eax]
007a553c   call    dword ptr [edx+$78]
007a553c
007a553f   push    eax
007a5540   call    -$392f89 ($4125bc)     ; segment%4.public%980 (PCMAV.exe)
007a5540
007a5545   test    eax, eax
007a5547   ja      loc_7a5342
007a5547
007a554d loc_7a554d:
007a554d   inc     dword ptr [ebp-$a8]
007a5553   dec     esi
007a5554   jnz     loc_7a52ba
007a5554
007a555a loc_7a555a:
007a555a   cmp     byte ptr [ebp-$95], 0
007a5561   jz      loc_7a5744
007a5561
007a5567   mov     eax, [ebp-$8c]
007a556d   mov     eax, [eax+$c]
007a5570   mov     esi, [eax+$10]
007a5573   dec     esi
007a5574   test    esi, esi
007a5576   jl      loc_7a5744
007a5576
007a557c   inc     esi
007a557d   xor     ebx, ebx
007a557c
007a557f loc_7a557f:
007a557f   lea     ecx, [ebp-$88]
007a5585   mov     eax, [ebp-$8c]
007a558b   mov     eax, [eax+$c]
007a558e   mov     edx, ebx
007a5590   call    -$32cd ($7a22c8)       ; segment%154.public%17640 (PCMAV.exe)
007a5590
007a5595   mov     eax, [ebp-$88]
007a559b   cmp     eax, [ebp-$ac]
007a55a1   jnz     loc_7a573c
007a55a1
007a55a7   mov     dl, 1
007a55a9   mov     eax, [ebp-$80]
007a55ac   call    -$356d35 ($44e87c)     ; segment%26.public%2235 (PCMAV.exe)
007a55ac
007a55b1   test    al, al
007a55b3   jz      loc_7a573c
007a55b3
007a55b9   lea     edx, [ebp-$110]
007a55bf   mov     eax, [ebp-$80]
007a55c2   call    -$3563d3 ($44f1f4)     ; segment%26.public%2257 (PCMAV.exe)
007a55c2
007a55c7   mov     eax, [ebp-$110]
007a55cd   lea     edx, [ebp-$10c]
007a55d3   call    -$3585d0 ($44d008)     ; segment%26.public%2181 (PCMAV.exe)
007a55d3
007a55d8   mov     eax, [ebp-$10c]
007a55de   mov     edx, $7a59bc
007a55e3   call    -$39ba90 ($409b58)     ; segment%0.public%431 (PCMAV.exe)
007a55e3
007a55e8   jnz     loc_7a573c
007a55e8
007a55ee   movzx   ecx, word ptr [ebp-$82]
007a55f5   mov     edx, [ebp-$ac]
007a55fb   mov     eax, [ebp-$8c]
007a5601   call    -$132a ($7a42dc)       ; segment%155.public%17669 (PCMAV.exe)
007a5601
007a5606   test    eax, eax
007a5608   lea     eax, [ebp-$114]
007a560e   mov     edx, [ebp-$80]
007a5611   call    -$39bdb6 ($409860)     ; segment%0.public%423 (PCMAV.exe)
007a5611
007a5616   mov     ecx, [ebp-$114]
007a561c   mov     edx, $1f01ff
007a5621   mov     eax, [ebp-$8c]
007a5627   call    -$14f0 ($7a413c)       ; segment%155.public%17668 (PCMAV.exe)
007a5627
007a562c   test    al, al
007a562e   jnz     loc_7a56a0
007a562e
007a5630   lea     eax, [ebp-$11c]
007a5636   mov     edx, [ebp-$80]
007a5639   call    -$39bdde ($409860)     ; segment%0.public%423 (PCMAV.exe)
007a5639
007a563e   mov     eax, [ebp-$11c]
007a5644   lea     edx, [ebp-$118]
007a564a   call    -$2ed73 ($7768dc)      ; segment%146.public%17313 (PCMAV.exe)
007a564a
007a564f   mov     eax, [ebp-$118]
007a5655   xor     edx, edx
007a5657   mov     ecx, [eax]
007a5659   call    dword ptr [ecx+$a0]
007a5659
007a565f   lea     eax, [ebp-$128]
007a5665   mov     edx, [ebp-$80]
007a5668   call    -$39be0d ($409860)     ; segment%0.public%423 (PCMAV.exe)
007a5668
007a566d   mov     eax, [ebp-$128]
007a5673   lea     edx, [ebp-$124]
007a5679   call    -$2eda2 ($7768dc)      ; segment%146.public%17313 (PCMAV.exe)
007a5679
007a567e   mov     eax, [ebp-$124]
007a5684   lea     edx, [ebp-$120]
007a568a   mov     ecx, [eax]
007a568c   call    dword ptr [ecx+$8c]
007a568c
007a5692   mov     eax, [ebp-$120]
007a5698   mov     edx, [eax]
007a569a   call    dword ptr [edx+$104]
007a569a
007a56a0 loc_7a56a0:
007a56a0   push    0
007a56a2   lea     ecx, [ebp-$1c]
007a56a5   mov     edx, [ebp-$80]
007a56a8   mov     eax, [ebp-$8c]
007a56ae   call    -$c43 ($7a4a70)        ; segment%155.public%17675 (PCMAV.exe)
007a56ae
007a56b3   test    al, al
007a56b5   jz      loc_7a573c
007a56b5
007a56bb   lea     eax, [ebp-$12c]
007a56c1   mov     ecx, [ebp-$80]
007a56c4   mov     edx, $7a59d4
007a56c9   call    -$39bd0e ($4099c0)     ; segment%0.public%428 (PCMAV.exe)
007a56c9
007a56ce   mov     edx, [ebp-$12c]
007a56d4   mov     eax, [ebp-$8c]
007a56da   call    -$187f ($7a3e60)       ; segment%155.public%17664 (PCMAV.exe)
007a56da
007a56df   push    dword ptr [ebp-$1c]
007a56e2   push    $7a5a08
007a56e7   push    dword ptr [ebp-$80]
007a56ea   lea     eax, [ebp-$130]
007a56f0   mov     edx, 3
007a56f5   call    -$39bcb2 ($409a48)     ; segment%0.public%429 (PCMAV.exe)
007a56f5
007a56fa   mov     edx, [ebp-$130]
007a5700   mov     eax, [ebp-$8c]
007a5706   mov     eax, [eax+4]
007a5709   mov     ecx, [eax]
007a570b   call    dword ptr [ecx+$38]
007a570b
007a570e   push    dword ptr [ebp-$1c]
007a5711   push    $7a5a08
007a5716   push    dword ptr [ebp-$80]
007a5719   lea     eax, [ebp-$134]
007a571f   mov     edx, 3
007a5724   call    -$39bce1 ($409a48)     ; segment%0.public%429 (PCMAV.exe)
007a5724
007a5729   mov     edx, [ebp-$134]
007a572f   mov     eax, [ebp-$94]
007a5735   mov     eax, [eax]
007a5737   mov     ecx, [eax]
007a5739   call    dword ptr [ecx+$38]
007a5739
007a573c loc_7a573c:
007a573c   inc     ebx
007a573d   dec     esi
007a573e   jnz     loc_7a557f
007a573e
007a5744 loc_7a5744:
007a5744   inc     dword ptr [ebp-$a4]
007a574a   dec     dword ptr [ebp-$c4]
007a5750   jnz     loc_7a5211
007a5750
007a5756 loc_7a5756:
007a5756   add     dword ptr [ebp-$c8], 4
007a575d   dec     dword ptr [ebp-$a0]
007a5763   jnz     loc_7a51df
007a5763
007a5769 loc_7a5769:
007a5769   xor     eax, eax
007a576b   pop     edx
007a576c   pop     ecx
007a576d   pop     ecx
007a576e   mov     fs:[eax], edx
007a5771   push    $7a586a
007a576e
007a5776 loc_7a5776:
007a5776   lea     eax, [ebp-$134]
007a577c   mov     edx, 3
007a5781   call    -$39d0b2 ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
007a5781
007a5786   lea     eax, [ebp-$128]
007a578c   call    -$39d0d5 ($4086bc)     ; segment%0.public%336 (PCMAV.exe)
007a578c
007a5791   lea     eax, [ebp-$124]
007a5797   call    -$3992d8 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
007a5797
007a579c   lea     eax, [ebp-$120]
007a57a2   call    -$3992e3 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
007a57a2
007a57a7   lea     eax, [ebp-$11c]
007a57ad   call    -$39d0f6 ($4086bc)     ; segment%0.public%336 (PCMAV.exe)
007a57ad
007a57b2   lea     eax, [ebp-$118]
007a57b8   call    -$3992f9 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
007a57b8
007a57bd   lea     eax, [ebp-$114]
007a57c3   call    -$39d10c ($4086bc)     ; segment%0.public%336 (PCMAV.exe)
007a57c3
007a57c8   lea     eax, [ebp-$110]
007a57ce   mov     edx, 2
007a57d3   call    -$39d104 ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
007a57d3
007a57d8   lea     eax, [ebp-$108]
007a57de   call    -$39931f ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
007a57de
007a57e3   lea     eax, [ebp-$104]
007a57e9   mov     edx, 3
007a57ee   call    -$39d11f ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
007a57ee
007a57f3   lea     eax, [ebp-$f8]
007a57f9   call    -$39933a ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
007a57f9
[...]

Cukup sekian laporan bug dari saya, Klo ada lagi nanti saya laporkan. Klo admin/momod kurang jelas silahkan tanya. maaf klo pelaporan bugnya kurang jelas.

Last edited by indraramadhan094 (26-03-2012 20:18:55)

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**Rahman** · 26-03-2012 20:10:04

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

BUG PCMAV Predator Tekhnical Preview, tolong diperbaiki:
saat memulai SCANING MUNCUL pesan Pcmav.exe error

date/time         : 2012-03-26, 21:06:38, 477ms
computer name     : ARAHMAN-PC
user name         : A.RAHMAN <admin>
registered owner  : A.RAHMAN
operating system  : Windows 7 build 7600
system language   : English
system up time    : 48 minutes 40 seconds
program up time   : 44 seconds
processors        : 4x Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
physical memory   : 1205/1783 MB (free/total)
free disk space   : (C:) 37.06 GB
display mode      : 1366x768, 32 bit
process id        : $fa0
allocated memory  : 41.88 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $1dd1a0bb, $1875828b, $1875828b
exception number  : 1
exception class   : EOleException
exception message : The request is not supported.

main thread ($498):
008485e9 +0dd PCMAV.exe    segment%186 public%18577
008ca792 +0b6 PCMAV.exe    segment%261 public%20547
00483521 +12d PCMAV.exe    segment%30  public%3629
005a690a +76e PCMAV.exe    segment%79  public%9859
0048668c +014 PCMAV.exe    segment%30  public%3805
766043f0 +016 USER32.dll               CallWindowProcW
00842a4c +034 PCMAV.exe    segment%174 public%18475
76608e97 +00a USER32.dll               DispatchMessageW
005a7163 +0f3 PCMAV.exe    segment%79  public%9876
005a718e +00a PCMAV.exe    segment%79  public%9877
008da986 +15e PCMAV.exe    segment%265 public%20693
004fd7f3 +06f PCMAV.exe    segment%62  public%6006
00517c2a +01e PCMAV.exe    segment%63  public%6738
005cd828 +068 PCMAV.exe    segment%83  public%10707
00518718 +010 PCMAV.exe    segment%63  public%6770
004fd298 +2d4 PCMAV.exe    segment%62  public%5999
00501be3 +5b3 PCMAV.exe    segment%62  public%6158
005178f4 +06c PCMAV.exe    segment%63  public%6726
004fcebc +024 PCMAV.exe    segment%62  public%5992
00501d33 +023 PCMAV.exe    segment%62  public%6160
005027bf +00b PCMAV.exe    segment%62  public%6168
004fd298 +2d4 PCMAV.exe    segment%62  public%5999
00501be3 +5b3 PCMAV.exe    segment%62  public%6158
00501238 +02c PCMAV.exe    segment%62  public%6153
0048668c +014 PCMAV.exe    segment%30  public%3805
76607690 +044 USER32.dll               SendMessageW
766043f0 +016 USER32.dll               CallWindowProcW
00501ce0 +0d8 PCMAV.exe    segment%62  public%6159
004fdc48 +010 PCMAV.exe    segment%62  public%6023
004fd298 +2d4 PCMAV.exe    segment%62  public%5999
00501be3 +5b3 PCMAV.exe    segment%62  public%6158
005178f4 +06c PCMAV.exe    segment%63  public%6726
00501238 +02c PCMAV.exe    segment%62  public%6153
0048668c +014 PCMAV.exe    segment%30  public%3805
76608e97 +00a USER32.dll               DispatchMessageW
005a7163 +0f3 PCMAV.exe    segment%79  public%9876
005a71a6 +00a PCMAV.exe    segment%79  public%9878
005a74d9 +0c9 PCMAV.exe    segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe    segment%393 public%20885
76bf1192 +010 kernel32.dll             BaseThreadInitThunk

thread $410:
77455e4a +0a ntdll.dll     NtWaitForMultipleObjects
76bf1192 +10 kernel32.dll  BaseThreadInitThunk

thread $ee0:
77455e7a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
76bf1192 +10 kernel32.dll  BaseThreadInitThunk

thread $c54:
77455e4a +0a ntdll.dll                 NtWaitForMultipleObjects
757f686c +00 KERNELBASE.dll            WaitForMultipleObjectsEx
76bef145 +89 kernel32.dll              WaitForMultipleObjectsEx
76bef2bd +13 kernel32.dll              WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe      segment%36 public%4584
004bc40f +37 PCMAV.exe      segment%36 public%4585
76bf1192 +10 kernel32.dll              BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll              CreateThread

thread $b08:
77455e7a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
76bf1192 +10 kernel32.dll  BaseThreadInitThunk

thread $6ec:
77455e7a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
76bf1192 +10 kernel32.dll  BaseThreadInitThunk

thread $884 (TWorkerThread):
77455e6a +0a ntdll.dll                 NtWaitForSingleObject
757f1796 +66 KERNELBASE.dll            WaitForSingleObjectEx
76beeffe +3e kernel32.dll              WaitForSingleObjectEx
76beefad +0d kernel32.dll              WaitForSingleObject
00677a91 +19 PCMAV.exe      segment%98 public%13639
004bc4c3 +2b PCMAV.exe      segment%36 public%4586
00483662 +42 PCMAV.exe      segment%30 public%3630
00408520 +28 PCMAV.exe      segment%0  public%327
004bc3a5 +0d PCMAV.exe      segment%36 public%4584
004bc40f +37 PCMAV.exe      segment%36 public%4585
76bf1192 +10 kernel32.dll              BaseThreadInitThunk
>> created by main thread ($498) at:
0040858a +5a PCMAV.exe      segment%0  public%328

thread $7ac:
77455e6a +0a ntdll.dll                 NtWaitForSingleObject
757f1796 +66 KERNELBASE.dll            WaitForSingleObjectEx
76beeffe +3e kernel32.dll              WaitForSingleObjectEx
76beefad +0d kernel32.dll              WaitForSingleObject
005da78f +2f PCMAV.exe      segment%89 public%10955
005da352 +36 PCMAV.exe      segment%89 public%10934
004bc3a5 +0d PCMAV.exe      segment%36 public%4584
004bc40f +37 PCMAV.exe      segment%36 public%4585
76bf1192 +10 kernel32.dll              BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll              CreateThread

thread $fc8:
77455e6a +0a ntdll.dll                  NtWaitForSingleObject
757f1796 +66 KERNELBASE.dll             WaitForSingleObjectEx
76beeffe +3e kernel32.dll               WaitForSingleObjectEx
76beefad +0d kernel32.dll               WaitForSingleObject
006b2e31 +4d PCMAV.exe      segment%101 public%14689
005da352 +36 PCMAV.exe      segment%89  public%10934
004bc3a5 +0d PCMAV.exe      segment%36  public%4584
004bc40f +37 PCMAV.exe      segment%36  public%4585
76bf1192 +10 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll               CreateThread

thread $eec:
76608fbd +26 USER32.dll               GetMessageW
006b21f7 +bb PCMAV.exe    segment%101 public%14679
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
76bf1192 +10 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll             CreateThread

thread $d64:
77455e7a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
76bf1192 +10 kernel32.dll  BaseThreadInitThunk

thread $724:
77454c1a +0a ntdll.dll                 NtDelayExecution
757f1870 +4f KERNELBASE.dll            SleepEx
757f1813 +0a KERNELBASE.dll            Sleep
004bc3a5 +0d PCMAV.exe      segment%36 public%4584
004bc40f +37 PCMAV.exe      segment%36 public%4585
76bf1192 +10 kernel32.dll              BaseThreadInitThunk
>> created by thread $b08 at:
76bf2838 +1b kernel32.dll              CreateThread

thread $248:
7745586a +0a ntdll.dll                NtReplyWaitReceivePort
00793e30 +30 PCMAV.exe    segment%150 public%17579
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
76bf1192 +10 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll             CreateThread

thread $958: <priority:1>
77455e6a +0a ntdll.dll                  NtWaitForSingleObject
757f1796 +66 KERNELBASE.dll             WaitForSingleObjectEx
76beeffe +3e kernel32.dll               WaitForSingleObjectEx
76beefad +0d kernel32.dll               WaitForSingleObject
00793ab6 +12 PCMAV.exe      segment%150 public%17578
004bc3a5 +0d PCMAV.exe      segment%36  public%4584
004bc40f +37 PCMAV.exe      segment%36  public%4585
76bf1192 +10 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll               CreateThread

thread $51c:
7745586a +0a ntdll.dll                NtReplyWaitReceivePort
00793e30 +30 PCMAV.exe    segment%150 public%17579
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
76bf1192 +10 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll             CreateThread

thread $bdc: <priority:1>
77455e6a +0a ntdll.dll                  NtWaitForSingleObject
757f1796 +66 KERNELBASE.dll             WaitForSingleObjectEx
76beeffe +3e kernel32.dll               WaitForSingleObjectEx
76beefad +0d kernel32.dll               WaitForSingleObject
00793ab6 +12 PCMAV.exe      segment%150 public%17578
004bc3a5 +0d PCMAV.exe      segment%36  public%4584
004bc40f +37 PCMAV.exe      segment%36  public%4585
76bf1192 +10 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($498) at:
76bf2838 +1b kernel32.dll               CreateThread

thread $798 (TRunningItemThread):
77455e4a +0a ntdll.dll                  NtWaitForMultipleObjects
757f686c +00 KERNELBASE.dll             WaitForMultipleObjectsEx
76bef145 +89 kernel32.dll               WaitForMultipleObjectsEx
76bef2bd +13 kernel32.dll               WaitForMultipleObjects
007ac20b +2b PCMAV.exe      segment%157 public%17725
007ac48d +39 PCMAV.exe      segment%157 public%17737
004bc4c3 +2b PCMAV.exe      segment%36  public%4586
00483662 +42 PCMAV.exe      segment%30  public%3630
00408520 +28 PCMAV.exe      segment%0   public%327
004bc3a5 +0d PCMAV.exe      segment%36  public%4584
004bc40f +37 PCMAV.exe      segment%36  public%4585
76bf1192 +10 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($498) at:
0040858a +5a PCMAV.exe      segment%0   public%328

thread $b84 (TMyThreadedScanMem):
77455e6a +00a ntdll.dll                  NtWaitForSingleObject
757f1796 +066 KERNELBASE.dll             WaitForSingleObjectEx
76beeffe +03e kernel32.dll               WaitForSingleObjectEx
76beefad +00d kernel32.dll               WaitForSingleObject
00455626 +002 PCMAV.exe      segment%26  public%2436
004557d3 +01f PCMAV.exe      segment%26  public%2443
00407779 +065 PCMAV.exe      segment%0   public%286
004077e8 +020 PCMAV.exe      segment%0   public%287
00483fab +13b PCMAV.exe      segment%30  public%3653
00484041 +029 PCMAV.exe      segment%30  public%3654
008ca843 +00b PCMAV.exe      segment%261 public%20548
004bc4c3 +02b PCMAV.exe      segment%36  public%4586
00483662 +042 PCMAV.exe      segment%30  public%3630
00408520 +028 PCMAV.exe      segment%0   public%327
004bc3a5 +00d PCMAV.exe      segment%36  public%4584
004bc40f +037 PCMAV.exe      segment%36  public%4585
76bf1192 +010 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($498) at:
0040858a +05a PCMAV.exe      segment%0   public%328

processes:
000 Idle                      0 0   0
004 System                    0 0   0
0f4 smss.exe                  0 0   0   normal C:\Windows\system32
154 csrss.exe                 0 0   0   normal C:\Windows\system32
18c wininit.exe               0 0   0   high   C:\Windows\system32
194 csrss.exe                 1 174 78  normal C:\Windows\system32
1c0 services.exe              0 0   0   normal C:\Windows\system32
1d4 lsass.exe                 0 0   0   normal C:\Windows\system32
1dc lsm.exe                   0 0   0   normal C:\Windows\system32
240 svchost.exe               0 0   0   normal C:\Windows\system32
290 svchost.exe               0 0   0   normal C:\Windows\system32
2cc svchost.exe               0 0   0   normal C:\Windows\System32
2ec svchost.exe               0 0   0   normal C:\Windows\System32
314 svchost.exe               0 0   0   normal C:\Windows\system32
34c winlogon.exe              1 6   0   high   C:\Windows\system32
3d8 svchost.exe               0 0   0   normal C:\Windows\system32
42c svchost.exe               0 0   0   normal C:\Windows\system32
490 spoolsv.exe               0 0   0   normal C:\Windows\System32
4b8 svchost.exe               0 0   0   normal C:\Windows\system32
540 svchost.exe               0 0   0   normal C:\Windows\system32
56c NitroPDFDriverService.exe 0 0   0   normal C:\Program Files\Nitro PDF\Professional
584 NLSSRV32.EXE              0 0   0   normal C:\Windows\system32
5a0 RTPSvc.exe                0 0   0   normal C:\Windows\system32
5dc svchost.exe               0 0   0   normal C:\Windows\system32
7b4 Dwm.exe                   1 17  2   high   C:\Windows\system32
7cc Explorer.EXE              1 440 272 normal C:\Windows
404 igfxsrvc.exe              1 9   2   normal C:\Windows\system32
da0 firefox.exe               1 389 53  normal C:\Program Files\Mozilla Firefox
978 IDMan.exe                 1 109 70  normal C:\Program Files\Internet Download Manager
8a0 IEMonitor.exe             1 18  12  normal C:\Program Files\Internet Download Manager
3a0 svchost.exe               0 0   0   normal C:\Windows\System32
fa0 PCMAV.exe                 1 209 101 normal C:\Users\A.RAHMAN\Downloads\Compressed
e8c RTPshell.exe              1 32  28  normal c:\users\a.rahman\downloads\compressed

disassembling:
0084850c public segment%186.public%18577 (PCMAV.exe):  ; function entry point
0084850c   push    ebp
0084850d   mov     ebp, esp
0084850f   mov     ecx, $11
0084850d
00848514 loc_848514:
00848514   push    0
00848516   push    0
00848518   dec     ecx
00848519   jnz     loc_848514
00848519
0084851b   push    ebx
0084851c   push    esi
0084851d   xor     eax, eax
0084851f   push    ebp
00848520   push    $84883b                ; segment%0.public%300 (PCMAV.exe)
00848525   push    dword ptr fs:[eax]
00848528   mov     fs:[eax], esp
0084852b   mov     dl, 1
0084852d   mov     eax, [$46cc78]
00848532   call    -$3ccdb3 ($47b784)     ; segment%30.public%3376 (PCMAV.exe)
00848532
00848537   mov     [$95cb88], eax
0084853c   mov     dl, 1
0084853e   mov     eax, [$95cb88]
00848543   call    -$3cce88 ($47b6c0)     ; segment%30.public%3370 (PCMAV.exe)
00848543
00848548   mov     eax, [$95cb88]
0084854d   mov     byte ptr [eax+$39], 0
00848551   mov     dl, 1
00848553   mov     eax, [$8476c4]
00848558   call    +$119b ($8496f8)       ; segment%186.public%18597 (PCMAV.exe)
00848558
0084855d   mov     [$95cb84], eax
00848562   lea     ecx, [ebp-8]
00848565   xor     edx, edx
00848567   mov     eax, [$846ebc]
0084856c   call    -$15c5 ($846fac)       ; segment%185.public%18566 (PCMAV.exe)
0084856c
00848571   xor     eax, eax
00848573   push    ebp
00848574   push    $8487a2                ; segment%0.public%300 (PCMAV.exe)
00848579   push    dword ptr fs:[eax]
0084857c   mov     fs:[eax], esp
0084857f   lea     eax, [ebp-$30]
00848582   push    eax
00848583   lea     eax, [ebp-$40]
00848586   xor     edx, edx
00848588   call    -$3e58d1 ($462cbc)     ; segment%28.public%2855 (PCMAV.exe)
00848588
0084858d   push    dword ptr [ebp-$34]
00848590   push    dword ptr [ebp-$38]
00848593   push    dword ptr [ebp-$3c]
00848596   push    dword ptr [ebp-$40]
00848599   lea     eax, [ebp-$50]
0084859c   xor     edx, edx
0084859e   call    -$3e58e7 ($462cbc)     ; segment%28.public%2855 (PCMAV.exe)
0084859e
008485a3   push    dword ptr [ebp-$44]
008485a6   push    dword ptr [ebp-$48]
008485a9   push    dword ptr [ebp-$4c]
008485ac   push    dword ptr [ebp-$50]
008485af   lea     eax, [ebp-$60]
008485b2   xor     edx, edx
008485b4   call    -$3e58fd ($462cbc)     ; segment%28.public%2855 (PCMAV.exe)
008485b4
008485b9   push    dword ptr [ebp-$54]
008485bc   push    dword ptr [ebp-$58]
008485bf   push    dword ptr [ebp-$5c]
008485c2   push    dword ptr [ebp-$60]
008485c5   lea     eax, [ebp-$70]
008485c8   xor     edx, edx
008485ca   call    -$3e5913 ($462cbc)     ; segment%28.public%2855 (PCMAV.exe)
008485ca
008485cf   push    dword ptr [ebp-$64]
008485d2   push    dword ptr [ebp-$68]
008485d5   push    dword ptr [ebp-$6c]
008485d8   push    dword ptr [ebp-$70]
008485db   mov     eax, [ebp-8]
008485de   push    eax
008485df   mov     eax, [eax]
008485e1   call    dword ptr [eax+$28]
008485e1
008485e4   call    -$43c015 ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
008485e4
008485e9 > lea     eax, [ebp-$c]
008485ec   call    -$43c12d ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
008485ec
008485f1   push    eax
008485f2   push    $848854
008485f7   mov     eax, [ebp-8]
008485fa   push    eax
008485fb   mov     eax, [eax]
008485fd   call    dword ptr [eax+$1c]
008485fd
00848600   call    -$43c031 ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
00848600
00848605   push    ebp
00848606   mov     eax, [ebp-$c]
00848609   call    -$27e ($848390)        ; segment%186.public%18576 (PCMAV.exe)
00848609
0084860e   pop     ecx
0084860f   xor     eax, eax
00848611   mov     [ebp-$28], eax
00848614   mov     eax, [$95cb84]
00848619   call    +$1b2e ($84a14c)       ; segment%186.public%18628 (PCMAV.exe)
00848619
0084861e   mov     [ebp-$2c], eax
00848621   xor     eax, eax
00848623   push    ebp
00848624   push    $848776                ; segment%0.public%300 (PCMAV.exe)
00848629   push    dword ptr fs:[eax]
0084862c   mov     fs:[eax], esp
0084862f   jmp     loc_848748
0084862f
0084862f ; ---------------------------------------------------------
0084862f
00848634 loc_848634:
00848634   lea     edx, [ebp-$10]
00848637   mov     eax, [ebp-$2c]
0084863a   call    +$1b1d ($84a15c)       ; segment%186.public%18629 (PCMAV.exe)
0084863a
0084863f   lea     eax, [ebp-$14]
00848642   call    -$43c183 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
00848642
00848647   push    eax
00848648   lea     ecx, [ebp-$74]
0084864b   mov     edx, [ebp-$28]
0084864e   mov     eax, [$95cb84]
00848653   call    +$e7c ($8494d4)        ; segment%186.public%18590 (PCMAV.exe)
00848653
00848658   mov     eax, [ebp-$74]
0084865b   push    eax
0084865c   mov     eax, [eax]
0084865e   call    dword ptr [eax+$4c]
0084865e
00848661   call    -$43c092 ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
00848661
00848666   inc     dword ptr [ebp-$28]
00848669   lea     eax, [ebp-$18]
0084866c   call    -$43c1ad ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
0084866c
00848671   push    eax
00848672   mov     eax, [ebp-$14]
00848675   push    eax
00848676   mov     eax, [eax]
00848678   call    dword ptr [eax+$44]
00848678
0084867b   call    -$43c0ac ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
0084867b
00848680   lea     eax, [ebp-$30]
00848683   push    eax
00848684   mov     eax, [ebp-$18]
00848687   push    eax
00848688   mov     eax, [eax]
0084868a   call    dword ptr [eax+$1c]
0084868a
0084868d   call    -$43c0be ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
0084868d
00848692   mov     esi, [ebp-$30]
00848695   test    esi, esi
00848697   jbe     loc_848748
00848697
0084869d   mov     ebx, 1
00848697
008486a2 loc_8486a2:
008486a2   lea     eax, [ebp-$78]
008486a5   push    eax
008486a6   lea     eax, [ebp-$7c]
008486a9   call    -$43c1ea ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
008486a9
008486ae   push    eax
008486af   push    ebx
008486b0   mov     eax, [ebp-$18]
008486b3   push    eax
008486b4   mov     eax, [eax]
008486b6   call    dword ptr [eax+$20]
008486b6
008486b9   call    -$43c0ea ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
008486b9
008486be   mov     eax, [ebp-$7c]
008486c1   push    eax
008486c2   mov     eax, [eax]
008486c4   call    dword ptr [eax+$24]
008486c4
008486c7   call    -$43c0f8 ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
008486c7
008486cc   cmp     byte ptr [ebp-$78], 0
008486d0   jnz     loc_848740
008486d0
008486d2   lea     eax, [ebp-$80]
008486d5   call    -$43c216 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
008486d5
008486da   push    eax
008486db   push    ebx
008486dc   mov     eax, [ebp-$18]
008486df   push    eax
008486e0   mov     eax, [eax]
008486e2   call    dword ptr [eax+$20]
008486e2
008486e5   call    -$43c116 ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
008486e5
008486ea   mov     edx, [ebp-$80]
008486ed   lea     eax, [ebp-$1c]
008486f0   mov     ecx, $848858
008486f5   call    -$43c1f2 ($40c508)     ; segment%0.public%518 (PCMAV.exe)
008486f5
008486fa   lea     eax, [ebp-$84]
00848700   call    -$440049 ($4086bc)     ; segment%0.public%336 (PCMAV.exe)
00848700
00848705   push    eax
00848706   mov     eax, [ebp-$1c]
00848709   push    eax
0084870a   mov     eax, [eax]
0084870c   call    dword ptr [eax+$28]
0084870c
0084870f   call    -$43c140 ($40c5d4)     ; segment%0.public%526 (PCMAV.exe)
0084870f
00848714   mov     edx, [ebp-$84]
0084871a   lea     eax, [ebp-$20]
0084871d   call    -$43eed6 ($40984c)     ; segment%0.public%422 (PCMAV.exe)
0084871d
00848722   lea     edx, [ebp-$88]
00848728   lea     eax, [ebp-$20]
0084872b   call    -$152284 ($6f64ac)     ; segment%112.public%15855 (PCMAV.exe)
0084872b
00848730   mov     edx, [ebp-$88]
00848736   mov     eax, [$95cb88]
0084873b   mov     ecx, [eax]
0084873d   call    dword ptr [ecx+$38]
0084873d
00848740 loc_848740:
00848740   inc     ebx
00848741   dec     esi
00848742   jnz     loc_8486a2
00848742
00848748 loc_848748:
00848748   mov     eax, [ebp-$2c]
0084874b   call    +$1a84 ($84a1d4)       ; segment%186.public%18633 (PCMAV.exe)
0084874b
00848750   test    al, al
00848752   jnz     loc_848634
00848752
00848758   xor     eax, eax
0084875a   pop     edx
0084875b   pop     ecx
0084875c   pop     ecx
0084875d   mov     fs:[eax], edx
00848760   push    $84877d
0084875d
00848765 loc_848765:
00848765   cmp     dword ptr [ebp-$2c], 0
00848769   jz      loc_848775
00848769
0084876b   mov     dl, 1
0084876d   mov     eax, [ebp-$2c]
00848770   mov     ecx, [eax]
00848772   call    dword ptr [ecx-4]
00848772
00848775 loc_848775:
00848775   ret
00848775
00848775 ; ---------------------------------------------------------
00848775
00848776   jmp     -$440bcb ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
00848776
0084877b   jmp     loc_848765
0084877b
0084877b ; ---------------------------------------------------------
0084877b
0084877d   mov     eax, [$95cb88]
00848782   mov     edx, [eax]
00848784   call    dword ptr [edx+$14]
00848784
00848787   mov     [ebp-$24], eax
0084878a   xor     eax, eax
0084878c   pop     edx
0084878d   pop     ecx
0084878e   pop     ecx
0084878f   mov     fs:[eax], edx
00848792   push    $8487a9
0084878f
00848797 loc_848797:
00848797   mov     eax, [$95cb84]
0084879c   call    -$441e85 ($40691c)     ; segment%0.public%227 (PCMAV.exe)
0084879c
008487a1   ret
008487a1
008487a1 ; ---------------------------------------------------------
008487a1
008487a2   jmp     -$440bf7 ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
008487a2
008487a7   jmp     loc_848797
008487a7
008487a7 ; ---------------------------------------------------------
008487a7
008487a9   xor     eax, eax
008487ab   pop     edx
008487ac   pop     ecx
008487ad   pop     ecx
008487ae   mov     fs:[eax], edx
008487b1   push    $848845
008487ae
008487b6 loc_8487b6:
008487b6   lea     eax, [ebp-$88]
008487bc   call    -$44014d ($408674)     ; segment%0.public%334 (PCMAV.exe)
008487bc
008487c1   lea     eax, [ebp-$84]
008487c7   call    -$440110 ($4086bc)     ; segment%0.public%336 (PCMAV.exe)
008487c7
008487cc   lea     eax, [ebp-$80]
008487cf   mov     edx, [$846e50]
008487d5   mov     ecx, 2
008487da   call    -$43e5ff ($40a1e0)     ; segment%0.public%446 (PCMAV.exe)
008487da
008487df   lea     eax, [ebp-$74]
008487e2   call    -$43c323 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
008487e2
008487e7   lea     eax, [ebp-$70]
008487ea   mov     edx, [$4012d0]
008487f0   mov     ecx, 4
008487f5   call    -$43e61a ($40a1e0)     ; segment%0.public%446 (PCMAV.exe)
008487f5
008487fa   lea     eax, [ebp-$20]
008487fd   call    -$44018e ($408674)     ; segment%0.public%334 (PCMAV.exe)
008487fd
00848802   lea     eax, [ebp-$1c]
00848805   call    -$43c346 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
00848805
0084880a   lea     eax, [ebp-$18]
0084880d   call    -$43c34e ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
0084880d
00848812   lea     eax, [ebp-$14]
00848815   call    -$43c356 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
00848815
0084881a   lea     eax, [ebp-$10]
0084881d   call    -$43c35e ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
0084881d
00848822   lea     eax, [ebp-$c]
00848825   call    -$43c366 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
00848825
0084882a   lea     eax, [ebp-8]
0084882d   call    -$43c36e ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
0084882d
00848832   lea     eax, [ebp-4]
00848835   call    -$43c376 ($40c4c4)     ; segment%0.public%516 (PCMAV.exe)
00848835
0084883a   ret
0084883a
0084883a ; ---------------------------------------------------------
0084883a
0084883b   jmp     -$440c90 ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
0084883b
00848840   jmp     loc_8487b6
00848840
00848840 ; ---------------------------------------------------------
00848840
00848845   mov     eax, [ebp-$24]
00848848   pop     esi
00848849   pop     ebx
0084884a   mov     esp, ebp
0084884c   pop     ebp
0084884d   ret

Last edited by Rahman (26-03-2012 21:49:58)

**wizardft** · 26-03-2012 20:15:36

wizardft
VIP
Offline

Registered: 04-04-2010
Posts: 810
User Karma: 9

Re: PC Media Predator Technical Preview

UI nya mantepan yang lama.

Scan downloads, trus di stop. tetapi ketika sudah di semua berhenti tab nya tidak mau merespon jika di klik

[update] 8.17 PM

PCMAV tidak bisa exit dari tray, melalui klik kanan. alhasil end process dilakukan di task manager dan berhasil.

[update] 8.50 PM "It's about performance"

===========================
PC Media Antivirus Log File
www.virusindonesia.com
===========================

Scan Summary (26-3-12 - 20-39-48):
-------------
PCMAV Version         : 6.9
Engine Version        : 6.9
Virus Signature       : 6285
OS                    : Windows 7
Scan Duration         : 00:01:53:553
Items detected        : 0

Lelet om

My spec : Windows 7 Home Premium 64bit, core i3-330 2.1GHz, 4 GB of RAM.

Last edited by wizardft (26-03-2012 20:56:17)

~Caffeine for live~

**Rahman** · 26-03-2012 20:17:27

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

- PCMAV Predator, hang sewaktu memulai proses Scan. oh ya automatic scannya kerja seperti apa di Predator ini?? koq nggk ada laporannya atau tampilannya gitu?
- kita tidak bisa mencoba kestabilan kecepatan engine Scan PCMAV predator ini, memulai Proses Scan saja sudah error nih Tim PCMAV.
- Attribut Fixernya kok nda ada Tim PCMAV, soalnya fitur ini sangat diperlukan untuk memunculkan file yang di hidden malware, mohon jadi pertimbangannya. jadi saya hanya bisa lihat fitur2nya saja tanpa bisa mengetesnya krna error.
- Optimasi Memory koq ada perbedaan antara XP dan 7??
- Self Defense PCMAV Predator di buat lebih kompleks dong biar nggk KO ma malware lagi contohnya saja malware Virut yg mengakibatkan PCMAV Asgard exit sendiri kemudian terinfeksi.

-banyak aplikasi yg tidak bisa di jalankan saat PCMAV predator aktif, kecuali PCMAV di exit terlebih dahulu baru aplikasi dan system kembali normal,
- saat PCMAV aktif tidak bisa melakukan restart PC,,,, saya tidak tahu mau coba bagian mana krna PC tiba2 hang.
- tampilan PCMAV predator Alpha yg ditayangkan waktu mas Anton Pardede, ngkk error saat scan koq saat tahap Tekhnical Preview parah seperti ini???
- saat PCMAV predator di integrasikan dengan CLAMAV sangat memakan banyk penggunaan memory yg membuat Lalod PC, kecuali pakai Engine PCMAV sendiri. tolong di tekan lagi penggunaan memorynya biar makin enteng.

"Sekdar saran kan sekrng tidak bisa mencoba Scan Engine krna error, tolong setelah ada perbaikan bug itu, PCMAV yg di ujicoba skrng di ganti dengan yg telah mendapat perbaikan, supya di kethui bagaimana kestabilan scan enginenya.

Last edited by Rahman (26-03-2012 21:16:06)

**indraramadhan094** · 26-03-2012 20:21:06

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

Karena Karakter udah gak muat, Maka akan saya lanjutkan.

Ketika Loading Definition database, saya Pilih About di Tray.

date/time         : 2012-03-26, 20:13:52, 843ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 30 minutes 21 seconds
program up time   : 42 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 315/958 MB (free/total)
free disk space   : (C:) 8.94 GB
display mode      : 1024x768, 32 bit
process id        : $ad0
allocated memory  : 20.38 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $366fc4f9, $7a3da3ee, $7a3da3ee
exception number  : 1
exception class   : EInvalidOperation
exception message : Cannot make a visible window modal.

main thread ($a6c):
005a28fc +070 PCMAV.exe  segment%79  public%9710
008d9fd6 +02a PCMAV.exe  segment%265 public%20675
0058ecaf +0a7 PCMAV.exe  segment%77  public%9314
005902b3 +013 PCMAV.exe  segment%77  public%9377
00591546 +082 PCMAV.exe  segment%77  public%9426
00591495 +01d PCMAV.exe  segment%77  public%9425
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008d5ac0 +5d0 PCMAV.exe  segment%265 public%20629
00406f7a +002 PCMAV.exe  segment%0   public%260
004dacd6 +05a PCMAV.exe  segment%52  public%5330
00406924 +008 PCMAV.exe  segment%0   public%227
004dac74 +018 PCMAV.exe  segment%52  public%5329
004dcc41 +0bd PCMAV.exe  segment%52  public%5375
004dbcd2 +06e PCMAV.exe  segment%52  public%5344
005cbc13 +5c3 PCMAV.exe  segment%83  public%10648
004fcebc +024 PCMAV.exe  segment%62  public%5992
00500fe1 +10d PCMAV.exe  segment%62  public%6149
005010f0 +0bc PCMAV.exe  segment%62  public%6150
00503cae +026 PCMAV.exe  segment%62  public%6249
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
0059e072 +5f2 PCMAV.exe  segment%79  public%9586
004fcebc +024 PCMAV.exe  segment%62  public%5992
004fb89a +026 PCMAV.exe  segment%62  public%5908
0059d90a +03a PCMAV.exe  segment%79  public%9581
005a74c3 +0b3 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $3c4:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $c30:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($a6c) at:
02d116e9 +00 IDMShellExt.dll

thread $e24 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($a6c) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $f74:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($a6c) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $ec8:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($a6c) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $c88:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($a6c) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

processes:
000 Idle                         0   0
004 System                       0   0   normal
1b0 smss.exe                     0   0   normal       C:\WINDOWS\system32
2b4 csrss.exe                    0   0
2d0 winlogon.exe                 51  14  high         C:\WINDOWS\system32
2fc services.exe                 4   2   normal       C:\WINDOWS\system32
308 lsass.exe                    4   3   normal       C:\WINDOWS\system32
3d8 svchost.exe                  4   1   normal       C:\WINDOWS\system32
6c4 svchost.exe                  0   0
6ec MsMpEng.exe                  4   2   normal       C:\Program Files\Microsoft Security Client\Antimalware
710 svchost.exe                  11  28  normal       C:\WINDOWS\System32
104 svchost.exe                  0   0
224 svchost.exe                  0   0
408 spoolsv.exe                  4   4   normal       C:\WINDOWS\system32
56c alg.exe                      0   0
5a8 Explorer.EXE                 349 238 normal       C:\WINDOWS
5bc ekrn.exe                     11  13  normal       C:\Program Files\ESET\ESET Smart Security
628 svchost.exe                  4   1   normal       C:\WINDOWS\System32
7f0 TuneUpUtilitiesService32.exe 4   5   normal       C:\Program Files\TuneUp Utilities 2012
24c wscntfy.exe                  35  11  normal       C:\WINDOWS\system32
484 TuneUpUtilitiesApp32.exe     220 99  normal       C:\Program Files\TuneUp Utilities 2012
808 egui.exe                     188 59  normal       C:\Program Files\ESET\ESET Smart Security
81c VTTimer.exe                  15  5   normal       C:\WINDOWS\system32
82c VTtrayp.exe                  22  5   normal       C:\WINDOWS\system32
840 SOUNDMAN.EXE                 21  8   normal       C:\WINDOWS
848 IDMan.exe                    147 109 below normal C:\Program Files\Internet Download Manager
850 xwidget.exe                  97  96  normal       C:\Program Files\XWidget
860 ctfmon.exe                   155 75  normal       C:\WINDOWS\system32
86c WinSnap.exe                  58  73  normal       C:\Program Files\WinSnap
948 ping.exe                     4   1   normal       C:\WINDOWS\system32
490 mspaint.exe                  96  65  normal       C:\WINDOWS\system32
668 svchost.exe                  4   3   normal       C:\WINDOWS\system32
9fc taskmgr.exe                  108 122 normal       C:\WINDOWS\system32
c1c notepad.exe                  31  21  normal       C:\WINDOWS\system32
f48 firefox.exe                  248 49  normal       C:\Program Files\Mozilla Firefox
8d4 chrome.exe                   97  71  normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
568 chrome.exe                   15  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
b34 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
ca4 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
978 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
4b0 chrome.exe                   45  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
c80 chrome.exe                   25  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
ad0 PCMAV.exe                    214 90  normal       C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview

disassembling:
005a288c public segment%79.public%9710 (PCMAV.exe):  ; function entry point
005a288c   push    ebp
005a288d   mov     ebp, esp
005a288f   add     esp, -$20
005a2892   push    ebx
005a2893   xor     edx, edx
005a2895   mov     [ebp-$20], edx
005a2898   mov     [ebp-4], eax
005a289b   xor     eax, eax
005a289d   push    ebp
005a289e   push    $5a2bb6                ; segment%0.public%300 (PCMAV.exe)
005a28a3   push    dword ptr fs:[eax]
005a28a6   mov     fs:[eax], esp
005a28a9   call    -$a8c76 ($4f9c38)      ; segment%62.public%5815 (PCMAV.exe)
005a28a9
005a28ae   mov     eax, [ebp-4]
005a28b1   cmp     byte ptr [eax+$61], 0
005a28b5   jnz     loc_5a28db
005a28b5
005a28b7   mov     eax, [ebp-4]
005a28ba   mov     edx, [eax]
005a28bc   call    dword ptr [edx+$68]
005a28bc
005a28bf   test    al, al
005a28c1   jz      loc_5a28db
005a28c1
005a28c3   mov     eax, [ebp-4]
005a28c6   test    byte ptr [eax+$38c], 8
005a28cd   jnz     loc_5a28db
005a28cd
005a28cf   mov     eax, [ebp-4]
005a28d2   cmp     byte ptr [eax+$2a6], 1
005a28d9   jnz     loc_5a28fc
005a28d9
005a28db loc_5a28db:
005a28db   lea     edx, [ebp-$20]
005a28de   mov     eax, [$90446c]
005a28e3   call    -$195cf0 ($40cbf8)     ; segment%0.public%539 (PCMAV.exe)
005a28e3
005a28e8   mov     ecx, [ebp-$20]
005a28eb   mov     dl, 1
005a28ed   mov     eax, [$469104]
005a28f2   call    -$14e00f ($4548e8)     ; segment%26.public%2400 (PCMAV.exe)
005a28f2
005a28f7   call    -$19aba8 ($407d54)     ; segment%0.public%303 (PCMAV.exe)
005a28f7
005a28fc loc_5a28fc:
005a28fc > call    -$18fc1d ($412ce4)     ; segment%4.public%1208 (PCMAV.exe)
005a28fc
005a2901   test    eax, eax
005a2903   jz      loc_5a2916
005a2903
005a2905   push    0
005a2907   push    0
005a2909   push    $1f
005a290b   call    -$18fc2c ($412ce4)     ; segment%4.public%1208 (PCMAV.exe)
005a290b
005a2910   push    eax
005a2911   call    -$18f7c2 ($413154)     ; segment%4.public%1349 (PCMAV.exe)
005a2911
005a2916 loc_5a2916:
005a2916   call    -$18f827 ($4130f4)     ; segment%4.public%1338 (PCMAV.exe)
005a2916
005a291b   mov     eax, [$90b560]
005a2920   call    +$3303 ($5a5c28)       ; segment%79.public%9843 (PCMAV.exe)
005a2920
005a2925   xor     ecx, ecx
005a2927   push    ebp
005a2928   push    $5a2b99                ; segment%0.public%300 (PCMAV.exe)
005a292d   push    dword ptr fs:[ecx]
005a2930   mov     fs:[ecx], esp
005a2933   call    -$18fc64 ($412cd4)     ; segment%4.public%1206 (PCMAV.exe)
005a2933
005a2938   mov     [ebp-$1c], eax
005a293b   mov     eax, [ebp-4]
005a293e   or      byte ptr [eax+$38c], 8
005a2945   mov     eax, [ebp-4]
005a2948   cmp     byte ptr [eax+$350], 0
005a294f   jnz     loc_5a298a
005a294f
005a2951   mov     eax, [$90b560]
005a2956   cmp     byte ptr [eax+$d4], 0
005a295d   jz      loc_5a298a
005a295d
005a295f   mov     eax, [ebp-4]
005a2962   call    -$a1b37 ($500e30)      ; segment%62.public%6147 (PCMAV.exe)
005a2962
005a2967   mov     eax, [ebp-4]
005a296a   call    -$9df87 ($5049e8)      ; segment%62.public%6293 (PCMAV.exe)
005a296a
005a296f   cmp     dword ptr [ebp-$1c], 0
005a2973   jz      loc_5a2982
005a2973
005a2975   mov     eax, [ebp-$1c]
005a2978   push    eax
005a2979   call    -$18f9ea ($412f94)     ; segment%4.public%1294 (PCMAV.exe)
005a2979
005a297e   test    eax, eax
005a2980   jnz     loc_5a298a
005a2980
005a2982 loc_5a2982:
005a2982   call    -$18fcb3 ($412cd4)     ; segment%4.public%1206 (PCMAV.exe)
005a2982
005a2987   mov     [ebp-$1c], eax
005a2982
005a298a loc_5a298a:
005a298a   call    -$7d6f ($59ac20)       ; segment%79.public%9464 (PCMAV.exe)
005a298a
005a298f   mov     [ebp-$10], eax
005a2992   mov     eax, [$90b564]
005a2997   mov     ecx, [eax+$78]
005a299a   mov     eax, [$90b564]
005a299f   mov     eax, [eax+$7c]
005a29a2   xor     edx, edx
005a29a4   call    -$12b78d ($47721c)     ; segment%30.public%3158 (PCMAV.exe)
005a29a4
005a29a9   mov     eax, [$90b564]
005a29ae   mov     edx, [ebp-4]
005a29b1   mov     [eax+$78], edx
005a29b4   mov     eax, [$90b564]
005a29b9   movzx   eax, word ptr [eax+$4c]
005a29bd   mov     [ebp-$12], ax
005a29c1   xor     edx, edx
005a29c3   mov     eax, [$90b564]
005a29c8   call    +$1c7f ($5a464c)       ; segment%79.public%9795 (PCMAV.exe)
005a29c8
005a29cd   mov     eax, [$90b564]
005a29d2   mov     eax, [eax+$50]
005a29d5   mov     [ebp-$18], eax
005a29d8   xor     eax, eax
005a29da   call    -$7c0f ($59add0)       ; segment%79.public%9470 (PCMAV.exe)
005a29da
005a29df   mov     [ebp-$c], eax
005a29e2   xor     ecx, ecx
005a29e4   push    ebp
005a29e5   push    $5a2b77                ; segment%0.public%300 (PCMAV.exe)
005a29ea   push    dword ptr fs:[ecx]
005a29ed   mov     fs:[ecx], esp
005a29f0   mov     eax, [ebp-4]
005a29f3   call    -$25c ($5a279c)        ; segment%79.public%9706 (PCMAV.exe)
005a29f3
005a29f8   xor     edx, edx
005a29fa   push    ebp
005a29fb   push    $5a2ab8                ; segment%0.public%300 (PCMAV.exe)
005a2a00   push    dword ptr fs:[edx]
005a2a03   mov     fs:[edx], esp
005a2a06   push    0
005a2a08   push    0
005a2a0a   push    $b000
005a2a0f   mov     eax, [ebp-4]
005a2a12   call    -$9e00b ($504a0c)      ; segment%62.public%6294 (PCMAV.exe)
005a2a12
005a2a17   push    eax
005a2a18   call    -$18f8c9 ($413154)     ; segment%4.public%1349 (PCMAV.exe)
005a2a18
005a2a1d   mov     eax, [ebp-4]
005a2a20   xor     edx, edx
005a2a22   mov     [eax+$2c0], edx
005a2a20
005a2a28 loc_5a2a28:
005a2a28   mov     eax, [$90b560]
005a2a2d   call    +$476a ($5a719c)       ; segment%79.public%9878 (PCMAV.exe)
005a2a2d
005a2a32   mov     eax, [$90b560]
005a2a37   cmp     byte ptr [eax+$a8], 0
005a2a3e   jz      loc_5a2a4f
005a2a3e
005a2a40   mov     eax, [ebp-4]
005a2a43   mov     dword ptr [eax+$2c0], 2
005a2a4d   jmp     loc_5a2a63
005a2a4d
005a2a4d ; ---------------------------------------------------------
005a2a4d
005a2a4f loc_5a2a4f:
005a2a4f   mov     eax, [ebp-4]
005a2a52   cmp     dword ptr [eax+$2c0], 0
005a2a59   jz      loc_5a2a63
005a2a59
005a2a5b   mov     eax, [ebp-4]
005a2a5e   call    -$6af ($5a23b4)        ; segment%79.public%9702 (PCMAV.exe)
005a2a5e
005a2a63 loc_5a2a63:
005a2a63   mov     eax, [ebp-4]
005a2a66   mov     eax, [eax+$2c0]
005a2a6c   test    eax, eax
005a2a6e   jz      loc_5a2a28
005a2a6e
005a2a70   mov     [ebp-8], eax
005a2a73   push    0
005a2a75   push    0
005a2a77   push    $b001
005a2a7c   mov     eax, [ebp-4]
005a2a7f   call    -$9e078 ($504a0c)      ; segment%62.public%6294 (PCMAV.exe)
005a2a7f
005a2a84   push    eax
005a2a85   call    -$18f936 ($413154)     ; segment%4.public%1349 (PCMAV.exe)
005a2a85
005a2a8a   mov     eax, [ebp-4]
005a2a8d   call    -$9e086 ($504a0c)      ; segment%62.public%6294 (PCMAV.exe)
005a2a8d
005a2a92   mov     ebx, eax
005a2a94   call    -$18fdc5 ($412cd4)     ; segment%4.public%1206 (PCMAV.exe)
005a2a94
005a2a99   cmp     ebx, eax
005a2a9b   jz      loc_5a2aa2
005a2a9b
005a2a9d   xor     eax, eax
005a2a9f   mov     [ebp-$1c], eax
005a2a9d
005a2aa2 loc_5a2aa2:
005a2aa2   xor     eax, eax
005a2aa4   pop     edx
005a2aa5   pop     ecx
005a2aa6   pop     ecx
005a2aa7   mov     fs:[eax], edx
005a2aaa   push    $5a2abf
005a2aa7
005a2aaf loc_5a2aaf:
005a2aaf   mov     eax, [ebp-4]
005a2ab2   call    -$323 ($5a2794)        ; segment%79.public%9705 (PCMAV.exe)
005a2ab2
005a2ab7   ret
005a2ab7
005a2ab7 ; ---------------------------------------------------------
005a2ab7
005a2ab8   jmp     -$19af0d ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
005a2ab8
005a2abd   jmp     loc_5a2aaf
005a2abd
005a2abd ; ---------------------------------------------------------
005a2abd
005a2abf   xor     eax, eax
005a2ac1   pop     edx
005a2ac2   pop     ecx
005a2ac3   pop     ecx
005a2ac4   mov     fs:[eax], edx
005a2ac7   push    $5a2b81
005a2ac4
005a2acc loc_5a2acc:
005a2acc   mov     eax, [$90b564]
005a2ad1   mov     eax, [eax+$50]
005a2ad4   cmp     eax, [ebp-$18]
005a2ad7   jnz     loc_5a2ae9
005a2ad7
005a2ad9   movzx   edx, word ptr [ebp-$12]
005a2add   mov     eax, [$90b564]
005a2ae2   call    +$1b65 ($5a464c)       ; segment%79.public%9795 (PCMAV.exe)
005a2ae2
005a2ae7   jmp     loc_5a2af5
005a2ae7
005a2ae7 ; ---------------------------------------------------------
005a2ae7
005a2ae9 loc_5a2ae9:
005a2ae9   xor     edx, edx
005a2aeb   mov     eax, [$90b564]
005a2af0   call    +$1b57 ($5a464c)       ; segment%79.public%9795 (PCMAV.exe)
005a2af0
005a2af5 loc_5a2af5:
005a2af5   mov     eax, [ebp-$c]
005a2af8   call    -$7c69 ($59ae94)       ; segment%79.public%9471 (PCMAV.exe)
005a2af8
005a2afd   mov     eax, [$90b564]
005a2b02   mov     eax, [eax+$7c]
005a2b05   cmp     dword ptr [eax+8], 0
005a2b09   jle     loc_5a2b2e
005a2b09
005a2b0b   xor     edx, edx
005a2b0d   call    -$12b9b6 ($47715c)     ; segment%30.public%3153 (PCMAV.exe)
005a2b0d
005a2b12   mov     ecx, [$90b564]
005a2b18   mov     edx, eax
005a2b1a   mov     [ecx+$78], edx
005a2b1d   mov     eax, [$90b564]
005a2b22   mov     eax, [eax+$7c]
005a2b25   xor     ecx, ecx
005a2b27   call    -$12b7b4 ($477378)     ; segment%30.public%3163 (PCMAV.exe)
005a2b27
005a2b2c   jmp     loc_5a2b38
005a2b2c
005a2b2c ; ---------------------------------------------------------
005a2b2c
005a2b2e loc_5a2b2e:
005a2b2e   mov     eax, [$90b564]
005a2b33   xor     edx, edx
005a2b35   mov     [eax+$78], edx
005a2b33
005a2b38 loc_5a2b38:
005a2b38   cmp     dword ptr [ebp-$1c], 0
005a2b3c   jz      loc_5a2b55
005a2b3c
005a2b3e   mov     eax, [ebp-$1c]
005a2b41   push    eax
005a2b42   call    -$18fbb3 ($412f94)     ; segment%4.public%1294 (PCMAV.exe)
005a2b42
005a2b47   test    eax, eax
005a2b49   jnz     loc_5a2b55
005a2b49
005a2b4b   xor     eax, eax
005a2b4d   call    -$7c22 ($59af30)       ; segment%79.public%9473 (PCMAV.exe)
005a2b4d
005a2b52   mov     [ebp-$1c], eax
005a2b4d
005a2b55 loc_5a2b55:
005a2b55   cmp     dword ptr [ebp-$1c], 0
005a2b59   jz      loc_5a2b64
005a2b59
005a2b5b   mov     eax, [ebp-$1c]
005a2b5e   push    eax
005a2b5f   call    -$18f9d0 ($413194)     ; segment%4.public%1357 (PCMAV.exe)
005a2b5f
005a2b64 loc_5a2b64:
005a2b64   mov     eax, [ebp-$10]
005a2b67   call    -$7f44 ($59ac28)       ; segment%79.public%9465 (PCMAV.exe)
005a2b67
005a2b6c   mov     eax, [ebp-4]
005a2b6f   and     byte ptr [eax+$38c], -9
005a2b76   ret
005a2b76
005a2b76 ; ---------------------------------------------------------
005a2b76
005a2b77   jmp     -$19afcc ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
005a2b77
005a2b7c   jmp     loc_5a2acc
005a2b7c
005a2b7c ; ---------------------------------------------------------
005a2b7c
005a2b81   xor     eax, eax
005a2b83   pop     edx
005a2b84   pop     ecx
005a2b85   pop     ecx
005a2b86   mov     fs:[eax], edx
005a2b89   push    $5a2ba0
005a2b86
005a2b8e loc_5a2b8e:
005a2b8e   mov     eax, [$90b560]
005a2b93   call    +$30bc ($5a5c54)       ; segment%79.public%9844 (PCMAV.exe)
005a2b93
005a2b98   ret
005a2b98
005a2b98 ; ---------------------------------------------------------
005a2b98
005a2b99   jmp     -$19afee ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
005a2b99
005a2b9e   jmp     loc_5a2b8e
005a2b9e
005a2b9e ; ---------------------------------------------------------
005a2b9e
005a2ba0   xor     eax, eax
005a2ba2   pop     edx
005a2ba3   pop     ecx
005a2ba4   pop     ecx
005a2ba5   mov     fs:[eax], edx
005a2ba8   push    $5a2bbd
005a2ba5
005a2bad loc_5a2bad:
005a2bad   lea     eax, [ebp-$20]
005a2bb0   call    -$19a541 ($408674)     ; segment%0.public%334 (PCMAV.exe)
005a2bb0
005a2bb5   ret
005a2bb5
005a2bb5 ; ---------------------------------------------------------
005a2bb5
005a2bb6   jmp     -$19b00b ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
005a2bb6
005a2bbb   jmp     loc_5a2bad
005a2bbb
005a2bbb ; ---------------------------------------------------------
005a2bbb
005a2bbd   mov     eax, [ebp-8]
005a2bc0   pop     ebx
005a2bc1   mov     esp, ebp
005a2bc3   pop     ebp
005a2bc4   ret

-Update-
Ketika Mau Exit PCMAV, Muncul Error

date/time         : 2012-03-26, 20:26:34, 93ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 43 minutes 2 seconds
program up time   : 12 minutes 39 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 521/958 MB (free/total)
free disk space   : (C:) 8.94 GB
display mode      : 1024x768, 32 bit
process id        : $d7c
allocated memory  : 265.64 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $011e2932, $e32e0c7b, $e32e0c7b
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 011E2932. Read of address FFFFFFFF.

main thread ($744):
011e2932 +000 ???
00406924 +008 PCMAV.exe  segment%0   public%227
008dbd71 +0cd PCMAV.exe  segment%265 public%20726
008d518a +01e PCMAV.exe  segment%265 public%20623
005a23a5 +055 PCMAV.exe  segment%79  public%9701
005a22cd +021 PCMAV.exe  segment%79  public%9700
008da48b +007 PCMAV.exe  segment%265 public%20682
0058ecaf +0a7 PCMAV.exe  segment%77  public%9314
005902b3 +013 PCMAV.exe  segment%77  public%9377
00591546 +082 PCMAV.exe  segment%77  public%9426
00591495 +01d PCMAV.exe  segment%77  public%9425
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
007a99c6 +142 PCMAV.exe  segment%156 public%17697
008c9de8 +31c PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e42a034 +016 USER32.dll             CallWindowProcW
00842a4c +034 PCMAV.exe  segment%174 public%18475
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008da986 +15e PCMAV.exe  segment%265 public%20693
004fd7f3 +06f PCMAV.exe  segment%62  public%6006
00517c2a +01e PCMAV.exe  segment%63  public%6738
005cd828 +068 PCMAV.exe  segment%83  public%10707
00518718 +010 PCMAV.exe  segment%63  public%6770
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
004fcebc +024 PCMAV.exe  segment%62  public%5992
00501d33 +023 PCMAV.exe  segment%62  public%6160
005027bf +00b PCMAV.exe  segment%62  public%6168
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e4292de +044 USER32.dll             SendMessageW
7e42a034 +016 USER32.dll             CallWindowProcW
00501ce0 +0d8 PCMAV.exe  segment%62  public%6159
004fdc48 +010 PCMAV.exe  segment%62  public%6023
004fdbb2 +07e PCMAV.exe  segment%62  public%6020
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a71a6 +00a PCMAV.exe  segment%79  public%9878
005a74d9 +0c9 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $388:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($744) at:
02d116e9 +00 IDMShellExt.dll

thread $c90 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($744) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $e28:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($744) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $7dc:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($744) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $c5c:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($744) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $ff4:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($744) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $478:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($744) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $b54:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($744) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $374:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $3b0:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $938:
7c90df48 +00a ntdll.dll               NtWaitForMultipleObjects
7c80958a +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a110 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by thread $b38 at:
769c887a +273 Userenv.dll             RegisterGPNotification

thread $6e8 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($744) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $8fc:
7c90da48 +0a ntdll.dll               NtRemoveIoCompletion
7c80a7e0 +23 kernel32.dll            GetQueuedCompletionStatus
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($744) at:
77e7d10d +00 RPCRT4.dll

thread $ffc:
7c90df48 +0a ntdll.dll               NtWaitForMultipleObjects
7c80958a +00 kernel32.dll            WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by thread $3ec at:
77e062d0 +00 ADVAPI32.dll

processes:
000 Idle                         0   0
004 System                       0   0   normal
1b0 smss.exe                     0   0   normal       C:\WINDOWS\system32
2b4 csrss.exe                    62  62  normal       C:\WINDOWS\system32
2d0 winlogon.exe                 51  14  high         C:\WINDOWS\system32
2fc services.exe                 4   2   normal       C:\WINDOWS\system32
308 lsass.exe                    4   1   normal       C:\WINDOWS\system32
3d8 svchost.exe                  4   1   normal       C:\WINDOWS\system32
6c4 svchost.exe                  4   1   normal       C:\WINDOWS\system32
6ec MsMpEng.exe                  4   2   normal       C:\Program Files\Microsoft Security Client\Antimalware
710 svchost.exe                  11  27  normal       C:\WINDOWS\System32
104 svchost.exe                  4   1   normal       C:\WINDOWS\system32
224 svchost.exe                  4   2   normal       C:\WINDOWS\system32
408 spoolsv.exe                  4   4   normal       C:\WINDOWS\system32
56c alg.exe                      4   2   normal       C:\WINDOWS\System32
5a8 Explorer.EXE                 358 241 normal       C:\WINDOWS
5bc ekrn.exe                     11  13  normal       C:\Program Files\ESET\ESET Smart Security
628 svchost.exe                  4   1   normal       C:\WINDOWS\System32
7f0 TuneUpUtilitiesService32.exe 4   5   normal       C:\Program Files\TuneUp Utilities 2012
24c wscntfy.exe                  35  11  normal       C:\WINDOWS\system32
484 TuneUpUtilitiesApp32.exe     220 99  normal       C:\Program Files\TuneUp Utilities 2012
808 egui.exe                     188 59  normal       C:\Program Files\ESET\ESET Smart Security
81c VTTimer.exe                  15  5   normal       C:\WINDOWS\system32
82c VTtrayp.exe                  22  5   normal       C:\WINDOWS\system32
840 SOUNDMAN.EXE                 21  8   normal       C:\WINDOWS
848 IDMan.exe                    147 109 below normal C:\Program Files\Internet Download Manager
850 xwidget.exe                  97  96  normal       C:\Program Files\XWidget
860 ctfmon.exe                   147 71  normal       C:\WINDOWS\system32
86c WinSnap.exe                  58  73  normal       C:\Program Files\WinSnap
948 ping.exe                     4   1   normal       C:\WINDOWS\system32
490 mspaint.exe                  95  65  normal       C:\WINDOWS\system32
668 svchost.exe                  4   3   normal       C:\WINDOWS\system32
9fc taskmgr.exe                  108 122 normal       C:\WINDOWS\system32
c1c notepad.exe                  31  21  normal       C:\WINDOWS\system32
f48 firefox.exe                  321 50  normal       C:\Program Files\Mozilla Firefox
d7c PCMAV.exe                    245 168 normal       C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview

disassembling:
0040691c public segment%0.public%227 (PCMAV.exe):  ; function entry point
0040691c   test    eax, eax
0040691e   jz      loc_406927
0040691e
00406920   mov     dl, 1
00406922   mov     ecx, [eax]
00406924 > call    dword ptr [ecx-4]
00406924
00406927 loc_406927:
00406927   ret

date/time         : 2012-03-26, 20:31:53, 93ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 48 minutes 21 seconds
program up time   : 5 minutes 15 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 431/958 MB (free/total)
free disk space   : (C:) 8.94 GB
display mode      : 1024x768, 32 bit
process id        : $cf4
allocated memory  : 285.05 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $778213ea, $4b981439, $4b981439
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 0052EE72 in module 'PCMAV.exe'. Read of address 00000278.

main thread ($c04):
0052ee72 +006 PCMAV.exe segment%70  public%7186
008c5ca7 +023 PCMAV.exe segment%258 public%20502
00483536 +142 PCMAV.exe segment%30  public%3629
0048452a +08a PCMAV.exe segment%30  public%3670
00483851 +039 PCMAV.exe segment%30  public%3634
006779c6 +012 PCMAV.exe segment%98  public%13636
00406924 +008 PCMAV.exe segment%0   public%227
0067795c +044 PCMAV.exe segment%98  public%13634
00683929 +019 PCMAV.exe segment%98  public%13910
006ca984 +174 PCMAV.exe segment%104 public%14827
004fefae +0ae PCMAV.exe segment%62  public%6098
0050778d +01d PCMAV.exe segment%62  public%6383
004fefae +0ae PCMAV.exe segment%62  public%6098
0052d4f1 +039 PCMAV.exe segment%70  public%7113
004fefae +0ae PCMAV.exe segment%62  public%6098
0052c566 +05e PCMAV.exe segment%70  public%7067
0052db71 +049 PCMAV.exe segment%70  public%7134
004fefae +0ae PCMAV.exe segment%62  public%6098
0059bf70 +038 PCMAV.exe segment%79  public%9519
0059cda5 +0f9 PCMAV.exe segment%79  public%9550
00484993 +057 PCMAV.exe segment%30  public%3688
0059ad79 +035 PCMAV.exe segment%79  public%9468
0044cf5a +026 PCMAV.exe segment%26  public%2176
004083cd +065 PCMAV.exe segment%0   public%323
008eb28c +178 PCMAV.exe segment%393 public%20885

thread $de8:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($c04) at:
02d116e9 +00 IDMShellExt.dll

thread $a94:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($c04) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $fe4 (TDownload):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
0048408e +042 PCMAV.exe    segment%30  public%3655
008c5e00 +134 PCMAV.exe    segment%258 public%20503
008832fd +059 PCMAV.exe    segment%213 public%19447
008832c3 +01f PCMAV.exe    segment%213 public%19447
00885e0e +00e PCMAV.exe    segment%215 public%19478
008820d1 +039 PCMAV.exe    segment%212 public%19417
00881f1e +0b6 PCMAV.exe    segment%212 public%19414
00887360 +05c PCMAV.exe    segment%215 public%19512
00887782 +1fe PCMAV.exe    segment%215 public%19521
008bf1f3 +2af PCMAV.exe    segment%255 public%20418
008c1c57 +2ef PCMAV.exe    segment%255 public%20454
008c2120 +1c0 PCMAV.exe    segment%255 public%20460
008c1f19 +055 PCMAV.exe    segment%255 public%20459
008bdb9c +030 PCMAV.exe    segment%255 public%20396
008c5151 +719 PCMAV.exe    segment%258 public%20500
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by thread $7ac at:
004836ec +018 PCMAV.exe    segment%30  public%3631

processes:
000 Idle                         0   0
004 System                       0   0   normal
1b0 smss.exe                     0   0   normal       C:\WINDOWS\system32
2b4 csrss.exe                    62  62  normal       C:\WINDOWS\system32
2d0 winlogon.exe                 51  14  high         C:\WINDOWS\system32
2fc services.exe                 4   2   normal       C:\WINDOWS\system32
308 lsass.exe                    4   2   normal       C:\WINDOWS\system32
3d8 svchost.exe                  4   1   normal       C:\WINDOWS\system32
6c4 svchost.exe                  4   1   normal       C:\WINDOWS\system32
6ec MsMpEng.exe                  4   2   normal       C:\Program Files\Microsoft Security Client\Antimalware
710 svchost.exe                  11  27  normal       C:\WINDOWS\System32
104 svchost.exe                  4   1   normal       C:\WINDOWS\system32
224 svchost.exe                  4   2   normal       C:\WINDOWS\system32
408 spoolsv.exe                  4   4   normal       C:\WINDOWS\system32
56c alg.exe                      4   2   normal       C:\WINDOWS\System32
5a8 Explorer.EXE                 366 240 normal       C:\WINDOWS
5bc ekrn.exe                     11  13  normal       C:\Program Files\ESET\ESET Smart Security
628 svchost.exe                  4   1   normal       C:\WINDOWS\System32
7f0 TuneUpUtilitiesService32.exe 4   5   normal       C:\Program Files\TuneUp Utilities 2012
24c wscntfy.exe                  35  11  normal       C:\WINDOWS\system32
484 TuneUpUtilitiesApp32.exe     220 99  normal       C:\Program Files\TuneUp Utilities 2012
808 egui.exe                     188 59  normal       C:\Program Files\ESET\ESET Smart Security
81c VTTimer.exe                  15  5   normal       C:\WINDOWS\system32
82c VTtrayp.exe                  22  5   normal       C:\WINDOWS\system32
840 SOUNDMAN.EXE                 21  8   normal       C:\WINDOWS
848 IDMan.exe                    147 109 below normal C:\Program Files\Internet Download Manager
850 xwidget.exe                  97  96  normal       C:\Program Files\XWidget
860 ctfmon.exe                   145 70  normal       C:\WINDOWS\system32
86c WinSnap.exe                  58  73  normal       C:\Program Files\WinSnap
948 ping.exe                     4   1   normal       C:\WINDOWS\system32
490 mspaint.exe                  96  65  normal       C:\WINDOWS\system32
668 svchost.exe                  4   3   normal       C:\WINDOWS\system32
9fc taskmgr.exe                  108 122 normal       C:\WINDOWS\system32
f48 firefox.exe                  324 52  normal       C:\Program Files\Mozilla Firefox
cf4 PCMAV.exe                    184 60  normal       C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview
e34 NOTEPAD.EXE                  32  21  normal       C:\WINDOWS\system32

disassembling:
0052ee6c public segment%70.public%7186 (PCMAV.exe):  ; function entry point
0052ee6c   push    ebx
0052ee6d   push    esi
0052ee6e   mov     esi, edx
0052ee70   mov     ebx, eax
0052ee72 > cmp     byte ptr [ebx+$278], 0
0052ee79   jnz     loc_52ee8c
0052ee79
0052ee7b   test    esi, esi
0052ee7d   jl      loc_52ee87
0052ee7d
0052ee7f   cmp     esi, $ffff
0052ee85   jle     loc_52ee8c
0052ee85
0052ee87 loc_52ee87:
0052ee87   call    -$590 ($52e8fc)        ; segment%70.public%7174 (PCMAV.exe)
0052ee87
0052ee8c loc_52ee8c:
0052ee8c   mov     eax, ebx
0052ee8e   call    -$2a0db ($504db8)      ; segment%62.public%6309 (PCMAV.exe)
0052ee8e
0052ee93   test    al, al
0052ee95   jz      loc_52eeaf
0052ee95
0052ee97   push    0
0052ee99   push    esi
0052ee9a   push    $402
0052ee9f   mov     eax, ebx
0052eea1   call    -$2a49a ($504a0c)      ; segment%62.public%6294 (PCMAV.exe)
0052eea1
0052eea6   push    eax
0052eea7   call    -$11bd58 ($413154)     ; segment%4.public%1349 (PCMAV.exe)
0052eea7
0052eeac   pop     esi
0052eead   pop     ebx
0052eeae   ret
0052eeae
0052eeae ; ---------------------------------------------------------
0052eeae
0052eeaf loc_52eeaf:
0052eeaf   mov     [ebx+$284], esi
0052eeb5   pop     esi
0052eeb6   pop     ebx
0052eeb7   ret

date/time         : 2012-03-26, 21:41:54, 625ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 1 hour 58 minutes
program up time   : 3 minutes 31 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 355/958 MB (free/total)
free disk space   : (C:) 8.78 GB
display mode      : 1024x768, 32 bit
process id        : $d14
allocated memory  : 25.35 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $547e96b3, $1916e7c6, $1916e7c6
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 007A2400 in module 'PCMAV.exe'. Write of address 00000013.

main thread ($b98):
007a2400 +088 PCMAV.exe  segment%154 public%17643
007a2334 +000 PCMAV.exe  segment%154 public%17642
007a51b9 +081 PCMAV.exe  segment%155 public%17676
008c9be0 +114 PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008da986 +15e PCMAV.exe  segment%265 public%20693
004fd7f3 +06f PCMAV.exe  segment%62  public%6006
00517c2a +01e PCMAV.exe  segment%63  public%6738
005cd828 +068 PCMAV.exe  segment%83  public%10707
00518718 +010 PCMAV.exe  segment%63  public%6770
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
004fcebc +024 PCMAV.exe  segment%62  public%5992
00501d33 +023 PCMAV.exe  segment%62  public%6160
005027bf +00b PCMAV.exe  segment%62  public%6168
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e4292de +044 USER32.dll             SendMessageW
7e42a034 +016 USER32.dll             CallWindowProcW
00501ce0 +0d8 PCMAV.exe  segment%62  public%6159
004fdc48 +010 PCMAV.exe  segment%62  public%6023
004fdbb2 +07e PCMAV.exe  segment%62  public%6020
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a71a6 +00a PCMAV.exe  segment%79  public%9878
005a74d9 +0c9 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $f60:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $858:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($b98) at:
02d116e9 +00 IDMShellExt.dll

thread $c08 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($b98) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $fec:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($b98) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $1cc:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($b98) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $ca8:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($b98) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $69c:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($b98) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $a7c:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($b98) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $d7c (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($b98) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $ff8:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $d48:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $ff0:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $484:
7c90df48 +0a ntdll.dll               NtWaitForMultipleObjects
7c80958a +00 kernel32.dll            WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($b98) at:
77a8a083 +00 CRYPT32.dll

thread $954:
7c90df48 +00a ntdll.dll               NtWaitForMultipleObjects
7c80958a +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a110 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by main thread ($b98) at:
769c887a +273 Userenv.dll             RegisterGPNotification

thread $bd0:
>> stack not accessible

processes:
000 Idle                 0   0
004 System               0   0   normal
1b0 smss.exe             0   0   normal C:\WINDOWS\system32
2b4 csrss.exe            62  62  normal C:\WINDOWS\system32
2d0 winlogon.exe         51  14  high   C:\WINDOWS\system32
2fc services.exe         4   2   normal C:\WINDOWS\system32
308 lsass.exe            4   2   normal C:\WINDOWS\system32
3d8 svchost.exe          4   1   normal C:\WINDOWS\system32
6c4 svchost.exe          4   1   normal C:\WINDOWS\system32
6ec MsMpEng.exe          4   2   normal C:\Program Files\Microsoft Security Client\Antimalware
710 svchost.exe          11  29  normal C:\WINDOWS\System32
104 svchost.exe          4   1   normal C:\WINDOWS\system32
224 svchost.exe          4   2   normal C:\WINDOWS\system32
408 spoolsv.exe          4   4   normal C:\WINDOWS\system32
56c alg.exe              4   2   normal C:\WINDOWS\System32
5a8 Explorer.EXE         317 147 normal C:\WINDOWS
5bc ekrn.exe             11  11  normal C:\Program Files\ESET\ESET Smart Security
628 svchost.exe          4   1   normal C:\WINDOWS\System32
24c wscntfy.exe          35  11  normal C:\WINDOWS\system32
808 egui.exe             194 58  normal C:\Program Files\ESET\ESET Smart Security
81c VTTimer.exe          15  5   normal C:\WINDOWS\system32
82c VTtrayp.exe          22  5   normal C:\WINDOWS\system32
840 SOUNDMAN.EXE         21  8   normal C:\WINDOWS
850 xwidget.exe          97  96  normal C:\Program Files\XWidget
860 ctfmon.exe           111 53  normal C:\WINDOWS\system32
948 ping.exe             4   1   normal C:\WINDOWS\system32
668 svchost.exe          4   2   normal C:\WINDOWS\system32
9fc taskmgr.exe          110 124 normal C:\WINDOWS\system32
f48 firefox.exe          580 79  normal C:\Program Files\Mozilla Firefox
dd4 DllHost.exe          8   3   normal C:\WINDOWS\system32
878 WinSnap.exe          59  70  normal C:\Program Files\WinSnap
fc4 IDMan.exe            141 106 normal C:\Program Files\Internet Download Manager
d14 PCMAV.exe            216 101 normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview
f4c plugin-container.exe 18  15  normal C:\Program Files\Mozilla Firefox

disassembling:
007a2378 public segment%154.public%17643 (PCMAV.exe):  ; function entry point
007a2378   push    ebp
007a2379   mov     ebp, esp
007a237b   mov     ecx, $11
007a2379
007a2380 loc_7a2380:
007a2380   push    0
007a2382   push    0
007a2384   dec     ecx
007a2385   jnz     loc_7a2380
007a2385
007a2387   push    ebx
007a2388   push    esi
007a2389   push    edi
007a238a   mov     ebx, eax
007a238c   xor     eax, eax
007a238e   push    ebp
007a238f   push    $7a257c                ; segment%0.public%300 (PCMAV.exe)
007a2394   push    dword ptr fs:[eax]
007a2397   mov     fs:[eax], esp
007a239a   mov     esi, $100
007a239f   push    esi
007a23a0   lea     eax, [ebp-4]
007a23a3   mov     ecx, 1
007a23a8   mov     edx, [$7a233c]
007a23ae   call    -$397593 ($40ae20)     ; segment%0.public%477 (PCMAV.exe)
007a23ae
007a23b3   add     esp, 4
007a23b6   jmp     loc_7a23d1
007a23b6
007a23b6 ; ---------------------------------------------------------
007a23b6
007a23b8 loc_7a23b8:
007a23b8   add     esi, esi
007a23ba   push    esi
007a23bb   lea     eax, [ebp-4]
007a23be   mov     ecx, 1
007a23c3   mov     edx, [$7a233c]
007a23c9   call    -$3975ae ($40ae20)     ; segment%0.public%477 (PCMAV.exe)
007a23c9
007a23ce   add     esp, 4
007a23c9
007a23d1 loc_7a23d1:
007a23d1   lea     eax, [ebp-8]
007a23d4   push    eax
007a23d5   push    esi
007a23d6   mov     eax, [ebp-4]
007a23d9   push    eax
007a23da   push    $10
007a23dc   call    -$129 ($7a22b8)        ; segment%154.public%17638 (PCMAV.exe)
007a23dc
007a23e1   cmp     eax, $c0000004
007a23e6   jz      loc_7a23b8
007a23e6
007a23e8   mov     eax, [ebp-4]
007a23eb   mov     [ebp-$10], eax
007a23ee   lea     edx, [ebp-$c]
007a23f1   mov     eax, [ebp-$10]
007a23f4   mov     ecx, 4
007a23f9   call    -$39dbaa ($404854)     ; segment%0.public%133 (PCMAV.exe)
007a23f9
007a23fe   xor     eax, eax
007a2400 > mov     [ebx+$10], eax
007a2403   mov     esi, [ebp-$c]
007a2406   dec     esi
007a2407   test    esi, esi
007a2409   jb      loc_7a2449
007a2409
007a240b   inc     esi
007a240c   xor     edi, edi
007a240b
007a240e loc_7a240e:
007a240e   mov     eax, [ebp-$10]
007a2411   xor     edx, edx
007a2413   add     eax, 4
007a2416   adc     edx, 0
007a2419   push    edx
007a241a   push    eax
007a241b   mov     eax, edi
007a241d   shl     eax, 4
007a2420   xor     edx, edx
007a2422   add     eax, [esp]
007a2425   adc     edx, [esp+4]
007a2429   add     esp, 8
007a242c   lea     edx, [ebp-$20]
007a242f   mov     ecx, $10
007a2434   call    -$39dbe5 ($404854)     ; segment%0.public%133 (PCMAV.exe)
007a2434
007a2439   movzx   eax, byte ptr [ebp-$1c]
007a243d   cmp     eax, [ebx+$14]
007a2440   jnz     loc_7a2445
007a2440
007a2442   inc     dword ptr [ebx+$10]
007a2440
007a2445 loc_7a2445:
007a2445   inc     edi
007a2446   dec     esi
007a2447   jnz     loc_7a240e
007a2447
007a2449 loc_7a2449:
007a2449   push    0
007a244b   lea     eax, [ebx+$c]
007a244e   mov     ecx, 1
007a2453   mov     edx, [$7a1f40]
007a2459   call    -$39763e ($40ae20)     ; segment%0.public%477 (PCMAV.exe)
007a2459
007a245e   add     esp, 4
007a2461   mov     eax, [ebx+$10]
007a2464   push    eax
007a2465   lea     eax, [ebx+$c]
007a2468   mov     ecx, 1
007a246d   mov     edx, [$7a1f40]
007a2473   call    -$397658 ($40ae20)     ; segment%0.public%477 (PCMAV.exe)
007a2473
007a2478   add     esp, 4
007a247b   xor     eax, eax
007a247d   mov     [ebx+$10], eax
007a2480   mov     esi, [ebp-$c]
007a2483   dec     esi
007a2484   test    esi, esi
007a2486   jb      loc_7a250d
007a2486
007a248c   inc     esi
007a248d   xor     edi, edi
007a248c
007a248f loc_7a248f:
007a248f   mov     eax, [ebp-$10]
007a2492   xor     edx, edx
007a2494   add     eax, 4
007a2497   adc     edx, 0
007a249a   push    edx
007a249b   push    eax
007a249c   mov     eax, edi
007a249e   shl     eax, 4
007a24a1   xor     edx, edx
007a24a3   add     eax, [esp]
007a24a6   adc     edx, [esp+4]
007a24aa   add     esp, 8
007a24ad   lea     edx, [ebp-$20]
007a24b0   mov     ecx, $10
007a24b5   call    -$39dc66 ($404854)     ; segment%0.public%133 (PCMAV.exe)
007a24b5
007a24ba   movzx   eax, byte ptr [ebp-$1c]
007a24be   cmp     eax, [ebx+$14]
007a24c1   jnz     loc_7a2509
007a24c1
007a24c3   lea     ecx, [ebp-$88]
007a24c9   lea     edx, [ebp-$20]
007a24cc   mov     eax, ebx
007a24ce   call    +$171 ($7a2644)        ; segment%154.public%17646 (PCMAV.exe)
007a24ce
007a24d3   lea     edx, [ebp-$88]
007a24d9   imul    eax, [ebx+$10], $d
007a24dd   mov     ecx, [ebx+$c]
007a24e0   lea     eax, [ecx+eax*8]
007a24e3   mov     ecx, [$7a1c68]
007a24e9   call    -$3980ce ($40a420)     ; segment%0.public%452 (PCMAV.exe)
007a24e9
007a24ee   imul    eax, [ebx+$10], $d
007a24f2   mov     edx, [ebx+$c]
007a24f5   mov     eax, [edx+eax*8+8]
007a24f9   test    eax, eax
007a24fb   jz      loc_7a2502
007a24fb
007a24fd   sub     eax, 4
007a2500   mov     eax, [eax]
007a24fd
007a2502 loc_7a2502:
007a2502   test    eax, eax
007a2504   jle     loc_7a2509
007a2504
007a2506   inc     dword ptr [ebx+$10]
007a2504
007a2509 loc_7a2509:
007a2509   inc     edi
007a250a   dec     esi
007a250b   jnz     loc_7a248f
007a250b
007a250d loc_7a250d:
007a250d   cmp     dword ptr [ebx+$10], 1
007a2511   jbe     loc_7a2518
007a2511
007a2513   dec     dword ptr [ebx+$10]
007a2516   jmp     loc_7a2530
007a2516
007a2516 ; ---------------------------------------------------------
007a2516
007a2518 loc_7a2518:
007a2518   push    0
007a251a   lea     eax, [ebx+$c]
007a251d   mov     ecx, 1
007a2522   mov     edx, [$7a1f40]
007a2528   call    -$39770d ($40ae20)     ; segment%0.public%477 (PCMAV.exe)
007a2528
007a252d   add     esp, 4
007a2528
007a2530 loc_7a2530:
007a2530   mov     eax, ebx
007a2532   call    +$7d ($7a25b4)         ; segment%154.public%17645 (PCMAV.exe)
007a2532
007a2537   push    0
007a2539   lea     eax, [ebp-4]
007a253c   mov     ecx, 1
007a2541   mov     edx, [$7a233c]
007a2547   call    -$39772c ($40ae20)     ; segment%0.public%477 (PCMAV.exe)
007a2547
007a254c   add     esp, 4
007a254f   xor     eax, eax
007a2551   pop     edx
007a2552   pop     ecx
007a2553   pop     ecx
007a2554   mov     fs:[eax], edx
007a2557   push    $7a2583
007a2554
007a255c loc_7a255c:
007a255c   lea     eax, [ebp-$88]
007a2562   mov     edx, [$7a1c68]
007a2568   call    -$3983dd ($40a190)     ; segment%0.public%444 (PCMAV.exe)
007a2568
007a256d   lea     eax, [ebp-4]
007a2570   mov     edx, [$7a233c]
007a2576   call    -$397637 ($40af44)     ; segment%0.public%480 (PCMAV.exe)
007a2576
007a257b   ret
007a257b
007a257b ; ---------------------------------------------------------
007a257b
007a257c   jmp     -$39a9d1 ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
007a257c
007a2581   jmp     loc_7a255c
007a2581
007a2581 ; ---------------------------------------------------------
007a2581
007a2583   pop     edi
007a2584   pop     esi
007a2585   pop     ebx
007a2586   mov     esp, ebp
007a2588   pop     ebp
007a2589   ret

Mau tanya, Koq file PCMAV sendiri dikira Suspection? Berikut Log Scannya:

===========================
PC Media Antivirus Log File
www.virusindonesia.com
===========================

Scan Summary (26-3-12 - 20-25-32):
-------------
PCMAV Version         : 6.9
Engine Version        : 6.9
Virus Signature       : 6285
OS                    : Windows XP
Scan Duration         : 00:04:39:500
Items detected        : 0

C:\Program Files\WinSnap\WinSnap.exe [Heur.Crypted - File will be cured]
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\MSVCR71.dll [Heur.Crypted - Suspended]
C:\WINDOWS\system32\PCMext.dll [Heur.Crypted - Suspended]
C:\WINDOWS\system32\phototoys.dll [Heur.Crypted - Suspended]

Ketika PCMAV terbuka dan pada saat itu saya membuka Google Chrome... Extensi Ghostery, AdBlock, WOT Ngadat. Klik balon ini untuk memuat ulang extensi. Notifikasi itu muncul di Layar saya. Dan juga Page semua yang ada di Google Chrome Galat. Maaf tidak menyertakan screenshot, lagi bermasalah dalam screenshot.

Saya mau tanya koq ketika update harus mendownload ulang main.cvd? Ketika Klik Cancel, justru malah download ulang lagi main.cvd. Klo bisa PCMAV melakukan verifikasi dalam mengecek Update terbaru Database Clamav. Dan Saat Load Database Clamav, Cukup lama.

Untuk Penggunaan PCMAV+Clamav (0.95) memakan Virtual Memory besar, Lebih dari 250,000. Tetapi untuk PCMAV Tanpa Clamav tidak memakan Pemakaian memory yang besar baik Virtual Memory maupun Memory Ram.

Last edited by indraramadhan094 (26-03-2012 22:08:51)

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**indraramadhan094** · 26-03-2012 22:10:14

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

Karena sudah tak bisa menambahkan text, maka akan saya copy Log Bug Report setelah Exit PCMAV

date/time         : 2012-03-26, 22:06:00, 578ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 2 hours 22 minutes
program up time   : 2 minutes 39 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 536/958 MB (free/total)
free disk space   : (C:) 8.84 GB
display mode      : 1024x768, 32 bit
process id        : $d70
allocated memory  : 26.53 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $bb23702a, $fcb4fbd2, $fcb4fbd2
exception number  : 1
exception class   : EPrivilege
exception message : Privileged instruction.

main thread ($e9c):
00730074 +200 PCMAV.exe  segment%133 public%16496
00406924 +008 PCMAV.exe  segment%0   public%227
008dbd71 +0cd PCMAV.exe  segment%265 public%20726
008d518a +01e PCMAV.exe  segment%265 public%20623
005a23a5 +055 PCMAV.exe  segment%79  public%9701
005a22cd +021 PCMAV.exe  segment%79  public%9700
008da48b +007 PCMAV.exe  segment%265 public%20682
0058ecaf +0a7 PCMAV.exe  segment%77  public%9314
005902b3 +013 PCMAV.exe  segment%77  public%9377
00591546 +082 PCMAV.exe  segment%77  public%9426
00591495 +01d PCMAV.exe  segment%77  public%9425
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
007a52c1 +189 PCMAV.exe  segment%155 public%17676
008c9be0 +114 PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008da986 +15e PCMAV.exe  segment%265 public%20693
004fd7f3 +06f PCMAV.exe  segment%62  public%6006
00517c2a +01e PCMAV.exe  segment%63  public%6738
005cd828 +068 PCMAV.exe  segment%83  public%10707
00518718 +010 PCMAV.exe  segment%63  public%6770
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
004fcebc +024 PCMAV.exe  segment%62  public%5992
00501d33 +023 PCMAV.exe  segment%62  public%6160
005027bf +00b PCMAV.exe  segment%62  public%6168
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e4292de +044 USER32.dll             SendMessageW
7e42a034 +016 USER32.dll             CallWindowProcW
00501ce0 +0d8 PCMAV.exe  segment%62  public%6159
004fdc48 +010 PCMAV.exe  segment%62  public%6023
004fdbb2 +07e PCMAV.exe  segment%62  public%6020
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a71a6 +00a PCMAV.exe  segment%79  public%9878
005a74d9 +0c9 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $c0c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $300:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($e9c) at:
02d116e9 +00 IDMShellExt.dll

thread $960 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($e9c) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $378:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($e9c) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $cd8:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($e9c) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $d4c:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($e9c) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $d80:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($e9c) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $6b0:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($e9c) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $ef8 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($e9c) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $c60:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $5cc:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $7fc:
7c90df48 +00a ntdll.dll               NtWaitForMultipleObjects
7c80958a +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a110 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by main thread ($e9c) at:
769c887a +273 Userenv.dll             RegisterGPNotification

thread $e0:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

processes:
000 Idle         0   0
004 System       0   0   normal
1b0 smss.exe     0   0   normal C:\WINDOWS\system32
2b4 csrss.exe    63  62  normal C:\WINDOWS\system32
2d0 winlogon.exe 51  14  high   C:\WINDOWS\system32
2fc services.exe 4   2   normal C:\WINDOWS\system32
308 lsass.exe    4   2   normal C:\WINDOWS\system32
3d8 svchost.exe  4   1   normal C:\WINDOWS\system32
6c4 svchost.exe  4   1   normal C:\WINDOWS\system32
6ec MsMpEng.exe  4   2   normal C:\Program Files\Microsoft Security Client\Antimalware
710 svchost.exe  11  29  normal C:\WINDOWS\System32
104 svchost.exe  4   1   normal C:\WINDOWS\system32
224 svchost.exe  4   2   normal C:\WINDOWS\system32
408 spoolsv.exe  4   4   normal C:\WINDOWS\system32
56c alg.exe      4   2   normal C:\WINDOWS\System32
5a8 Explorer.EXE 318 144 normal C:\WINDOWS
5bc ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
628 svchost.exe  4   1   normal C:\WINDOWS\System32
24c wscntfy.exe  35  11  normal C:\WINDOWS\system32
808 egui.exe     194 58  normal C:\Program Files\ESET\ESET Smart Security
81c VTTimer.exe  15  5   normal C:\WINDOWS\system32
82c VTtrayp.exe  22  5   normal C:\WINDOWS\system32
840 SOUNDMAN.EXE 21  8   normal C:\WINDOWS
850 xwidget.exe  97  96  normal C:\Program Files\XWidget
860 ctfmon.exe   117 56  normal C:\WINDOWS\system32
948 ping.exe     4   1   normal C:\WINDOWS\system32
668 svchost.exe  4   2   normal C:\WINDOWS\system32
9fc taskmgr.exe  111 124 normal C:\WINDOWS\system32
dd4 DllHost.exe  8   3   normal C:\WINDOWS\system32
878 WinSnap.exe  59  70  normal C:\Program Files\WinSnap
fc4 IDMan.exe    121 67  normal C:\Program Files\Internet Download Manager
d70 PCMAV.exe    228 131 normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview
dcc firefox.exe  249 42  normal C:\Program Files\Mozilla Firefox

disassembling:
0072fe74 public segment%133.public%16496 (PCMAV.exe):  ; function entry point
0072fe74   push    ebp
0072fe75   mov     ebp, esp
0072fe77   add     esp, -$174
0072fe7d   push    ebx
0072fe7e   push    esi
0072fe7f   push    edi
0072fe80   xor     ebx, ebx
0072fe82   mov     [ebp-$170], ebx
0072fe88   mov     [ebp-$174], ebx
0072fe8e   mov     [ebp-8], ebx
0072fe91   mov     ebx, ecx
0072fe93   mov     [ebp-9], dl
0072fe96   mov     [ebp-4], eax
0072fe99   mov     eax, [ebp-4]
0072fe9c   call    -$327739 ($408768)     ; segment%0.public%341 (PCMAV.exe)
0072fe9c
0072fea1   xor     eax, eax
0072fea3   push    ebp
0072fea4   push    $72ffa6                ; segment%0.public%300 (PCMAV.exe)
0072fea9   push    dword ptr fs:[eax]
0072feac   mov     fs:[eax], esp
0072feaf   mov     esi, $4010
0072feb4   cmp     byte ptr [ebp-9], 0
0072feb8   jz      loc_72febf
0072feb8
0072feba   or      esi, 1
0072febd   jmp     loc_72fec2
0072febd
0072febd ; ---------------------------------------------------------
0072febd
0072febf loc_72febf:
0072febf   or      esi, 0
0072febd
0072fec2 loc_72fec2:
0072fec2   test    bl, bl
0072fec4   jz      loc_72ff30
0072fec4
0072fec6   lea     eax, [ebp-$174]
0072fecc   mov     edx, [ebp-4]
0072fecf   call    -$3266a8 ($40982c)     ; segment%0.public%421 (PCMAV.exe)
0072fecf
0072fed4   mov     eax, [ebp-$174]
0072feda   lea     edx, [ebp-$170]
0072fee0   call    -$2e0cf1 ($44f1f4)     ; segment%26.public%2257 (PCMAV.exe)
0072fee0
0072fee5   mov     edx, [ebp-$170]
0072feeb   lea     eax, [ebp-8]
0072feee   mov     ecx, 0
0072fef3   call    -$326c14 ($4092e4)     ; segment%0.public%396 (PCMAV.exe)
0072fef3
0072fef8   mov     edx, $72ffc4           ; '.lnk'
0072fefd   mov     eax, [ebp-8]
0072ff00   call    -$31a05d ($415ea8)     ; segment%8.public%1489 (PCMAV.exe)
0072ff00
0072ff05   test    al, al
0072ff07   jnz     loc_72ff1e
0072ff07
0072ff09   mov     edx, $72ffd8           ; '.pif'
0072ff0e   mov     eax, [ebp-8]
0072ff11   call    -$31a06e ($415ea8)     ; segment%8.public%1489 (PCMAV.exe)
0072ff11
0072ff16   test    al, al
0072ff18   jnz     loc_72ff1e
0072ff18
0072ff1a   xor     ebx, ebx
0072ff1c   jmp     loc_72ff20
0072ff1c
0072ff1c ; ---------------------------------------------------------
0072ff1c
0072ff1e loc_72ff1e:
0072ff1e   mov     bl, 1
0072ff1c
0072ff20 loc_72ff20:
0072ff20   test    bl, bl
0072ff22   jz      loc_72ff30
0072ff22
0072ff24   or      esi, $100
0072ff2a   or      esi, $8000
0072ff24
0072ff30 loc_72ff30:
0072ff30   push    esi
0072ff31   push    $160
0072ff36   lea     eax, [ebp-$169]
0072ff3c   push    eax
0072ff3d   mov     eax, [ebp-4]
0072ff40   call    -$326e15 ($409130)     ; segment%0.public%391 (PCMAV.exe)
0072ff40
0072ff45   mov     edi, eax
0072ff47   push    edi
0072ff48   call    -$31dead ($4120a0)     ; segment%4.public%833 (PCMAV.exe)
0072ff48
0072ff4d   push    eax
0072ff4e   push    edi
0072ff4f   call    -$2f2fa8 ($43cfac)     ; segment%19.public%2079 (PCMAV.exe)
0072ff4f
0072ff54   mov     esi, eax
0072ff56   test    esi, esi
0072ff58   jnz     loc_72ff5e
0072ff58
0072ff5a   xor     ebx, ebx
0072ff5c   jmp     loc_72ff7b
0072ff5c
0072ff5c ; ---------------------------------------------------------
0072ff5c
0072ff5e loc_72ff5e:
0072ff5e   test    bl, bl
0072ff60   jz      loc_72ff6a
0072ff60
0072ff62   mov     ebx, [ebp-$169]
0072ff68   jmp     loc_72ff7b
0072ff68
0072ff68 ; ---------------------------------------------------------
0072ff68
0072ff6a loc_72ff6a:
0072ff6a   push    0
0072ff6c   mov     eax, [ebp-$165]
0072ff72   push    eax
0072ff73   push    esi
0072ff74   call    -$2f3895 ($43c6e4)     ; segment%18.public%2038 (PCMAV.exe)
0072ff74
0072ff79   mov     ebx, eax
0072ff74
0072ff7b loc_72ff7b:
0072ff7b   xor     eax, eax
0072ff7d   pop     edx
0072ff7e   pop     ecx
0072ff7f   pop     ecx
0072ff80   mov     fs:[eax], edx
0072ff83   push    $72ffad
0072ff80
0072ff88 loc_72ff88:
0072ff88   lea     eax, [ebp-$174]
0072ff8e   mov     edx, 2
0072ff93   call    -$3278c4 ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
0072ff93
0072ff98   lea     eax, [ebp-8]
0072ff9b   mov     edx, 2
0072ffa0   call    -$3278a1 ($408704)     ; segment%0.public%338 (PCMAV.exe)
0072ffa0
0072ffa5   ret
0072ffa5
0072ffa5 ; ---------------------------------------------------------
0072ffa5
0072ffa6   jmp     -$3283fb ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
0072ffa6
0072ffab   jmp     loc_72ff88
0072ffab
0072ffab ; ---------------------------------------------------------
0072ffab
0072ffad   mov     eax, ebx
0072ffaf   pop     edi
0072ffb0   pop     esi
0072ffb1   pop     ebx
0072ffb2   mov     esp, ebp
0072ffb4   pop     ebp
0072ffb5   ret

date/time         : 2012-03-27, 05:31:27, 593ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 12 minutes 10 seconds
program up time   : 45 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 239/958 MB (free/total)
free disk space   : (C:) 8.78 GB
display mode      : 1024x768, 32 bit
process id        : $440
allocated memory  : 26.73 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $ac5f7785, $db69d903, $db69d903
exception number  : 1
exception class   : EInvalidPointer
exception message : Invalid pointer operation.

main thread ($6f8):
004068e1 +011 PCMAV.exe  segment%0   public%223
00406f7a +002 PCMAV.exe  segment%0   public%260
007a183b +01f PCMAV.exe  segment%152 public%17632
00406924 +008 PCMAV.exe  segment%0   public%227
007a321e +02e PCMAV.exe  segment%154 public%17651
00406924 +008 PCMAV.exe  segment%0   public%227
007a39c6 +00e PCMAV.exe  segment%155 public%17658
00406924 +008 PCMAV.exe  segment%0   public%227
008dbd71 +0cd PCMAV.exe  segment%265 public%20726
008d518a +01e PCMAV.exe  segment%265 public%20623
005a23a5 +055 PCMAV.exe  segment%79  public%9701
005a22cd +021 PCMAV.exe  segment%79  public%9700
008da48b +007 PCMAV.exe  segment%265 public%20682
0058ecaf +0a7 PCMAV.exe  segment%77  public%9314
005902b3 +013 PCMAV.exe  segment%77  public%9377
00591546 +082 PCMAV.exe  segment%77  public%9426
00591495 +01d PCMAV.exe  segment%77  public%9425
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
007825aa +19a PCMAV.exe  segment%149 public%17411
008c9ce4 +218 PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008da986 +15e PCMAV.exe  segment%265 public%20693
004fd7f3 +06f PCMAV.exe  segment%62  public%6006
00517c2a +01e PCMAV.exe  segment%63  public%6738
005cd828 +068 PCMAV.exe  segment%83  public%10707
00518718 +010 PCMAV.exe  segment%63  public%6770
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
004fcebc +024 PCMAV.exe  segment%62  public%5992
00501d33 +023 PCMAV.exe  segment%62  public%6160
005027bf +00b PCMAV.exe  segment%62  public%6168
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e4292de +044 USER32.dll             SendMessageW
7e42a034 +016 USER32.dll             CallWindowProcW
00501ce0 +0d8 PCMAV.exe  segment%62  public%6159
004fdc48 +010 PCMAV.exe  segment%62  public%6023
004fdbb2 +07e PCMAV.exe  segment%62  public%6020
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a71a6 +00a PCMAV.exe  segment%79  public%9878
005a74d9 +0c9 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $a48:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $468:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($6f8) at:
02d116e9 +00 IDMShellExt.dll

thread $ec0 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6f8) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $940:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6f8) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $900:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($6f8) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $77c:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($6f8) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $aa4:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($6f8) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $ab4:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($6f8) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $568 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($6f8) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $61c:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $254:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $4c0:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $b44:
7c90df48 +0a ntdll.dll               NtWaitForMultipleObjects
7c80958a +00 kernel32.dll            WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6f8) at:
77a8a083 +00 CRYPT32.dll

thread $da8:
7c90df48 +00a ntdll.dll               NtWaitForMultipleObjects
7c80958a +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a110 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6f8) at:
769c887a +273 Userenv.dll             RegisterGPNotification

thread $584:
7c90da48 +0a ntdll.dll               NtRemoveIoCompletion
7c80a7e0 +23 kernel32.dll            GetQueuedCompletionStatus
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6f8) at:
77e7d10d +00 RPCRT4.dll

processes:
000 Idle                         0   0
004 System                       0   0   normal
130 smss.exe                     0   0   normal       C:\WINDOWS\system32
268 csrss.exe                    61  60  normal       C:\WINDOWS\system32
284 winlogon.exe                 51  14  high         C:\WINDOWS\system32
2b0 services.exe                 4   2   normal       C:\WINDOWS\system32
2bc lsass.exe                    4   3   normal       C:\WINDOWS\system32
3a4 svchost.exe                  4   1   normal       C:\WINDOWS\system32
694 svchost.exe                  4   1   normal       C:\WINDOWS\system32
0d4 MsMpEng.exe                  4   2   normal       C:\Program Files\Microsoft Security Client\Antimalware
0f8 svchost.exe                  11  32  normal       C:\WINDOWS\System32
3fc svchost.exe                  4   1   normal       C:\WINDOWS\system32
560 svchost.exe                  4   2   normal       C:\WINDOWS\system32
644 spoolsv.exe                  4   4   normal       C:\WINDOWS\system32
79c Explorer.EXE                 275 208 normal       C:\WINDOWS
1b4 egui.exe                     187 59  normal       C:\Program Files\ESET\ESET Smart Security
1bc VTTimer.exe                  15  5   normal       C:\WINDOWS\system32
1c4 VTtrayp.exe                  22  5   normal       C:\WINDOWS\system32
1dc SOUNDMAN.EXE                 21  8   normal       C:\WINDOWS
1e8 IDMan.exe                    107 65  normal       C:\Program Files\Internet Download Manager
208 alg.exe                      4   2   normal       C:\WINDOWS\System32
210 xwidget.exe                  97  96  normal       C:\Program Files\XWidget
224 ctfmon.exe                   79  37  normal       C:\WINDOWS\system32
258 ekrn.exe                     11  13  normal       C:\Program Files\ESET\ESET Smart Security
084 WinSnap.exe                  54  69  normal       C:\Program Files\WinSnap
3e0 Skype.exe                    218 135 normal       C:\Program Files\Skype\Phone
3e4 svchost.exe                  4   1   normal       C:\WINDOWS\System32
270 taskmgr.exe                  108 123 high         C:\WINDOWS\system32
4e4 TuneUpUtilitiesService32.exe 4   6   normal       C:\Program Files\TuneUp Utilities 2012
82c wuauclt.exe                  4   5   normal       C:\WINDOWS\system32
9f0 wscntfy.exe                  26  10  normal       C:\WINDOWS\system32
d1c TuneUpUtilitiesApp32.exe     217 102 normal       C:\Program Files\TuneUp Utilities 2012
a74 chrome.exe                   83  55  normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
228 firefox.exe                  323 58  normal       C:\Program Files\Mozilla Firefox
cdc chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
ce8 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
ce4 chrome.exe                   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
4f0 chrome.exe                   51  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
854 DllHost.exe                  8   4   normal       C:\WINDOWS\system32
440 PCMAV.exe                    220 97  normal       C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview

disassembling:
004068d0 public segment%0.public%223 (PCMAV.exe):  ; function entry point
004068d0   push    ebx
004068d1   mov     ebx, eax
004068d3   mov     eax, ebx
004068d5   call    +$a6 ($406980)         ; segment%0.public%229 (PCMAV.exe)
004068d5
004068da   mov     eax, ebx
004068dc   call    -$22bd ($404624)       ; segment%0.public%119 (PCMAV.exe)
004068dc
004068e1 > pop     ebx
004068e2   ret

Last edited by indraramadhan094 (27-03-2012 05:37:51)

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**hari** · 27-03-2012 00:50:06

hari
Senior Member
Offline

Registered: 03-04-2010
Posts: 320
User Karma: 25

Re: PC Media Predator Technical Preview

Terima kasih pada para pengembang PCMAV atas kerja kerasnya membuat Predator

Saya coba di Virtual Box dengan XP SP3 + 256 MB RAM; tanpa AV selain Predator.
Mungkin itu sebabnya saya tidak mendapat pesan bug dari MadExcept

Saya mau berkomentar dan memberi usul; mudah2an bisa dipertimbangkan
1. Tentang tab Protection

Karena ini fungsinya adalah pengaturan perlindungan; maka saya usul agar ada tombol OK/Apply dan Cancel. Jika ditekan tombol OK maka checkmark yang sudah dipilih/diubah pengguna akan disimpan. Sedangkan bila ditekan tombol Cancel; akan dibatalkan.
Pertimbangannya adalah jangan sampai pengguna tidak sadar bahwa meng-utak/atik atau menekan checkmark akan mengubah/menyimpan pengaturan.

2. Tentang tab Setup

Karena ini fungsinya adalah pengaturan setup; maka saya usul agar ada tombol OK/Apply dan Cancel. Jika ditekan tombol OK maka checkmark yang sudah dipilih/diubah pengguna akan disimpan. Sedangkan bila ditekan tombol Cancel; akan dibatalkan.
Pertimbangannya adalah jangan sampai pengguna tidak sadar bahwa meng-utak/atik atau menekan checkmark akan mengubah/menyimpan pengaturan.

3. Tentang menu di system tray

Menurut saya penempatan menu Log files dan Quarantine tidak tepat karena membuat menu semakin panjang/besar padahal belum tentu pengguna membutuhkan akses cepat ke menu2 tersebut. Lebih baik dihapus saja agar bisa digunakan untuk akses cepat ke fitur yang lain. Apabila pengguna perlu melihat Log atau Quarantine; mereka bisa masuk melalui tampilan utama.

4. Tentang Information di tab Scanner

Saya usul agar ada informasi yang lebih rinci pada pengguna apabila memang ClamAV sudah berhasil terintegrasi dengan baik. Jadi jangan hanya jumlah Virus Signaturenya ditambah database ClamAV (seperti yang ada di Asgard). Alangkah baiknya kalau ada pesan spt "ClamAV successfully integrated"

Last edited by hari (27-03-2012 00:53:01)

**Rahman** · 27-03-2012 05:54:15

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

kpd Yth Pengembang PCMAV Predator..

- PCMAV terbaru kali ini yg diuji cobakan blm lbh baik dari asgard, smga di rilis finalnya nanti ada perubahan yg signifikan;
1. PCMAV Predator technical Preview terlalu banyk memakan memory saat proses Scanning hingga mencapai 51.745K, hal ini sangat memberatkan system.
2. buat saya sbgai pelanggan PC Media 3 th belakngan ini, UI buat saya no.2 tapi kestabilan PC saat penggunaan PCMAV harus jd prioritas utama.
3. Extension manager yg saya anggp penting, tidak ada lagi di PCMAV predator contoh attribut Fixer dll.
4. Pengintegrasian PCMAV n clamav sangat memberatkan system/penggunaan memory yg cukup besar
5. Aplikasi tidak berjalan Stabil, system pun demikian.
6. Automatic Scan sy blm mengerti dengan cara kerjanya bagaimana dipredator ini
7. Proses Scan tersendat-sendat, lebih cepat dan stabil di PCMAV asgard
8. Apakah Proses Scan dapat ditingkatkan lagi??
- saat mencentang Scan archive, scan hidden file dll.

kalau bug ini belum bisa ditutupi sebelum final rilisnya, saya request PCMAV asgard saja agar updatenya terus berjalan
tapi saya mendoakan Tim PCMAV agar dapat memaksimalkan Kerja dari PCMAV Predator.

Last edited by Rahman (27-03-2012 05:59:13)

**anjing_hitam** · 27-03-2012 09:40:15

anjing_hitam
Trial Member
Offline

Registered: 09-04-2010
Posts: 18
User Karma: 1

Re: PC Media Predator Technical Preview

Selamat jam segini ....

pertama-tama saya ucapkan selamat atas munculnya PC Media Predator untuk diuji cobakan. Ini adalah hasil kerja keras para pengembang yang patut kita banggakan.

selanjutnya saya laporkan hasil uji coba di mesin saya.

setelah file predator saya extract tidak lama berselang mse ribut :

peringatan ini saya abaikan / klik close. kemudian saya double klik pada file pcmav.exe, system menampilkan pesan :

ini adalah versi dari mse dan os yang terinstall di mesin saya :

selang beberapa lama mse mengeksekusi file pcmav.exe (delete).
demikian laporan, semoga menjadi masukan bagi tim pengembang predator.

salam

**fajar.anggiawan** · 27-03-2012 10:38:12

fajar.anggiawan
Super ModeratoЯ
Offline

Registered: 02-04-2010
Posts: 442
User Karma: 18

Re: PC Media Predator Technical Preview

indraramadhan094 wrote:

Lalu file yang di scan ini2 juga. Mentok sampai objeck ini aja, bingung mau lihat nama file apa yang di scan

Proses scan masih berlangsung sehingga silahkan ditunggu saja. Kami masih mencoba mengoptimisasi kecepatan proses scan.

indraramadhan094 wrote:

Lalu Program tak dapat dibuka, sebagai contoh notepad. sampai PCMAV Exit, process menggantung dan Program2 dapat dibuka setelah PCMAV Exit.

Hal ini terjadi di Windows XP? Apakah selalu terjadi? Jika Anda menjalankan Predator dan membiarkannya hingga muncul popup Predator, apakah hal ini masih terjadi?

indraramadhan094 wrote:

Lalu ketika klik tray ketika main loading PCMAV, Ada 3 tulisan tray yg hilang.

Ya, karena program masih loading.

indraramadhan094 wrote:

Ketika PCMAV di exit, muncul MadExcept tetapi tidak menampilkan Log Bug Repot.

Saat ini, konfigurasi tersebut yang digunakan.

indraramadhan094 wrote:

Ketika Loading Database, saya pilih Quick Scan.

Memang saat ini menu Quick Scan belum bisa digunakan jika loading database masih berlangsung.

Rahman wrote:

BUG PCMAV Predator Tekhnical Preview, tolong diperbaiki:
saat memulai SCANING MUNCUL pesan Pcmav.exe error

Dari laporan error, ada kode yang tidak kompatibel dengan sistem operasi yang digunakan sehingga akan menimbulkan error. Sementara hilangkan centang pada Scan memory agar Anda tidak mendapatkan error.

Terima kasih semuanya untuk laporan/respon terhadap PC Media Predator.

**Rahman** · 27-03-2012 11:07:06

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

Mas Fajar fitur Attribut fixernya (fitur yg dapat memunculkan file yang dihidden oleh virus) kalau bisa dimasukan juga di Predator biar makin lengkap nih Antivirus..
_ pcmav sering not responding saat dipakai dan saat klik icon di sistem tray lambat muncul tampilannya.
_penggunaan memory pada PCMAV predator ini sangat besar apalgi ditambah engine CLAMAV, berbeda dengan PCMAV generasi sebelumnya yg cukup ringan.. Apakah masih bisa di optimisasi penggunaan mEMORY PCMAVPredator di PC agar tidak memberatkan system??

Last edited by Rahman (27-03-2012 11:15:21)

**fajar.anggiawan** · 27-03-2012 11:32:49

fajar.anggiawan
Super ModeratoЯ
Offline

Registered: 02-04-2010
Posts: 442
User Karma: 18

Re: PC Media Predator Technical Preview

Rahman wrote:

Mas Fajar fitur Attribut fixernya (fitur yg dapat memunculkan file yang dihidden oleh virus) kalau bisa dimasukan juga di Predator biar makin lengkap nih Antivirus..
_ pcmav sering not responding saat dipakai dan saat klik icon di sistem tray lambat muncul tampilannya.
_penggunaan memory pada PCMAV predator ini sangat besar apalgi ditambah engine CLAMAV, berbeda dengan PCMAV generasi sebelumnya yg cukup ringan.. Apakah masih bisa di optimisasi penggunaan mEMORY PCMAVPredator di PC agar tidak memberatkan system??

Jika dibandingkan, terutama pada Windows XP, penggunaan virtual memory Predator lebih sedikit dibandingkan PCMAV sebelumnya. Anda juga bisa mengurangi jumlah Maximum threads di tab Setup-Scanner.

**Rahman** · 27-03-2012 12:31:41

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

fajar.anggiawan wrote:

Rahman wrote:
Mas Fajar fitur Attribut fixernya (fitur yg dapat memunculkan file yang dihidden oleh virus) kalau bisa dimasukan juga di Predator biar makin lengkap nih Antivirus..
_ pcmav sering not responding saat dipakai dan saat klik icon di sistem tray lambat muncul tampilannya.
_penggunaan memory pada PCMAV predator ini sangat besar apalgi ditambah engine CLAMAV, berbeda dengan PCMAV generasi sebelumnya yg cukup ringan.. Apakah masih bisa di optimisasi penggunaan mEMORY PCMAVPredator di PC agar tidak memberatkan system??
Jika dibandingkan, terutama pada Windows XP, penggunaan virtual memory Predator lebih sedikit dibandingkan PCMAV sebelumnya. Anda juga bisa mengurangi jumlah Maximum threads di tab Setup-Scanner.

- oh begitu ya, tapi saya pakai Windows 7 ultimate build 7600. apkh tdk bisa dioptimisasi agar sama penggunaan virtual memory di win XP dan win 7.
- satu lagi nih mas fajar blm di jwb, apkh fitur semcam attribut fixer yg memunculkan file yg di hidden virus akan di dimasukan jg di Predator?? soalnya fitur satu itu sangat berguna mas fajar.
- Proses cure file di predator belum berjalan dengan baik, proses curenya harus centang satu persatu, mesti mendapat penanganan lagi tuh Mas fajar, agar walaupn banyk malware yg di cure prosesnya langsung jalan.
- Tampilan alert yang muncul terlalu besar mas fajar, dibuat simple aja yg ukurannya agk kecil/ atau setengahnya dari tampilan yang skrng.
- PCMAV restart sendiri saat proses scan berlngsung, hal ini perlu mendapat antisipasi dari Tim PCMAV krna skrng malwarenya sdh canggih shngga bisa langsung menginfeksi sistem, bgmna system tetap terjaga apabila PCMAV EXIT sendiri dan restart ulang?? Self defense Predator kalau bisa di tingkatkan lagi.
-di windows 7 nih Mas fajar perlu diperhatikan krna byk skli maslh yg muncul, banyk aplikasi yg tidak dapat berjalan, system ngadat-ngadat saat predator aktif

Last edited by Rahman (27-03-2012 17:56:29)

**indraramadhan094** · 27-03-2012 18:30:35

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

fajar.anggiawan wrote:

indraramadhan094 wrote:
Lalu file yang di scan ini2 juga. Mentok sampai objeck ini aja, bingung mau lihat nama file apa yang di scan
Proses scan masih berlangsung sehingga silahkan ditunggu saja. Kami masih mencoba mengoptimisasi kecepatan proses scan.

Agak lama Saya menunggu, bahkan menyebabkan Not Responding. Kadang Normal Lagi dan Muncul Not Responding. Akhirnya saya paksa process Scannya dengan Exit pada tray PCMAV. Akhirnya Process Scan Berhenti tetapi Program PCMAV tidak Exit. Sampai saat ini Klo Scanning Memory pasti gak berhenti, harus di paksa.

fajar.anggiawan wrote:

indraramadhan094 wrote:
Lalu Program tak dapat dibuka, sebagai contoh notepad. sampai PCMAV Exit, process menggantung dan Program2 dapat dibuka setelah PCMAV Exit.
Hal ini terjadi di Windows XP? Apakah selalu terjadi? Jika Anda menjalankan Predator dan membiarkannya hingga muncul popup Predator, apakah hal ini masih terjadi?

Hal ini terjadi di Windows XP, dan Muncul masalah ini ketika baru menggunakan PCMAV. Tapi hal ini tidak terjadi lagi ketika tulisan ini saya buat. Sepertinya ada bentrok dengan PCMAV Real Time Protection dengan Program lain. Soalnya ketika Ingin mengaktifkan RTP PCMAV, Program langsung tidak terbuka, setelah Disable RTP baru bisa program lagi. Soalnya RTP PCMAV dalam tidak aktif ketika dibuka. Program apa yang bentrok saya tidak tau, mungkin bisa lihat dari Daftar Process yang ada di Log Bug Report.

-Update-
Ketika saya Meng-Terminate Explorer.exe dan Mengaktifkan RTP PCMAV, Explorer seperti nyangkut di memory dan tidak berjalan dengan semestinya.

fajar.anggiawan wrote:

indraramadhan094 wrote:
Lalu ketika klik tray ketika main loading PCMAV, Ada 3 tulisan tray yg hilang.
Ya, karena program masih loading.

Di Fix Mas Fajar, Biar Gak muncul Lagi errornya.

fajar.anggiawan wrote:

indraramadhan094 wrote:
Ketika PCMAV di exit, muncul MadExcept tetapi tidak menampilkan Log Bug Repot.
Saat ini, konfigurasi tersebut yang digunakan.

Sepertinya jika saya membuat MadExcept memberikan notifikasi crash, dan file bugreport telah ada di Folder PCMAV... Saya tidak melihat ada perubahan Log. Inginnya, Log yang baru ditambahkan otomatis ke file bugreport.txt

fajar.anggiawan wrote:

indraramadhan094 wrote:
Ketika Loading Database, saya pilih Quick Scan.
Memang saat ini menu Quick Scan belum bisa digunakan jika loading database masih berlangsung.

Di Fix Mas Fajar, Biar Gak muncul Lagi errornya.

Last edited by indraramadhan094 (28-03-2012 20:07:48)

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**hari** · 27-03-2012 18:32:00

hari
Senior Member
Offline

Registered: 03-04-2010
Posts: 320
User Karma: 25

Re: PC Media Predator Technical Preview

fajar.anggiawan wrote:

Jika dibandingkan, terutama pada Windows XP, penggunaan virtual memory Predator lebih sedikit dibandingkan PCMAV sebelumnya. Anda juga bisa mengurangi jumlah Maximum threads di tab Setup-Scanner.

Baru periksa Private Working Set dengan Process Hacker

Ternyata benar

Begitu juga saat full scan drive C

Hebat

Sekalian mau tanya : kenapa setiap kali start-up windows ada pesan seperti ini ?

Last edited by hari (27-03-2012 19:03:00)

**Fandy** · 27-03-2012 19:23:16

Fandy
Trial Member
Offline

From: Bandung
Registered: 15-12-2011
Posts: 47
User Karma: 1

Re: PC Media Predator Technical Preview

Tim PC Media, UI PCMAV predator diganti dong. UI ini sih nggk menarik dan tidak sebagus fitur di dalamnya. fitur OK tapi UI ngk menarik, coba deh masa dari banyk Tim PCMAV ngk bisa buat desain yg berbeda dengan PCMAV sebelumnya biar tidak membosankan...
REQUEST FITUR:
1. REGISTRY FIXER
2. ATTRIBUT FIXER
- DI bandung lagi banyk menyebar virus yang menyembunyikan file (hidden) jadi kalau benar2 PCMAV Predator User friendly, buatin dong. biar nggk pakai sma**v lagi, karena hanya Sma**v yg bs lakukan itu,

- Scanning kalah cepat ma PCMAV Asgard yang stabil, Predator buat Crash sebagian program dan windows 7

Last edited by Fandy (27-03-2012 19:33:37)

**indraramadhan094** · 28-03-2012 20:07:15

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

date/time         : 2012-03-27, 18:57:59, 453ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 2 hours 37 minutes
program up time   : 25 minutes 29 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 329/958 MB (free/total)
free disk space   : (C:) 8.84 GB
display mode      : 1024x768, 32 bit
process id        : $37c
allocated memory  : 27.70 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $89047951, $26f85344, $26f85344
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 007A47CF in module 'PCMAV.exe'. Read of address 00000000.

main thread ($af0):
007a47cf +043 PCMAV.exe  segment%155 public%17674
007a5cdd +2d1 PCMAV.exe  segment%155 public%17677
008ca119 +64d PCMAV.exe  segment%261 public%20545
008ca7c7 +0eb PCMAV.exe  segment%261 public%20547
00483521 +12d PCMAV.exe  segment%30  public%3629
005a690a +76e PCMAV.exe  segment%79  public%9859
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a718e +00a PCMAV.exe  segment%79  public%9877
008da986 +15e PCMAV.exe  segment%265 public%20693
004fd7f3 +06f PCMAV.exe  segment%62  public%6006
00517c2a +01e PCMAV.exe  segment%63  public%6738
005cd828 +068 PCMAV.exe  segment%83  public%10707
00518718 +010 PCMAV.exe  segment%63  public%6770
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
004fcebc +024 PCMAV.exe  segment%62  public%5992
00501d33 +023 PCMAV.exe  segment%62  public%6160
005027bf +00b PCMAV.exe  segment%62  public%6168
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e4292de +044 USER32.dll             SendMessageW
7e42a034 +016 USER32.dll             CallWindowProcW
00501ce0 +0d8 PCMAV.exe  segment%62  public%6159
004fdc48 +010 PCMAV.exe  segment%62  public%6023
004fdbb2 +07e PCMAV.exe  segment%62  public%6020
004fd298 +2d4 PCMAV.exe  segment%62  public%5999
00501be3 +5b3 PCMAV.exe  segment%62  public%6158
005178f4 +06c PCMAV.exe  segment%63  public%6726
00501238 +02c PCMAV.exe  segment%62  public%6153
0048668c +014 PCMAV.exe  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.exe  segment%79  public%9876
005a71a6 +00a PCMAV.exe  segment%79  public%9878
005a74d9 +0c9 PCMAV.exe  segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe  segment%393 public%20885

thread $d60:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe       segment%36 public%4584
004bc40f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($af0) at:
02d116e9 +00 IDMShellExt.dll

thread $da8 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($af0) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $b9c:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($af0) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $2f4:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($af0) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $bf0:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($af0) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $e8c:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($af0) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $14c:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($af0) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $d90 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($af0) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $bc4:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $b70:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $bb4:
7c90df48 +00a ntdll.dll               NtWaitForMultipleObjects
7c80958a +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a110 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by main thread ($af0) at:
769c887a +273 Userenv.dll             RegisterGPNotification

thread $6c0:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($af0) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $a48:
7c90df48 +0a ntdll.dll               NtWaitForMultipleObjects
7c80958a +00 kernel32.dll            WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by thread $b88 at:
77e062d0 +00 ADVAPI32.dll

thread $190:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $c98:
7c90df48 +0a ntdll.dll               NtWaitForMultipleObjects
7c80958a +00 kernel32.dll            WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by thread $f64 at:
77a8a083 +00 CRYPT32.dll

thread $ca0:
>> stack not accessible

processes:
000 Idle         0   0
004 System       0   0   normal
180 smss.exe     0   0   normal       C:\WINDOWS\system32
268 csrss.exe    62  65  normal       C:\WINDOWS\system32
284 winlogon.exe 51  14  high         C:\WINDOWS\system32
2b0 services.exe 4   2   normal       C:\WINDOWS\system32
2bc lsass.exe    4   1   normal       C:\WINDOWS\system32
3a0 svchost.exe  4   1   normal       C:\WINDOWS\system32
68c svchost.exe  4   1   normal       C:\WINDOWS\system32
0f0 svchost.exe  11  27  normal       C:\WINDOWS\System32
3b4 svchost.exe  4   1   normal       C:\WINDOWS\system32
4f8 svchost.exe  4   6   normal       C:\WINDOWS\system32
608 spoolsv.exe  4   4   normal       C:\WINDOWS\system32
788 Explorer.EXE 392 338 normal       C:\WINDOWS
1a8 egui.exe     191 59  normal       C:\Program Files\ESET\ESET Smart Security
1ac taskmgr.exe  111 125 high         C:\WINDOWS\system32
1cc VTTimer.exe  15  5   normal       C:\WINDOWS\system32
1e8 VTtrayp.exe  26  5   normal       C:\WINDOWS\system32
1f4 SOUNDMAN.EXE 21  8   normal       C:\WINDOWS
200 IDMan.exe    105 62  normal       C:\Program Files\Internet Download Manager
24c xwidget.exe  98  96  normal       C:\Program Files\XWidget
254 ctfmon.exe   111 53  normal       C:\WINDOWS\system32
300 WinSnap.exe  54  69  normal       C:\Program Files\WinSnap
3d8 alg.exe      4   2   normal       C:\WINDOWS\System32
420 ekrn.exe     11  12  normal       C:\Program Files\ESET\ESET Smart Security
484 svchost.exe  4   1   normal       C:\WINDOWS\System32
b38 wscntfy.exe  29  11  normal       C:\WINDOWS\system32
214 MsMpEng.exe  4   2   normal       C:\Program Files\Microsoft Security Client\Antimalware
260 DllHost.exe  8   3   normal       C:\WINDOWS\system32
798 ping.exe     4   1   normal       C:\WINDOWS\system32
770 firefox.exe  532 63  normal       C:\Program Files\Mozilla Firefox
b6c notepad.exe  15  5   normal       C:\WINDOWS\system32
37c PCMAV.exe    218 105 normal       C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview
138 notepad.exe  31  21  normal       C:\WINDOWS\system32
d7c mspaint.exe  90  65  normal       C:\WINDOWS\system32
fac svchost.exe  4   3   normal       C:\WINDOWS\system32
a6c chrome.exe   93  69  normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
e90 chrome.exe   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
ba4 chrome.exe   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
5ac chrome.exe   9   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
dd0 chrome.exe   34  1   below normal C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
b30 Rundll32.exe 14  4   normal       C:\WINDOWS\system32
5f4 notepad.exe  15  5   normal       C:\WINDOWS\system32
7a0 chrome.exe   4   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application
c20 chrome.exe   8   1   normal       C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application

disassembling:
007a478c public segment%155.public%17674 (PCMAV.exe):  ; function entry point
007a478c   push    ebp
007a478d   mov     ebp, esp
007a478f   push    ecx
007a4790   mov     ecx, 4
007a478f
007a4795 loc_7a4795:
007a4795   push    0
007a4797   push    0
007a4799   dec     ecx
007a479a   jnz     loc_7a4795
007a479a
007a479c   xchg    ecx, [ebp-4]
007a479f   push    ebx
007a47a0   push    esi
007a47a1   push    edi
007a47a2   mov     [ebp-$10], ecx
007a47a5   mov     [ebp-4], edx
007a47a8   mov     esi, eax
007a47aa   mov     eax, [ebp-4]
007a47ad   call    -$39c05a ($408758)     ; segment%0.public%340 (PCMAV.exe)
007a47ad
007a47b2   xor     eax, eax
007a47b4   push    ebp
007a47b5   push    $7a486f                ; segment%0.public%300 (PCMAV.exe)
007a47ba   push    dword ptr fs:[eax]
007a47bd   mov     fs:[eax], esp
007a47c0   mov     byte ptr [ebp-$11], 0
007a47c4   mov     eax, [ebp-$10]
007a47c7   call    -$39c158 ($408674)     ; segment%0.public%334 (PCMAV.exe)
007a47c7
007a47cc   mov     eax, [esi+4]
007a47cf > mov     edx, [eax]
007a47d1   call    dword ptr [edx+$14]
007a47d1
007a47d4   test    eax, eax
007a47d6   jle     loc_7a4847
007a47d6
007a47d8   mov     eax, [esi+4]
007a47db   mov     edx, [eax]
007a47dd   call    dword ptr [edx+$14]
007a47dd
007a47e0   mov     ebx, eax
007a47e2   dec     ebx
007a47e3   test    ebx, ebx
007a47e5   jl      loc_7a4847
007a47e5
007a47e7   inc     ebx
007a47e8   mov     dword ptr [ebp-$18], 0
007a47e7
007a47ef loc_7a47ef:
007a47ef   lea     ecx, [ebp-$1c]
007a47f2   mov     edx, [ebp-$18]
007a47f5   mov     eax, [esi+4]
007a47f8   mov     edi, [eax]
007a47fa   call    dword ptr [edi+$c]
007a47fa
007a47fd   mov     eax, [ebp-$1c]
007a4800   lea     ecx, [ebp-8]
007a4803   lea     edx, [ebp-$c]
007a4806   call    -$14f ($7a46bc)        ; segment%155.public%17673 (PCMAV.exe)
007a4806
007a480b   lea     edx, [ebp-$20]
007a480e   mov     eax, [ebp-4]
007a4811   call    -$35780e ($44d008)     ; segment%26.public%2181 (PCMAV.exe)
007a4811
007a4816   mov     eax, [ebp-$20]
007a4819   push    eax
007a481a   lea     edx, [ebp-$24]
007a481d   mov     eax, [ebp-8]
007a4820   call    -$35781d ($44d008)     ; segment%26.public%2181 (PCMAV.exe)
007a4820
007a4825   mov     edx, [ebp-$24]
007a4828   pop     eax
007a4829   call    -$39acd6 ($409b58)     ; segment%0.public%431 (PCMAV.exe)
007a4829
007a482e   jnz     loc_7a4841
007a482e
007a4830   mov     byte ptr [ebp-$11], 1
007a4834   mov     eax, [ebp-$10]
007a4837   mov     edx, [ebp-$c]
007a483a   call    -$39bdeb ($408a54)     ; segment%0.public%354 (PCMAV.exe)
007a483a
007a483f   jmp     loc_7a4847
007a483f
007a483f ; ---------------------------------------------------------
007a483f
007a4841 loc_7a4841:
007a4841   inc     dword ptr [ebp-$18]
007a4844   dec     ebx
007a4845   jnz     loc_7a47ef
007a4845
007a4847 loc_7a4847:
007a4847   xor     eax, eax
007a4849   pop     edx
007a484a   pop     ecx
007a484b   pop     ecx
007a484c   mov     fs:[eax], edx
007a484f   push    $7a4876
007a484c
007a4854 loc_7a4854:
007a4854   lea     eax, [ebp-$24]
007a4857   mov     edx, 3
007a485c   call    -$39c18d ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
007a485c
007a4861   lea     eax, [ebp-$c]
007a4864   mov     edx, 3
007a4869   call    -$39c19a ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
007a4869
007a486e   ret
007a486e
007a486e ; ---------------------------------------------------------
007a486e
007a486f   jmp     -$39ccc4 ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
007a486f
007a4874   jmp     loc_7a4854
007a4874
007a4874 ; ---------------------------------------------------------
007a4874
007a4876   movzx   eax, byte ptr [ebp-$11]
007a487a   pop     edi
007a487b   pop     esi
007a487c   pop     ebx
007a487d   mov     esp, ebp
007a487f   pop     ebp
007a4880   ret

date/time         : 2012-03-27, 21:31:49, 546ms
computer name     : INDRA
user name         : Admin <admin>
registered owner  : Indra
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 9 minutes 26 seconds
program up time   : 3 minutes 34 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 743/958 MB (free/total)
free disk space   : (C:) 11.10 GB
display mode      : 800x600, 32 bit
process id        : $470
allocated memory  : 31.69 MB
executable        : PCMAV.exe
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $747473d2, $7cc07817, $7cc07817
exception number  : 3
exception class   : EAccessViolation
exception message : Access violation at address 00402BD6 in module 'PCMAV.exe'. Write of address 7C90E401.

main thread ($464):
00402bd6 +002 PCMAV.exe    segment%0   public%76
00406924 +008 PCMAV.exe    segment%0   public%227
0053005a +00e PCMAV.exe    segment%70  public%7242
00406924 +008 PCMAV.exe    segment%0   public%227
008dbd71 +0cd PCMAV.exe    segment%265 public%20726
008d518a +01e PCMAV.exe    segment%265 public%20623
005a23a5 +055 PCMAV.exe    segment%79  public%9701
005a22cd +021 PCMAV.exe    segment%79  public%9700
008da48b +007 PCMAV.exe    segment%265 public%20682
0058ecaf +0a7 PCMAV.exe    segment%77  public%9314
005902b3 +013 PCMAV.exe    segment%77  public%9377
00591546 +082 PCMAV.exe    segment%77  public%9426
00591495 +01d PCMAV.exe    segment%77  public%9425
0048668c +014 PCMAV.exe    segment%30  public%3805
7e4196c2 +00a USER32.dll               DispatchMessageA
7c910412 +025 ntdll.dll                RtlAcquirePebLock
7c91043d +00c ntdll.dll                RtlReleasePebLock
7c80ba16 +012 kernel32.dll             UnmapViewOfFile
00406a30 +04c PCMAV.exe    segment%0   public%233
0040c57f +00f PCMAV.exe    segment%0   public%523
0040c4d4 +010 PCMAV.exe    segment%0   public%516
004a98f0 +a2c PCMAV.exe    segment%36  public%4389
004ba0d7 +05f PCMAV.exe    segment%36  public%4535
004ad0e2 +6d6 PCMAV.exe    segment%36  public%4410
7e418a0b +00a USER32.dll               DispatchMessageW
7e4274fa +0d6 USER32.dll               IsDialogMessageW
004b2b97 +193 PCMAV.exe    segment%36  public%4439
004b2e0f +1a7 PCMAV.exe    segment%36  public%4440
004b9dc9 +009 PCMAV.exe    segment%36  public%4529
004b3706 +2f2 PCMAV.exe    segment%36  public%4444
004b3d20 +27c PCMAV.exe    segment%36  public%4448
004baebe +03a PCMAV.exe    segment%36  public%4561
005914b1 +039 PCMAV.exe    segment%77  public%9425
7c90e465 +009 ntdll.dll                KiUserExceptionDispatcher
7c910412 +025 ntdll.dll                RtlAcquirePebLock
7c91043d +00c ntdll.dll                RtlReleasePebLock
00406924 +008 PCMAV.exe    segment%0   public%227
0053005a +00e PCMAV.exe    segment%70  public%7242
00406924 +008 PCMAV.exe    segment%0   public%227
008dbd71 +0cd PCMAV.exe    segment%265 public%20726
008d518a +01e PCMAV.exe    segment%265 public%20623
005a23a5 +055 PCMAV.exe    segment%79  public%9701
005a22cd +021 PCMAV.exe    segment%79  public%9700
008da48b +007 PCMAV.exe    segment%265 public%20682
0058ecaf +0a7 PCMAV.exe    segment%77  public%9314
005902b3 +013 PCMAV.exe    segment%77  public%9377
00591546 +082 PCMAV.exe    segment%77  public%9426
00591495 +01d PCMAV.exe    segment%77  public%9425
0048668c +014 PCMAV.exe    segment%30  public%3805
7e4196c2 +00a USER32.dll               DispatchMessageA
0048668c +014 PCMAV.exe    segment%30  public%3805
7e429c92 +008 USER32.dll               IsZoomed
004fcebc +024 PCMAV.exe    segment%62  public%5992
7c910412 +025 ntdll.dll                RtlAcquirePebLock
7c91043d +00c ntdll.dll                RtlReleasePebLock
7c910412 +025 ntdll.dll                RtlAcquirePebLock
7c91043d +00c ntdll.dll                RtlReleasePebLock
0040c4d4 +010 PCMAV.exe    segment%0   public%516
00406a79 +095 PCMAV.exe    segment%0   public%233
0040c57f +00f PCMAV.exe    segment%0   public%523
0040c4d4 +010 PCMAV.exe    segment%0   public%516
004a98f0 +a2c PCMAV.exe    segment%36  public%4389
004ba0d7 +05f PCMAV.exe    segment%36  public%4535
004ad0e2 +6d6 PCMAV.exe    segment%36  public%4410
005fc39d +085 PCMAV.exe    segment%92  public%11489
0054e217 +00f PCMAV.exe    segment%74  public%7938
0054e0fb +02b PCMAV.exe    segment%74  public%7933
7e418a0b +00a USER32.dll               DispatchMessageW
7e4274fa +0d6 USER32.dll               IsDialogMessageW
004b2b97 +193 PCMAV.exe    segment%36  public%4439
004b2e0f +1a7 PCMAV.exe    segment%36  public%4440
004b9dc9 +009 PCMAV.exe    segment%36  public%4529
004b3706 +2f2 PCMAV.exe    segment%36  public%4444
004b3d20 +27c PCMAV.exe    segment%36  public%4448
004baebe +03a PCMAV.exe    segment%36  public%4561
005914b1 +039 PCMAV.exe    segment%77  public%9425
7c90e465 +009 ntdll.dll                KiUserExceptionDispatcher
7c910412 +025 ntdll.dll                RtlAcquirePebLock
7c91043d +00c ntdll.dll                RtlReleasePebLock
00406924 +008 PCMAV.exe    segment%0   public%227
008dbd71 +0cd PCMAV.exe    segment%265 public%20726
008d518a +01e PCMAV.exe    segment%265 public%20623
005a23a5 +055 PCMAV.exe    segment%79  public%9701
005a22cd +021 PCMAV.exe    segment%79  public%9700
008da48b +007 PCMAV.exe    segment%265 public%20682
0058ecaf +0a7 PCMAV.exe    segment%77  public%9314
005902b3 +013 PCMAV.exe    segment%77  public%9377
00591546 +082 PCMAV.exe    segment%77  public%9426
00591495 +01d PCMAV.exe    segment%77  public%9425
0048668c +014 PCMAV.exe    segment%30  public%3805
7e4196c2 +00a USER32.dll               DispatchMessageA
7c9164ae +10b ntdll.dll                LdrLoadDll
7c910412 +025 ntdll.dll                RtlAcquirePebLock
7c91043d +00c ntdll.dll                RtlReleasePebLock
007a98d7 +053 PCMAV.exe    segment%156 public%17697
008c9de8 +31c PCMAV.exe    segment%261 public%20545
008ca7c7 +0eb PCMAV.exe    segment%261 public%20547
00483521 +12d PCMAV.exe    segment%30  public%3629
005a690a +76e PCMAV.exe    segment%79  public%9859
0048668c +014 PCMAV.exe    segment%30  public%3805
7e42a034 +016 USER32.dll               CallWindowProcW
00842a4c +034 PCMAV.exe    segment%174 public%18475
7e418a0b +00a USER32.dll               DispatchMessageW
005a7163 +0f3 PCMAV.exe    segment%79  public%9876
005a718e +00a PCMAV.exe    segment%79  public%9877
008da986 +15e PCMAV.exe    segment%265 public%20693
004fd7f3 +06f PCMAV.exe    segment%62  public%6006
00517c2a +01e PCMAV.exe    segment%63  public%6738
005cd828 +068 PCMAV.exe    segment%83  public%10707
00518718 +010 PCMAV.exe    segment%63  public%6770
004fd298 +2d4 PCMAV.exe    segment%62  public%5999
00501be3 +5b3 PCMAV.exe    segment%62  public%6158
005178f4 +06c PCMAV.exe    segment%63  public%6726
004fcebc +024 PCMAV.exe    segment%62  public%5992
00501d33 +023 PCMAV.exe    segment%62  public%6160
005027bf +00b PCMAV.exe    segment%62  public%6168
004fd298 +2d4 PCMAV.exe    segment%62  public%5999
00501be3 +5b3 PCMAV.exe    segment%62  public%6158
00501238 +02c PCMAV.exe    segment%62  public%6153
0048668c +014 PCMAV.exe    segment%30  public%3805
7e42a034 +016 USER32.dll               CallWindowProcW
00501ce0 +0d8 PCMAV.exe    segment%62  public%6159
004fdc48 +010 PCMAV.exe    segment%62  public%6023
004fd298 +2d4 PCMAV.exe    segment%62  public%5999
00501be3 +5b3 PCMAV.exe    segment%62  public%6158
005178f4 +06c PCMAV.exe    segment%63  public%6726
00501238 +02c PCMAV.exe    segment%62  public%6153
0048668c +014 PCMAV.exe    segment%30  public%3805
7e418a0b +00a USER32.dll               DispatchMessageW
005a7163 +0f3 PCMAV.exe    segment%79  public%9876
005a71a6 +00a PCMAV.exe    segment%79  public%9878
005a74d9 +0c9 PCMAV.exe    segment%79  public%9883
008eb1e4 +0d0 PCMAV.exe    segment%393 public%20885

thread $5b8 (TWorkerThread):
7c90df3a +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.exe    segment%98 public%13639
004bc4c3 +2b PCMAV.exe    segment%36 public%4586
00483662 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($464) at:
00677986 +16 PCMAV.exe    segment%98 public%13635

thread $4b0:
7c90df3a +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.exe    segment%89 public%10955
005da352 +36 PCMAV.exe    segment%89 public%10934
004bc3a5 +0d PCMAV.exe    segment%36 public%4584
004bc40f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($464) at:
005da09d +6d PCMAV.exe    segment%89 public%10932

thread $4a8:
7c90df3a +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.exe    segment%101 public%14689
005da352 +36 PCMAV.exe    segment%89  public%10934
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($464) at:
005da09d +6d PCMAV.exe    segment%89  public%10932

thread $5e0:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.exe  segment%101 public%14679
005da352 +36 PCMAV.exe  segment%89  public%10934
004bc3a5 +0d PCMAV.exe  segment%36  public%4584
004bc40f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($464) at:
005da09d +6d PCMAV.exe  segment%89  public%10932

thread $620:
7c90d9ba +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($464) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $2c0:
7c90d9ba +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
0079460b +1e7 PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($464) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $364:
7c90df3a +00a ntdll.dll                NtWaitForSingleObject
7c91b226 +087 ntdll.dll                RtlpWaitForCriticalSection
7c901041 +041 ntdll.dll                RtlEnterCriticalSection
7c912ca9 +066 ntdll.dll                LdrLockLoaderLock
7c80b49a +035 kernel32.dll             GetModuleFileNameW
00419bb8 +090 PCMAV.exe    segment%9   public%1550
0041f27b +31f PCMAV.exe    segment%10  public%1597
0041f807 +323 PCMAV.exe    segment%10  public%1598
0041fd93 +3a7 PCMAV.exe    segment%10  public%1601
0041ffad +015 PCMAV.exe    segment%10  public%1602
004bc5fd +0c1 PCMAV.exe    segment%36  public%4587
004bca15 +035 PCMAV.exe    segment%36  public%4589
7c8106e0 +019 kernel32.dll             CreateThread
00794591 +16d PCMAV.exe    segment%150 public%17583
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($464) at:
0079487f +233 PCMAV.exe    segment%150 public%17584

thread $3a0:
7c90d1fa +a ntdll.dll  NtDelayExecution

thread $4c0:
7c90da2a +a ntdll.dll  NtRemoveIoCompletion

thread $5ec:
7c90df2a +a ntdll.dll  NtWaitForMultipleObjects

thread $5dc:
7c90df3a +00a ntdll.dll               NtWaitForSingleObject
7c91b226 +087 ntdll.dll               RtlpWaitForCriticalSection
7c901041 +041 ntdll.dll               RtlEnterCriticalSection
7c9175dd +272 ntdll.dll               LdrUnloadDll
00490042 +11e PCMAV.exe    segment%36 public%3994
7c80ac82 +014 kernel32.dll            FreeLibrary
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by thread $5c4 at:
77a8a083 +000 CRYPT32.dll

thread $250:
7c90df2a +00a ntdll.dll               NtWaitForMultipleObjects
7c80956e +000 kernel32.dll            WaitForMultipleObjectsEx
7c80a100 +013 kernel32.dll            WaitForMultipleObjects
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by thread $5c4 at:
769c887a +273 Userenv.dll             RegisterGPNotification

thread $610 (TMyThreadedScanMem):
7c90df3a +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.exe    segment%26  public%2436
004557d3 +01f PCMAV.exe    segment%26  public%2443
00407779 +065 PCMAV.exe    segment%0   public%286
004077e8 +020 PCMAV.exe    segment%0   public%287
00483fab +13b PCMAV.exe    segment%30  public%3653
00484041 +029 PCMAV.exe    segment%30  public%3654
008ca843 +00b PCMAV.exe    segment%261 public%20548
004bc4c3 +02b PCMAV.exe    segment%36  public%4586
00483662 +042 PCMAV.exe    segment%30  public%3630
00408520 +028 PCMAV.exe    segment%0   public%327
004bc3a5 +00d PCMAV.exe    segment%36  public%4584
004bc40f +037 PCMAV.exe    segment%36  public%4585
>> created by main thread ($464) at:
008ca6b1 +019 PCMAV.exe    segment%261 public%20546

thread $1a0:
7c90df3a +00a ntdll.dll               NtWaitForSingleObject
7c91b226 +087 ntdll.dll               RtlpWaitForCriticalSection
7c901041 +041 ntdll.dll               RtlEnterCriticalSection
7c912ca9 +066 ntdll.dll               LdrLockLoaderLock
7c80b49a +035 kernel32.dll            GetModuleFileNameW
00419bb8 +090 PCMAV.exe    segment%9  public%1550
0041f27b +31f PCMAV.exe    segment%10 public%1597
0041f807 +323 PCMAV.exe    segment%10 public%1598
0041fd93 +3a7 PCMAV.exe    segment%10 public%1601
0041ffad +015 PCMAV.exe    segment%10 public%1602
004bc5fd +0c1 PCMAV.exe    segment%36 public%4587
004bca15 +035 PCMAV.exe    segment%36 public%4589
7c8106e0 +019 kernel32.dll            CreateThread
004bc3a5 +00d PCMAV.exe    segment%36 public%4584
004bc40f +037 PCMAV.exe    segment%36 public%4585
>> created by main thread ($464) at:
77e7df36 +000 RPCRT4.dll

thread $310 (TRunningItemThread):
7c90df2a +0a ntdll.dll                NtWaitForMultipleObjects
7c80956e +00 kernel32.dll             WaitForMultipleObjectsEx
004c35de +56 PCMAV.exe    segment%43  public%4705
004c3976 +0a PCMAV.exe    segment%43  public%4718
007ac4b6 +62 PCMAV.exe    segment%157 public%17737
004bc4c3 +2b PCMAV.exe    segment%36  public%4586
00483662 +42 PCMAV.exe    segment%30  public%3630
00408520 +28 PCMAV.exe    segment%0   public%327
004bc3a5 +0d PCMAV.exe    segment%36  public%4584
004bc40f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($464) at:
007ac3bf +23 PCMAV.exe    segment%157 public%17735

thread $1ec:
7c90df3a +0a ntdll.dll            NtWaitForSingleObject
7c91b226 +87 ntdll.dll            RtlpWaitForCriticalSection
7c901041 +41 ntdll.dll            RtlEnterCriticalSection
7c913953 +1d ntdll.dll            LdrShutdownThread
004085c1 +15 PCMAV.exe segment%0  public%329
004836bf +9f PCMAV.exe segment%30 public%3630
00408520 +28 PCMAV.exe segment%0  public%327
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585

thread $6c0 (TTaskThread):
7c90df3a +000a ntdll.dll                 NtWaitForSingleObject
7c91b226 +0087 ntdll.dll                 RtlpWaitForCriticalSection
7c901041 +0041 ntdll.dll                 RtlEnterCriticalSection
7c914a2e +1deb ntdll.dll                 LdrLockLoaderLock
7c9168cb +022a ntdll.dll                 LdrGetDllHandleEx
7c916693 +0013 ntdll.dll                 LdrGetDllHandle
7c80e4e7 +001a kernel32.dll              GetModuleHandleW
77a89d01 +012e CRYPT32.dll               CryptSIPRetrieveSubjectGuid
76c33522 +003c wintrust.dll              SoftpubLoadMessage
76c32f51 +0025 wintrust.dll              WinVerifyTrust
0346c44d +0071 pcmavcore.dll             ScanSingleFile
007ad771 +0321 PCMAV.exe     segment%157 public%17759
007acb6b +0063 PCMAV.exe     segment%157 public%17753
004bc4c3 +002b PCMAV.exe     segment%36  public%4586
00483662 +0042 PCMAV.exe     segment%30  public%3630
00408520 +0028 PCMAV.exe     segment%0   public%327
004bc3a5 +000d PCMAV.exe     segment%36  public%4584
004bc40f +0037 PCMAV.exe     segment%36  public%4585
>> created by thread $310 (TRunningItemThread) at:
007acac6 +001e PCMAV.exe     segment%157 public%17752

thread $6dc (TTaskThread):
7c90df3a +000a ntdll.dll                 NtWaitForSingleObject
7c91b226 +0087 ntdll.dll                 RtlpWaitForCriticalSection
7c901041 +0041 ntdll.dll                 RtlEnterCriticalSection
7c914a2e +1deb ntdll.dll                 LdrLockLoaderLock
7c9168cb +022a ntdll.dll                 LdrGetDllHandleEx
7c916693 +0013 ntdll.dll                 LdrGetDllHandle
7c80e4e7 +001a kernel32.dll              GetModuleHandleW
77a89d01 +012e CRYPT32.dll               CryptSIPRetrieveSubjectGuid
76c33522 +003c wintrust.dll              SoftpubLoadMessage
76c32f51 +0025 wintrust.dll              WinVerifyTrust
0346c44d +0071 pcmavcore.dll             ScanSingleFile
007ad771 +0321 PCMAV.exe     segment%157 public%17759
007acb6b +0063 PCMAV.exe     segment%157 public%17753
004bc4c3 +002b PCMAV.exe     segment%36  public%4586
00483662 +0042 PCMAV.exe     segment%30  public%3630
00408520 +0028 PCMAV.exe     segment%0   public%327
004bc3a5 +000d PCMAV.exe     segment%36  public%4584
004bc40f +0037 PCMAV.exe     segment%36  public%4585
>> created by thread $310 (TRunningItemThread) at:
007acac6 +001e PCMAV.exe     segment%157 public%17752

thread $34c (TCollectStat):
7c90df3a +0a ntdll.dll             NtWaitForSingleObject
7c91b226 +87 ntdll.dll             RtlpWaitForCriticalSection
7c901041 +41 ntdll.dll             RtlEnterCriticalSection
7c90e435 +05 ntdll.dll             KiUserApcDispatcher
>> created by main thread ($464) at:
008ce6af +43 PCMAV.exe segment%264 public%20597

thread $498 (TCollectStat):
7c90df3a +0a ntdll.dll             NtWaitForSingleObject
7c91b226 +87 ntdll.dll             RtlpWaitForCriticalSection
7c901041 +41 ntdll.dll             RtlEnterCriticalSection
7c90e435 +05 ntdll.dll             KiUserApcDispatcher
>> created by main thread ($464) at:
008ce6af +43 PCMAV.exe segment%264 public%20597

thread $76c (TRunFile):
7c90df3a +0a ntdll.dll            NtWaitForSingleObject
7c91b226 +87 ntdll.dll            RtlpWaitForCriticalSection
7c901041 +41 ntdll.dll            RtlEnterCriticalSection
7c90e435 +05 ntdll.dll            KiUserApcDispatcher
>> created by main thread ($464) at:
004836ec +18 PCMAV.exe segment%30 public%3631

processes:
000 Idle         0   0
004 System       0   0   normal
230 smss.exe     0   0   normal C:\WINDOWS.0\system32
26c csrss.exe    61  57  normal C:\WINDOWS.0\system32
284 winlogon.exe 29  8   high   C:\WINDOWS.0\system32
2b0 services.exe 4   0   normal C:\WINDOWS.0\system32
2bc lsass.exe    5   0   normal C:\WINDOWS.0\system32
354 svchost.exe  4   0   normal C:\WINDOWS.0\system32
3a4 svchost.exe  4   0   normal C:\WINDOWS.0\system32
3cc svchost.exe  4   3   normal C:\WINDOWS.0\System32
438 svchost.exe  4   0   normal C:\WINDOWS.0\system32
484 svchost.exe  4   0   normal C:\WINDOWS.0\system32
50c spoolsv.exe  4   0   normal C:\WINDOWS.0\system32
66c Explorer.EXE 287 180 normal C:\WINDOWS.0
7d4 alg.exe      4   0   normal C:\WINDOWS.0\System32
7fc wscntfy.exe  17  4   normal C:\WINDOWS.0\system32
72c WMIADAP.EXE  4   0   normal \\?\C:\WINDOWS.0\system32\WBEM
470 PCMAV.exe    238 110 normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview
41c taskmgr.exe  112 120 high   C:\WINDOWS.0\system32

disassembling:
00402bd4 public segment%0.public%76 (PCMAV.exe):  ; function entry point
00402bd4   mov     ecx, [eax]
00402bd6 > mov     [edx], ecx
00402bd8   mov     ecx, [eax+4]
00402bdb   mov     eax, [eax+8]
00402bde   mov     [edx+4], ecx
00402be1   mov     [edx+8], eax
00402be4   ret

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**Rahman** · 29-03-2012 18:02:19

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

Tim PCMAV saya mencoba dan membandingkan kecepatan Scanning yang banyk dikeluhkan dihalaman dpn virusindonesia.com
jika dibandingkan saat Scan memory di PC yang sama (sy coba secara bergantian)
PCMAV Asgard : memerlukan waktu 22 detik
PCMAV Predator Beta : memerlukan waktu 47 detik

- saat penggunaan PCMAV predator (Beta) ini PC sya menjadi tidak stabil (Windows 7), aplikasi tidak dapat berjalan, mau restart PC harus Exit PCMAV dulu karena tidak dapat berfungsi saat diklik restart dll.
- PC sering not responding begitu pun PCMAV predator sering nge-hank sendiri padahl sewaktu pakai PCMAV Asgard Fine-fine aja tuh PC.

smga hal ini dapat di perbaiki Team PCMAV agar PCMAV Predator menjadi lebih baik dari AV lokal yg pernah diproduksi Indonesia...

**indraramadhan094** · 29-03-2012 19:00:18

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

Date/time         : 2012-03-29, 18:38:43, 312ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 23 minutes 27 seconds
program up time   : 7 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 452/958 MB (free/total)
free disk space   : (C:) 6.11 GB
display mode      : 1024x768, 32 bit
process id        : $74c
allocated memory  : 15.54 MB
executable        : PCMAV.bat
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.bat.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $86e6557f, $29dc7366, $29dc7366
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 0059D8D6 in module 'PCMAV.bat'. Read of address 0000038C.

main thread ($898):
0059d8d6 +006 PCMAV.bat  segment%79  public%9581
005a27a3 +007 PCMAV.bat  segment%79  public%9706
008d5565 +075 PCMAV.bat  segment%265 public%20629
0059d671 +015 PCMAV.bat  segment%79  public%9572
005a1bf1 +0a9 PCMAV.bat  segment%79  public%9692
004fd298 +2d4 PCMAV.bat  segment%62  public%5999
00501be3 +5b3 PCMAV.bat  segment%62  public%6158
0059e072 +5f2 PCMAV.bat  segment%79  public%9586
004fcebc +024 PCMAV.bat  segment%62  public%5992
00500fe1 +10d PCMAV.bat  segment%62  public%6149
005010f0 +0bc PCMAV.bat  segment%62  public%6150
00503cae +026 PCMAV.bat  segment%62  public%6249
004fd298 +2d4 PCMAV.bat  segment%62  public%5999
0068964e +092 PCMAV.bat  segment%98  public%14040
004fd298 +2d4 PCMAV.bat  segment%62  public%5999
00501be3 +5b3 PCMAV.bat  segment%62  public%6158
0059e072 +5f2 PCMAV.bat  segment%79  public%9586
0058b0bc +03c PCMAV.bat  segment%77  public%9241
004fcebc +024 PCMAV.bat  segment%62  public%5992
004fb89a +026 PCMAV.bat  segment%62  public%5908
0059d90a +03a PCMAV.bat  segment%79  public%9581
005a27a3 +007 PCMAV.bat  segment%79  public%9706
008d9cd4 +008 PCMAV.bat  segment%265 public%20671
0058ecaf +0a7 PCMAV.bat  segment%77  public%9314
005902b3 +013 PCMAV.bat  segment%77  public%9377
00591546 +082 PCMAV.bat  segment%77  public%9426
00591495 +01d PCMAV.bat  segment%77  public%9425
0048668c +014 PCMAV.bat  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.bat  segment%79  public%9876
005a718e +00a PCMAV.bat  segment%79  public%9877
008d52ad +119 PCMAV.bat  segment%265 public%20625
00406f9d +01d PCMAV.bat  segment%0   public%261
0059ca25 +1a1 PCMAV.bat  segment%79  public%9545
005a732e +076 PCMAV.bat  segment%79  public%9882
008eb19a +086 PCMAV.bat  segment%393 public%20885

thread $fb4:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $a04:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.bat       segment%36 public%4584
004bc40f +37 PCMAV.bat       segment%36 public%4585
>> created by main thread ($898) at:
02ba16e9 +00 IDMShellExt.dll

thread $780 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.bat    segment%98 public%13639
004bc4c3 +2b PCMAV.bat    segment%36 public%4586
00483662 +42 PCMAV.bat    segment%30 public%3630
00408520 +28 PCMAV.bat    segment%0  public%327
004bc3a5 +0d PCMAV.bat    segment%36 public%4584
004bc40f +37 PCMAV.bat    segment%36 public%4585
>> created by main thread ($898) at:
00677986 +16 PCMAV.bat    segment%98 public%13635

thread $e54:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.bat    segment%101 public%14689
005da352 +36 PCMAV.bat    segment%89  public%10934
004bc3a5 +0d PCMAV.bat    segment%36  public%4584
004bc40f +37 PCMAV.bat    segment%36  public%4585
>> created by main thread ($898) at:
005da09d +6d PCMAV.bat    segment%89  public%10932

thread $488:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.bat  segment%101 public%14679
005da352 +36 PCMAV.bat  segment%89  public%10934
004bc3a5 +0d PCMAV.bat  segment%36  public%4584
004bc40f +37 PCMAV.bat  segment%36  public%4585
>> created by main thread ($898) at:
005da09d +6d PCMAV.bat  segment%89  public%10932

thread $a68:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.bat    segment%89 public%10955
005da352 +36 PCMAV.bat    segment%89 public%10934
004bc3a5 +0d PCMAV.bat    segment%36 public%4584
004bc40f +37 PCMAV.bat    segment%36 public%4585
>> created by main thread ($898) at:
005da09d +6d PCMAV.bat    segment%89 public%10932

processes:
000 Idle                         0   0
004 System                       0   0   normal
144 smss.exe                     0   0   normal C:\WINDOWS\system32
27c csrss.exe                    0   0
298 winlogon.exe                 51  14  high   C:\WINDOWS\system32
2c4 services.exe                 4   2   normal C:\WINDOWS\system32
2d0 lsass.exe                    6   4   normal C:\WINDOWS\system32
3b8 svchost.exe                  4   1   normal C:\WINDOWS\system32
6a4 svchost.exe                  0   0
0e4 MsMpEng.exe                  4   2   normal C:\Program Files\Microsoft Security Client\Antimalware
108 SbieSvc.exe                  4   1   normal C:\Program Files\Sandboxie
15c svchost.exe                  11  31  normal C:\WINDOWS\System32
1d8 svchost.exe                  0   0
4fc svchost.exe                  0   0
678 spoolsv.exe                  4   4   normal C:\WINDOWS\system32
0b8 taskmgr.exe                  111 123 high   C:\WINDOWS\system32
58c Explorer.EXE                 352 166 normal C:\WINDOWS
260 egui.exe                     199 67  normal C:\Program Files\ESET\ESET Smart Security
26c alg.exe                      0   0
284 VTTimer.exe                  15  5   normal C:\WINDOWS\system32
3c8 VTtrayp.exe                  22  5   normal C:\WINDOWS\system32
0d4 ekrn.exe                     11  11  normal C:\Program Files\ESET\ESET Smart Security
438 SOUNDMAN.EXE                 21  8   normal C:\WINDOWS
3e4 svchost.exe                  4   1   normal C:\WINDOWS\System32
47c IDMan.exe                    112 65  normal C:\Program Files\Internet Download Manager
490 xwidget.exe                  97  96  normal C:\Program Files\XWidget
494 ctfmon.exe                   97  46  normal C:\WINDOWS\system32
4a8 WinSnap.exe                  52  67  normal C:\Program Files\WinSnap
578 SbieCtrl.exe                 104 56  normal C:\Program Files\Sandboxie
784 TuneUpUtilitiesService32.exe 5   5   normal C:\Program Files\TuneUp Utilities 2012
cd0 wscntfy.exe                  32  12  normal C:\WINDOWS\system32
ea0 TuneUpUtilitiesApp32.exe     217 101 normal C:\Program Files\TuneUp Utilities 2012
560 ping.exe                     4   1   normal C:\WINDOWS\system32
e7c notepad.exe                  32  21  normal C:\WINDOWS\system32
750 mspaint.exe                  92  65  normal C:\WINDOWS\system32
f7c svchost.exe                  4   2   normal C:\WINDOWS\system32
74c PCMAV.bat                    190 83  normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview

disassembling:
0059d8d0 public segment%79.public%9581 (PCMAV.bat):  ; function entry point
0059d8d0   push    ebx
0059d8d1   push    esi
0059d8d2   mov     ebx, edx
0059d8d4   mov     esi, eax
0059d8d6 > test    byte ptr [esi+$38c], 1
0059d8dd   jz      loc_59d8f6
0059d8dd
0059d8df   test    bl, bl
0059d8e1   jz      loc_59d8ec
0059d8e1
0059d8e3   or      byte ptr [esi+$38c], 2
0059d8ea   jmp     loc_59d90f
0059d8ea
0059d8ea ; ---------------------------------------------------------
0059d8ea
0059d8ec loc_59d8ec:
0059d8ec   and     byte ptr [esi+$38c], -3
0059d8f3   pop     esi
0059d8f4   pop     ebx
0059d8f5   ret
0059d8f5
0059d8f5 ; ---------------------------------------------------------
0059d8f5
0059d8f6 loc_59d8f6:
0059d8f6   test    bl, bl
0059d8f8   jz      loc_59d906
0059d8f8
0059d8fa   cmp     bl, [esi+$61]
0059d8fd   jz      loc_59d906
0059d8fd
0059d8ff   mov     eax, esi
0059d901   call    +$1a8e ($59f394)       ; segment%79.public%9630 (PCMAV.bat)
0059d901
0059d906 loc_59d906:
0059d906   mov     edx, ebx
0059d908   mov     eax, esi
0059d90a   call    -$a209b ($4fb874)      ; segment%62.public%5908 (PCMAV.bat)
0059d90a
0059d90f loc_59d90f:
0059d90f   pop     esi
0059d910   pop     ebx
0059d911   ret

date/time         : 2012-03-29, 18:41:37, 703ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 26 minutes 21 seconds
program up time   : 4 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 453/958 MB (free/total)
free disk space   : (C:) 6.11 GB
display mode      : 1024x768, 32 bit
process id        : $aa0
allocated memory  : 15.94 MB
executable        : PCMAV.bat
exec. date/time   : 2012-03-19 13:36
version           : 7.0.61078.27766
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.bat.mad     : $0003bfbc, $34804073, $1164c539
callstack crc     : $d4bfc579, $4695bdc6, $4695bdc6
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 007A51B6 in module 'PCMAV.bat'. Read of address 0000000C.

main thread ($414):
007a51b6 +07e PCMAV.bat  segment%155 public%17676
008c9be0 +114 PCMAV.bat  segment%261 public%20545
008ca7c7 +0eb PCMAV.bat  segment%261 public%20547
00483521 +12d PCMAV.bat  segment%30  public%3629
005a690a +76e PCMAV.bat  segment%79  public%9859
0048668c +014 PCMAV.bat  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.bat  segment%79  public%9876
005a718e +00a PCMAV.bat  segment%79  public%9877
008d9f0c +15c PCMAV.bat  segment%265 public%20674
0058ecaf +0a7 PCMAV.bat  segment%77  public%9314
005902b3 +013 PCMAV.bat  segment%77  public%9377
00591546 +082 PCMAV.bat  segment%77  public%9426
00591495 +01d PCMAV.bat  segment%77  public%9425
0048668c +014 PCMAV.bat  segment%30  public%3805
7e418a0b +00a USER32.dll             DispatchMessageW
005a7163 +0f3 PCMAV.bat  segment%79  public%9876
005a718e +00a PCMAV.bat  segment%79  public%9877
008d55a6 +0b6 PCMAV.bat  segment%265 public%20629
00406f7a +002 PCMAV.bat  segment%0   public%260
004dacd6 +05a PCMAV.bat  segment%52  public%5330
00406924 +008 PCMAV.bat  segment%0   public%227
004dac74 +018 PCMAV.bat  segment%52  public%5329
004dcc41 +0bd PCMAV.bat  segment%52  public%5375
004dbcd2 +06e PCMAV.bat  segment%52  public%5344
005cbc13 +5c3 PCMAV.bat  segment%83  public%10648
004fcebc +024 PCMAV.bat  segment%62  public%5992
00500fe1 +10d PCMAV.bat  segment%62  public%6149
005010f0 +0bc PCMAV.bat  segment%62  public%6150
00503cae +026 PCMAV.bat  segment%62  public%6249
004fd298 +2d4 PCMAV.bat  segment%62  public%5999
00501be3 +5b3 PCMAV.bat  segment%62  public%6158
0059e072 +5f2 PCMAV.bat  segment%79  public%9586
004fcebc +024 PCMAV.bat  segment%62  public%5992
004fb89a +026 PCMAV.bat  segment%62  public%5908
0059d90a +03a PCMAV.bat  segment%79  public%9581
005a74c3 +0b3 PCMAV.bat  segment%79  public%9883
008eb1e4 +0d0 PCMAV.bat  segment%393 public%20885

thread $dd4:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $e0c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc3a5 +0d PCMAV.bat       segment%36 public%4584
004bc40f +37 PCMAV.bat       segment%36 public%4585
>> created by main thread ($414) at:
02ba16e9 +00 IDMShellExt.dll

thread $55c (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a91 +19 PCMAV.bat    segment%98 public%13639
004bc4c3 +2b PCMAV.bat    segment%36 public%4586
00483662 +42 PCMAV.bat    segment%30 public%3630
00408520 +28 PCMAV.bat    segment%0  public%327
004bc3a5 +0d PCMAV.bat    segment%36 public%4584
004bc40f +37 PCMAV.bat    segment%36 public%4585
>> created by main thread ($414) at:
00677986 +16 PCMAV.bat    segment%98 public%13635

thread $c84:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da78f +2f PCMAV.bat    segment%89 public%10955
005da352 +36 PCMAV.bat    segment%89 public%10934
004bc3a5 +0d PCMAV.bat    segment%36 public%4584
004bc40f +37 PCMAV.bat    segment%36 public%4585
>> created by main thread ($414) at:
005da09d +6d PCMAV.bat    segment%89 public%10932

thread $83c:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e31 +4d PCMAV.bat    segment%101 public%14689
005da352 +36 PCMAV.bat    segment%89  public%10934
004bc3a5 +0d PCMAV.bat    segment%36  public%4584
004bc40f +37 PCMAV.bat    segment%36  public%4585
>> created by main thread ($414) at:
005da09d +6d PCMAV.bat    segment%89  public%10932

thread $ec8:
7e4191ec +26 USER32.dll             GetMessageW
006b21f7 +bb PCMAV.bat  segment%101 public%14679
005da352 +36 PCMAV.bat  segment%89  public%10934
004bc3a5 +0d PCMAV.bat  segment%36  public%4584
004bc40f +37 PCMAV.bat  segment%36  public%4585
>> created by main thread ($414) at:
005da09d +6d PCMAV.bat  segment%89  public%10932

thread $46c (TRunningItemThread):
7c90df48 +0a ntdll.dll                NtWaitForMultipleObjects
7c80958a +00 kernel32.dll             WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll             WaitForMultipleObjects
007ac20b +2b PCMAV.bat    segment%157 public%17725
007ac48d +39 PCMAV.bat    segment%157 public%17737
004bc4c3 +2b PCMAV.bat    segment%36  public%4586
00483662 +42 PCMAV.bat    segment%30  public%3630
00408520 +28 PCMAV.bat    segment%0   public%327
004bc3a5 +0d PCMAV.bat    segment%36  public%4584
004bc40f +37 PCMAV.bat    segment%36  public%4585
>> created by main thread ($414) at:
007ac3bf +23 PCMAV.bat    segment%157 public%17735

thread $f54 (TMyThreadedScanMem):
7c90df58 +00a ntdll.dll                NtWaitForSingleObject
7c8025d5 +085 kernel32.dll             WaitForSingleObjectEx
7c80253d +00d kernel32.dll             WaitForSingleObject
00455626 +002 PCMAV.bat    segment%26  public%2436
004557d3 +01f PCMAV.bat    segment%26  public%2443
00407779 +065 PCMAV.bat    segment%0   public%286
004077e8 +020 PCMAV.bat    segment%0   public%287
00483fab +13b PCMAV.bat    segment%30  public%3653
00484041 +029 PCMAV.bat    segment%30  public%3654
008ca843 +00b PCMAV.bat    segment%261 public%20548
004bc4c3 +02b PCMAV.bat    segment%36  public%4586
00483662 +042 PCMAV.bat    segment%30  public%3630
00408520 +028 PCMAV.bat    segment%0   public%327
004bc3a5 +00d PCMAV.bat    segment%36  public%4584
004bc40f +037 PCMAV.bat    segment%36  public%4585
>> created by main thread ($414) at:
008ca6b1 +019 PCMAV.bat    segment%261 public%20546

processes:
000 Idle                         0   0
004 System                       0   0   normal
144 smss.exe                     0   0   normal C:\WINDOWS\system32
27c csrss.exe                    0   0
298 winlogon.exe                 51  14  high   C:\WINDOWS\system32
2c4 services.exe                 4   2   normal C:\WINDOWS\system32
2d0 lsass.exe                    6   4   normal C:\WINDOWS\system32
3b8 svchost.exe                  4   1   normal C:\WINDOWS\system32
6a4 svchost.exe                  0   0
0e4 MsMpEng.exe                  4   2   normal C:\Program Files\Microsoft Security Client\Antimalware
108 SbieSvc.exe                  4   1   normal C:\Program Files\Sandboxie
15c svchost.exe                  11  30  normal C:\WINDOWS\System32
1d8 svchost.exe                  0   0
4fc svchost.exe                  0   0
678 spoolsv.exe                  4   4   normal C:\WINDOWS\system32
58c Explorer.EXE                 418 256 normal C:\WINDOWS
260 egui.exe                     199 67  normal C:\Program Files\ESET\ESET Smart Security
26c alg.exe                      0   0
284 VTTimer.exe                  15  5   normal C:\WINDOWS\system32
3c8 VTtrayp.exe                  22  5   normal C:\WINDOWS\system32
0d4 ekrn.exe                     11  11  normal C:\Program Files\ESET\ESET Smart Security
438 SOUNDMAN.EXE                 21  8   normal C:\WINDOWS
3e4 svchost.exe                  4   1   normal C:\WINDOWS\System32
47c IDMan.exe                    112 65  normal C:\Program Files\Internet Download Manager
490 xwidget.exe                  97  96  normal C:\Program Files\XWidget
494 ctfmon.exe                   145 70  normal C:\WINDOWS\system32
4a8 WinSnap.exe                  52  67  normal C:\Program Files\WinSnap
578 SbieCtrl.exe                 104 56  normal C:\Program Files\Sandboxie
784 TuneUpUtilitiesService32.exe 5   5   normal C:\Program Files\TuneUp Utilities 2012
cd0 wscntfy.exe                  32  12  normal C:\WINDOWS\system32
ea0 TuneUpUtilitiesApp32.exe     217 101 normal C:\Program Files\TuneUp Utilities 2012
560 ping.exe                     4   1   normal C:\WINDOWS\system32
e7c notepad.exe                  32  21  normal C:\WINDOWS\system32
750 mspaint.exe                  92  65  normal C:\WINDOWS\system32
f7c svchost.exe                  4   2   normal C:\WINDOWS\system32
e74 taskmgr.exe                  109 123 high   C:\WINDOWS\system32
aa0 PCMAV.bat                    202 89  normal C:\Documents and Settings\Administrator\Desktop\PC Media Predator Technical Preview

disassembling:
007a5138 public segment%155.public%17676 (PCMAV.bat):  ; function entry point
007a5138   push    ebp
007a5139   mov     ebp, esp
007a513b   push    ecx
007a513c   mov     ecx, $26
007a513b
007a5141 loc_7a5141:
007a5141   push    0
007a5143   push    0
007a5145   dec     ecx
007a5146   jnz     loc_7a5141
007a5146
007a5148   xchg    ecx, [ebp-4]
007a514b   push    ebx
007a514c   push    esi
007a514d   mov     [ebp-$94], ecx
007a5153   mov     [ebp-$90], edx
007a5159   mov     [ebp-$8c], eax
007a515f   lea     eax, [ebp-$88]
007a5165   mov     edx, [$7a1c68]
007a516b   call    -$39b0b8 ($40a0b8)     ; segment%0.public%441 (PCMAV.bat)
007a516b
007a5170   xor     eax, eax
007a5172   push    ebp
007a5173   push    $7a5860                ; segment%0.public%300 (PCMAV.bat)
007a5178   push    dword ptr fs:[eax]
007a517b   mov     fs:[eax], esp
007a517e   mov     byte ptr [ebp-$95], 0
007a5185   mov     eax, [ebp-$90]
007a518b   mov     byte ptr [eax], 0
007a518e   mov     byte ptr [ebp-$bd], 1
007a5195   mov     eax, [ebp-$94]
007a519b   mov     eax, [eax]
007a519d   mov     dl, 1
007a519f   call    -$329ae4 ($47b6c0)     ; segment%30.public%3370 (PCMAV.bat)
007a519f
007a51a4   mov     eax, [ebp-$94]
007a51aa   mov     eax, [eax]
007a51ac   mov     byte ptr [eax+$39], 0
007a51b0   mov     eax, [ebp-$8c]
007a51b6 > mov     eax, [eax+$c]
007a51b9   call    -$2e8a ($7a2334)       ; segment%154.public%17642 (PCMAV.bat)
007a51b9
007a51be   lea     edx, [ebp-4]
007a51c1   mov     eax, $7a5884
007a51c6   call    -$5456f ($750c5c)      ; segment%133.public%16904 (PCMAV.bat)
007a51c6
007a51cb   mov     dword ptr [ebp-$a0], 3
007a51d5   mov     dword ptr [ebp-$c8], $900a78
007a51cb
007a51df loc_7a51df:
007a51df   lea     eax, [ebp-$18]
007a51e2   mov     edx, [ebp-$c8]
007a51e8   mov     edx, [edx]
007a51ea   call    -$39c753 ($408a9c)     ; segment%0.public%355 (PCMAV.bat)
007a51ea
007a51ef   mov     eax, [ebp-4]
007a51f2   mov     edx, [eax]
007a51f4   call    dword ptr [edx+$70]
007a51f4
007a51f7   dec     eax
007a51f8   test    eax, eax
007a51fa   jl      loc_7a5756
007a51fa
007a5200   inc     eax
007a5201   mov     [ebp-$c4], eax
007a5207   mov     dword ptr [ebp-$a4], 0
007a5201
007a5211 loc_7a5211:
007a5211   lea     ecx, [ebp-8]
007a5214   mov     edx, [ebp-$a4]
007a521a   mov     eax, [ebp-4]
007a521d   mov     ebx, [eax]
007a521f   call    dword ptr [ebx+$d8]
007a521f
007a5225   lea     edx, [ebp-$f4]
007a522b   mov     eax, [ebp-8]
007a522e   mov     ecx, [eax]
007a5230   call    dword ptr [ecx+$a0]
007a5230
007a5236   mov     edx, [ebp-$f4]
007a523c   lea     eax, [ebp-$f0]
007a5242   call    -$39ba1b ($40982c)     ; segment%0.public%421 (PCMAV.bat)
007a5242
007a5247   mov     eax, [ebp-$f0]
007a524d   lea     edx, [ebp-$ec]
007a5253   call    -$3560a4 ($44f1b4)     ; segment%26.public%2256 (PCMAV.bat)
007a5253
007a5258   mov     eax, [ebp-$ec]
007a525e   lea     edx, [ebp-$e8]
007a5264   call    -$358261 ($44d008)     ; segment%26.public%2181 (PCMAV.bat)
007a5264
007a5269   mov     eax, [ebp-$e8]
007a526f   mov     edx, [ebp-$18]
007a5272   call    -$39b71f ($409b58)     ; segment%0.public%431 (PCMAV.bat)
007a5272
007a5277   jnz     loc_7a5744
007a5277
007a527d   mov     eax, [ebp-8]
007a5280   mov     edx, [eax]
007a5282   call    dword ptr [edx+$80]
007a5282
007a5288   mov     [ebp-$ac], eax
007a528e   lea     edx, [ebp-$c]
007a5291   mov     eax, [ebp-8]
007a5294   mov     ecx, [eax]
007a5296   call    dword ptr [ecx+$110]
007a5296
007a529c   mov     eax, [ebp-$c]
007a529f   mov     edx, [eax]
007a52a1   call    dword ptr [edx+$70]
007a52a1
007a52a4   mov     esi, eax
007a52a6   dec     esi
007a52a7   test    esi, esi
007a52a9   jl      loc_7a555a
007a52a9
007a52af   inc     esi
007a52b0   mov     dword ptr [ebp-$a8], 0
007a52af
007a52ba loc_7a52ba:
007a52ba   mov     eax, [$904798]
007a52bf   mov     eax, [eax]
007a52c1   call    -$1fe142 ($5a7184)     ; segment%79.public%9877 (PCMAV.bat)
007a52c1
007a52c6   lea     ecx, [ebp-$10]
007a52c9   mov     edx, [ebp-$a8]
007a52cf   mov     eax, [ebp-$c]
007a52d2   mov     ebx, [eax]
007a52d4   call    dword ptr [ebx+$d8]
007a52d4
007a52da   mov     eax, [ebp-$10]
007a52dd   mov     edx, [eax]
007a52df   call    dword ptr [edx+$80]
007a52df
007a52e5   mov     ebx, eax
007a52e7   mov     edx, ebx
007a52e9   mov     eax, [ebp-$8c]
007a52ef   call    -$eb0 ($7a4444)        ; segment%155.public%17671 (PCMAV.bat)
007a52ef
007a52f4   mov     [ebp-$9c], eax
007a52fa   lea     eax, [ebp-$14]
007a52fd   push    eax
007a52fe   mov     ecx, ebx
007a5300   mov     edx, [ebp-$ac]
007a5306   mov     eax, [ebp-$8c]
007a530c   call    -$d9d ($7a4574)        ; segment%155.public%17672 (PCMAV.bat)
007a530c
007a5311   cmp     dword ptr [ebp-$14], 0
007a5315   jz      loc_7a5329
007a5315
007a5317   mov     dl, 1
007a5319   mov     eax, [ebp-$14]
007a531c   call    -$356aa5 ($44e87c)     ; segment%26.public%2235 (PCMAV.bat)
007a531c
007a5321   test    al, al
007a5323   jnz     loc_7a554d
007a5323
007a5329 loc_7a5329:
007a5329   xor     ebx, ebx
007a532b   lea     eax, [ebp-$e4]
007a5331   xor     ecx, ecx
007a5333   mov     edx, $1c
007a5338   call    -$39ffe5 ($405358)     ; segment%0.public%174 (PCMAV.bat)
007a5338
007a533d   jmp     loc_7a5519
007a533d
007a533d ; ---------------------------------------------------------
007a533d
007a5342 loc_7a5342:
007a5342   mov     eax, [ebp-$dc]
007a5348   or      eax, 4
007a534b   or      eax, $10
007a534e   jz      loc_7a550d
007a534e
007a5354   cmp     dword ptr [ebp-$d4], $1000
007a535e   jnz     loc_7a550d
007a535e
007a5364   mov     eax, [ebp-$e4]
007a536a   mov     [ebp-$b8], eax
007a5370   mov     eax, [ebp-$e4]
007a5376   add     eax, [ebp-$d8]
007a537c   mov     [ebp-$bc], eax
007a5382   mov     eax, [ebp-$b8]
007a5388   cmp     eax, [ebp-$9c]
007a538e   ja      loc_7a550d
007a538e
007a5394   mov     eax, [ebp-$bc]
007a539a   cmp     eax, [ebp-$9c]
007a53a0   jbe     loc_7a550d
007a53a0
007a53a6   push    4
007a53a8   push    $1000
007a53ad   mov     eax, [ebp-$d8]
007a53b3   push    eax
007a53b4   push    0
007a53b6   call    -$392e2f ($41258c)     ; segment%4.public%974 (PCMAV.bat)
007a53b6
007a53bb   mov     [ebp-$b4], eax
007a53c1   cmp     dword ptr [ebp-$b4], 0
007a53c8   jz      loc_7a550d
007a53c8
007a53ce   lea     eax, [ebp-$20]
007a53d1   xor     ecx, ecx
007a53d3   mov     edx, [ebp-$d8]
007a53d9   call    -$39c172 ($40926c)     ; segment%0.public%395 (PCMAV.bat)
007a53d9
007a53de   lea     eax, [ebp-$b0]
007a53e4   push    eax
007a53e5   mov     eax, [ebp-$d8]
007a53eb   push    eax
007a53ec   mov     eax, [ebp-$20]
007a53ef   push    eax
007a53f0   mov     eax, [ebp-$e4]
007a53f6   push    eax
007a53f7   lea     edx, [ebp-$f8]
007a53fd   mov     eax, [ebp-8]
007a5400   mov     ecx, [eax]
007a5402   call    dword ptr [ecx+$88]
007a5402
007a5408   mov     eax, [ebp-$f8]
007a540e   mov     edx, [eax]
007a5410   call    dword ptr [edx+$78]
007a5410
007a5413   push    eax
007a5414   call    -$392f9d ($41247c)     ; segment%4.public%940 (PCMAV.bat)
007a5414
007a5419   test    eax, eax
007a541b   jz      loc_7a54fa
007a541b
007a5421   mov     eax, [ebp-$b0]
007a5427   cmp     eax, [ebp-$d8]
007a542d   jnz     loc_7a54fa
007a542d
007a5433   push    1
007a5435   lea     eax, [ebp-$100]
007a543b   mov     edx, [$900ac8]         ; 'A0CF252481C21173A0CF252481C21173E7C8AA3464283264C1B768EFE95004B6F1069F8D9023FBE8BFE591A6CB762EDD41BC'
007a5441   call    -$39bc1a ($40982c)     ; segment%0.public%421 (PCMAV.bat)
007a5441
007a5446   mov     eax, [ebp-$100]
007a544c   lea     edx, [ebp-$fc]
007a5452   call    -$af0fb ($6f635c)      ; segment%112.public%15854 (PCMAV.bat)
007a5452
007a5457   mov     eax, [ebp-$fc]
007a545d   push    eax
007a545e   lea     eax, [ebp-$104]
007a5464   mov     edx, [ebp-$20]
007a5467   call    -$39bc40 ($40982c)     ; segment%0.public%421 (PCMAV.bat)
007a5467
007a546c   mov     eax, [ebp-$104]
007a5472   xor     ecx, ecx
007a5474   pop     edx
007a5475   call    -$af2ee ($6f618c)      ; segment%112.public%15852 (PCMAV.bat)
007a5475
007a547a   test    eax, eax
007a547c   jz      loc_7a54fa
007a547c
007a547e   cmp     byte ptr [ebp-$95], 0
007a5485   jnz     loc_7a548e
007a5485
007a5487   mov     byte ptr [ebp-$95], 1
007a5485
007a548e loc_7a548e:
007a548e   cmp     byte ptr [ebp-$bd], 0
007a5495   jz      loc_7a54ca
007a5495
007a5497   push    0
007a5499   push    $ffffffff
007a549b   push    $ffffffff
007a549d   push    0
007a549f   movzx   ecx, word ptr [$7a5888]
007a54a6   mov     dl, 2
007a54a8   mov     eax, $7a5898
007a54ad   call    -$25d9da ($547ad8)     ; segment%73.public%7866 (PCMAV.bat)
007a54ad
007a54b2   cmp     eax, 6
007a54b5   jz      loc_7a54c3
007a54b5
007a54b7   mov     byte ptr [ebp-$95], 1
007a54be   jmp     loc_7a5769
007a54be
007a54be ; ---------------------------------------------------------
007a54be
007a54c3 loc_7a54c3:
007a54c3   mov     byte ptr [ebp-$bd], 0
007a54be
007a54ca loc_7a54ca:
007a54ca   mov     eax, [ebp-$10]
007a54cd   mov     edx, [eax]
007a54cf   call    dword ptr [edx+$9c]
007a54cf
007a54d5   test    al, al
007a54d7   jz      loc_7a54e6
007a54d7
007a54d9   xor     edx, edx
007a54db   mov     eax, [ebp-$10]
007a54de   mov     ecx, [eax]
007a54e0   call    dword ptr [ecx+$108]
007a54e0
007a54e6 loc_7a54e6:
007a54e6   mov     eax, [ebp-$90]
007a54ec   cmp     byte ptr [eax], 0
007a54ef   jnz     loc_7a54fa
007a54ef
007a54f1   mov     eax, [ebp-$90]
007a54f7   mov     byte ptr [eax], 1
007a54f1
007a54fa loc_7a54fa:
007a54fa   push    $8000
007a54ff   push    0
007a5501   mov     eax, [ebp-$b4]
007a5507   push    eax
007a5508   call    -$392f79 ($412594)     ; segment%4.public%975 (PCMAV.bat)
007a5508
007a550d loc_7a550d:
007a550d   mov     ebx, [ebp-$e4]
007a5513   add     ebx, [ebp-$d8]
007a550d
007a5519 loc_7a5519:
007a5519   push    $1c
007a551b   lea     eax, [ebp-$e4]
007a5521   push    eax
007a5522   push    ebx
007a5523   lea     edx, [ebp-$108]
007a5529   mov     eax, [ebp-8]
007a552c   mov     ecx, [eax]
007a552e   call    dword ptr [ecx+$88]
007a552e
007a5534   mov     eax, [ebp-$108]
007a553a   mov     edx, [eax]
007a553c   call    dword ptr [edx+$78]
007a553c
007a553f   push    eax
007a5540   call    -$392f89 ($4125bc)     ; segment%4.public%980 (PCMAV.bat)
007a5540
007a5545   test    eax, eax
007a5547   ja      loc_7a5342
007a5547
007a554d loc_7a554d:
007a554d   inc     dword ptr [ebp-$a8]
007a5553   dec     esi
007a5554   jnz     loc_7a52ba
007a5554
007a555a loc_7a555a:
007a555a   cmp     byte ptr [ebp-$95], 0
007a5561   jz      loc_7a5744
007a5561
007a5567   mov     eax, [ebp-$8c]
007a556d   mov     eax, [eax+$c]
007a5570   mov     esi, [eax+$10]
007a5573   dec     esi
007a5574   test    esi, esi
007a5576   jl      loc_7a5744
007a5576
007a557c   inc     esi
007a557d   xor     ebx, ebx
007a557c
007a557f loc_7a557f:
007a557f   lea     ecx, [ebp-$88]
007a5585   mov     eax, [ebp-$8c]
007a558b   mov     eax, [eax+$c]
007a558e   mov     edx, ebx
007a5590   call    -$32cd ($7a22c8)       ; segment%154.public%17640 (PCMAV.bat)
007a5590
007a5595   mov     eax, [ebp-$88]
007a559b   cmp     eax, [ebp-$ac]
007a55a1   jnz     loc_7a573c
007a55a1
007a55a7   mov     dl, 1
007a55a9   mov     eax, [ebp-$80]
007a55ac   call    -$356d35 ($44e87c)     ; segment%26.public%2235 (PCMAV.bat)
007a55ac
007a55b1   test    al, al
007a55b3   jz      loc_7a573c
007a55b3
007a55b9   lea     edx, [ebp-$110]
007a55bf   mov     eax, [ebp-$80]
007a55c2   call    -$3563d3 ($44f1f4)     ; segment%26.public%2257 (PCMAV.bat)
007a55c2
007a55c7   mov     eax, [ebp-$110]
007a55cd   lea     edx, [ebp-$10c]
007a55d3   call    -$3585d0 ($44d008)     ; segment%26.public%2181 (PCMAV.bat)
007a55d3
007a55d8   mov     eax, [ebp-$10c]
007a55de   mov     edx, $7a59bc
007a55e3   call    -$39ba90 ($409b58)     ; segment%0.public%431 (PCMAV.bat)
007a55e3
007a55e8   jnz     loc_7a573c
007a55e8
007a55ee   movzx   ecx, word ptr [ebp-$82]
007a55f5   mov     edx, [ebp-$ac]
007a55fb   mov     eax, [ebp-$8c]
007a5601   call    -$132a ($7a42dc)       ; segment%155.public%17669 (PCMAV.bat)
007a5601
007a5606   test    eax, eax
007a5608   lea     eax, [ebp-$114]
007a560e   mov     edx, [ebp-$80]
007a5611   call    -$39bdb6 ($409860)     ; segment%0.public%423 (PCMAV.bat)
007a5611
007a5616   mov     ecx, [ebp-$114]
007a561c   mov     edx, $1f01ff
007a5621   mov     eax, [ebp-$8c]
007a5627   call    -$14f0 ($7a413c)       ; segment%155.public%17668 (PCMAV.bat)
007a5627
007a562c   test    al, al
007a562e   jnz     loc_7a56a0
007a562e
007a5630   lea     eax, [ebp-$11c]
007a5636   mov     edx, [ebp-$80]
007a5639   call    -$39bdde ($409860)     ; segment%0.public%423 (PCMAV.bat)
007a5639
007a563e   mov     eax, [ebp-$11c]
007a5644   lea     edx, [ebp-$118]
007a564a   call    -$2ed73 ($7768dc)      ; segment%146.public%17313 (PCMAV.bat)
007a564a
007a564f   mov     eax, [ebp-$118]
007a5655   xor     edx, edx
007a5657   mov     ecx, [eax]
007a5659   call    dword ptr [ecx+$a0]
007a5659
007a565f   lea     eax, [ebp-$128]
007a5665   mov     edx, [ebp-$80]
007a5668   call    -$39be0d ($409860)     ; segment%0.public%423 (PCMAV.bat)
007a5668
007a566d   mov     eax, [ebp-$128]
007a5673   lea     edx, [ebp-$124]
007a5679   call    -$2eda2 ($7768dc)      ; segment%146.public%17313 (PCMAV.bat)
007a5679
007a567e   mov     eax, [ebp-$124]
007a5684   lea     edx, [ebp-$120]
007a568a   mov     ecx, [eax]
007a568c   call    dword ptr [ecx+$8c]
007a568c
007a5692   mov     eax, [ebp-$120]
007a5698   mov     edx, [eax]
007a569a   call    dword ptr [edx+$104]
007a569a
007a56a0 loc_7a56a0:
007a56a0   push    0
007a56a2   lea     ecx, [ebp-$1c]
007a56a5   mov     edx, [ebp-$80]
007a56a8   mov     eax, [ebp-$8c]
007a56ae   call    -$c43 ($7a4a70)        ; segment%155.public%17675 (PCMAV.bat)
007a56ae
007a56b3   test    al, al
007a56b5   jz      loc_7a573c
007a56b5
007a56bb   lea     eax, [ebp-$12c]
007a56c1   mov     ecx, [ebp-$80]
007a56c4   mov     edx, $7a59d4
007a56c9   call    -$39bd0e ($4099c0)     ; segment%0.public%428 (PCMAV.bat)
007a56c9
007a56ce   mov     edx, [ebp-$12c]
007a56d4   mov     eax, [ebp-$8c]
007a56da   call    -$187f ($7a3e60)       ; segment%155.public%17664 (PCMAV.bat)
007a56da
007a56df   push    dword ptr [ebp-$1c]
007a56e2   push    $7a5a08
007a56e7   push    dword ptr [ebp-$80]
007a56ea   lea     eax, [ebp-$130]
007a56f0   mov     edx, 3
007a56f5   call    -$39bcb2 ($409a48)     ; segment%0.public%429 (PCMAV.bat)
007a56f5
007a56fa   mov     edx, [ebp-$130]
007a5700   mov     eax, [ebp-$8c]
007a5706   mov     eax, [eax+4]
007a5709   mov     ecx, [eax]
007a570b   call    dword ptr [ecx+$38]
007a570b
007a570e   push    dword ptr [ebp-$1c]
007a5711   push    $7a5a08
007a5716   push    dword ptr [ebp-$80]
007a5719   lea     eax, [ebp-$134]
007a571f   mov     edx, 3
007a5724   call    -$39bce1 ($409a48)     ; segment%0.public%429 (PCMAV.bat)
007a5724
007a5729   mov     edx, [ebp-$134]
007a572f   mov     eax, [ebp-$94]
007a5735   mov     eax, [eax]
007a5737   mov     ecx, [eax]
007a5739   call    dword ptr [ecx+$38]
007a5739
007a573c loc_7a573c:
007a573c   inc     ebx
007a573d   dec     esi
007a573e   jnz     loc_7a557f
007a573e
007a5744 loc_7a5744:
007a5744   inc     dword ptr [ebp-$a4]
007a574a   dec     dword ptr [ebp-$c4]
007a5750   jnz     loc_7a5211
007a5750
007a5756 loc_7a5756:
007a5756   add     dword ptr [ebp-$c8], 4
007a575d   dec     dword ptr [ebp-$a0]
007a5763   jnz     loc_7a51df
007a5763
007a5769 loc_7a5769:
007a5769   xor     eax, eax
007a576b   pop     edx
007a576c   pop     ecx
007a576d   pop     ecx
007a576e   mov     fs:[eax], edx
007a5771   push    $7a586a
007a576e
007a5776 loc_7a5776:
007a5776   lea     eax, [ebp-$134]
007a577c   mov     edx, 3
007a5781   call    -$39d0b2 ($4086d4)     ; segment%0.public%337 (PCMAV.bat)
007a5781
007a5786   lea     eax, [ebp-$128]
007a578c   call    -$39d0d5 ($4086bc)     ; segment%0.public%336 (PCMAV.bat)
007a578c
007a5791   lea     eax, [ebp-$124]
007a5797   call    -$3992d8 ($40c4c4)     ; segment%0.public%516 (PCMAV.bat)
007a5797
007a579c   lea     eax, [ebp-$120]
007a57a2   call    -$3992e3 ($40c4c4)     ; segment%0.public%516 (PCMAV.bat)
007a57a2
007a57a7   lea     eax, [ebp-$11c]
007a57ad   call    -$39d0f6 ($4086bc)     ; segment%0.public%336 (PCMAV.bat)
007a57ad
007a57b2   lea     eax, [ebp-$118]
007a57b8   call    -$3992f9 ($40c4c4)     ; segment%0.public%516 (PCMAV.bat)
007a57b8
007a57bd   lea     eax, [ebp-$114]
007a57c3   call    -$39d10c ($4086bc)     ; segment%0.public%336 (PCMAV.bat)
007a57c3
007a57c8   lea     eax, [ebp-$110]
007a57ce   mov     edx, 2
007a57d3   call    -$39d104 ($4086d4)     ; segment%0.public%337 (PCMAV.bat)
007a57d3
007a57d8   lea     eax, [ebp-$108]
007a57de   call    -$39931f ($40c4c4)     ; segment%0.public%516 (PCMAV.bat)
007a57de
007a57e3   lea     eax, [ebp-$104]
007a57e9   mov     edx, 3
007a57ee   call    -$39d11f ($4086d4)     ; segment%0.public%337 (PCMAV.bat)
007a57ee
007a57f3   lea     eax, [ebp-$f8]
007a57f9   call    -$39933a ($40c4c4)     ; segment%0.public%516 (PCMAV.bat)
007a57f9
[...]

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**Rahman** · 30-03-2012 05:47:12

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

Bug lagi nih

date/time : 2012-03-27, 18:29:42, 109ms
computer name : RAHMAN-6B121E99
user name : RAHMAN <admin>
registered owner : RAHMAN
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 9 minutes 16 seconds
program up time : 6 minutes 37 seconds
processors : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory : 737/1013 MB (free/total)
free disk space : (C:) 13.53 GB
display mode : 1024x768, 32 bit
process id : $fd8
allocated memory : 28.19 MB
executable : PCMAV.exe
exec. date/time : 2012-03-19 13:36
version : 7.0.61078.27766
compiled with : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad : $0003bfbc, $34804073, $1164c539
callstack crc : $c14f87c0, $4d0a6b39, $4d0a6b39
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 007DAF26 in module 'PCMAV.exe'. Read of address 00000000.

main thread ($fdc):
007daf26 +04e PCMAV.exe segment%170 public%18136
00840c71 +00d PCMAV.exe segment%171 public%18442
00483536 +142 PCMAV.exe segment%30 public%3629
005a690a +76e PCMAV.exe segment%79 public%9859
0048668c +014 PCMAV.exe segment%30 public%3805
77d4c02f +016 USER32.dll CallWindowProcW
00842a4c +034 PCMAV.exe segment%174 public%18475
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a71a6 +00a PCMAV.exe segment%79 public%9878
005a74d9 +0c9 PCMAV.exe segment%79 public%9883
008eb1e4 +0d0 PCMAV.exe segment%393 public%20885

thread $fe4:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
100016e9 +00 IDMShellExt.dll

thread $ff8 (TWorkerThread):
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
00677a91 +19 PCMAV.exe segment%98 public%13639
004bc4c3 +2b PCMAV.exe segment%36 public%4586
00483662 +42 PCMAV.exe segment%30 public%3630
00408520 +28 PCMAV.exe segment%0 public%327
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
00677986 +16 PCMAV.exe segment%98 public%13635

thread $c0:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
005da78f +2f PCMAV.exe segment%89 public%10955
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $cc:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
006b2e31 +4d PCMAV.exe segment%101 public%14689
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $d0:
77d491c9 +26 USER32.dll GetMessageW
006b21f7 +bb PCMAV.exe segment%101 public%14679
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $5c4:
7c90e286 +00a ntdll.dll NtReadFile
7c80186f +061 kernel32.dll ReadFile
0079460b +1e7 PCMAV.exe segment%150 public%17583
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
0079487f +233 PCMAV.exe segment%150 public%17584

thread $6cc:
7c90e286 +00a ntdll.dll NtReadFile
7c80186f +061 kernel32.dll ReadFile
0079460b +1e7 PCMAV.exe segment%150 public%17583
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
0079487f +233 PCMAV.exe segment%150 public%17584

thread $af0:
7c90d85a +a ntdll.dll NtDelayExecution

thread $af8:
7c90e9a9 +a ntdll.dll NtWaitForMultipleObjects

thread $7c0:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $e48 at:
769c8951 +00 Userenv.dll

thread $8d8:
7c90d85a +0a ntdll.dll NtDelayExecution
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $8e0 at:
77e8760d +00 RPCRT4.dll

thread $1e8:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $1e4 at:
77a8a2fb +00 CRYPT32.dll

thread $1d8: <priority:1>
7c90e319 +0a ntdll.dll NtRemoveIoCompletion
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $434 at:
71a5dbb3 +00 mswsock.dll

thread $6f4:
7c90d85a +0a ntdll.dll NtDelayExecution
7c8023e7 +4b kernel32.dll SleepEx
7c80244c +0a kernel32.dll Sleep
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $434 at:
4d50be14 +00 WINHTTP.dll

thread $834:
7c90e319 +0a ntdll.dll NtRemoveIoCompletion
7c80cbd3 +23 kernel32.dll GetQueuedCompletionStatus
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $8d8 at:
77e8760d +00 RPCRT4.dll

thread $c6c (TCleanFile):
7c90e9be +00a ntdll.dll NtWaitForSingleObject
7c8025d5 +085 kernel32.dll WaitForSingleObjectEx
7c80253d +00d kernel32.dll WaitForSingleObject
00455626 +002 PCMAV.exe segment%26 public%2436
004557d3 +01f PCMAV.exe segment%26 public%2443
00407779 +065 PCMAV.exe segment%0 public%286
004077e8 +020 PCMAV.exe segment%0 public%287
00483fab +13b PCMAV.exe segment%30 public%3653
0048408e +042 PCMAV.exe segment%30 public%3655
00840cd3 +047 PCMAV.exe segment%171 public%18444
004bc4c3 +02b PCMAV.exe segment%36 public%4586
00483662 +042 PCMAV.exe segment%30 public%3630
00408520 +028 PCMAV.exe segment%0 public%327
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($fdc) at:
004836ec +018 PCMAV.exe segment%30 public%3631

processes:
000 Idle 0 0
004 System 0 0 normal
270 smss.exe 0 0 normal C:\WINDOWS\system32
2ac csrss.exe 43 54 normal C:\WINDOWS\system32
2c4 winlogon.exe 40 11 high C:\WINDOWS\system32
2f0 services.exe 4 0 normal C:\WINDOWS\system32
2fc lsass.exe 4 0 normal C:\WINDOWS\system32
3a8 svchost.exe 4 0 normal C:\WINDOWS\system32
3ec svchost.exe 4 0 normal C:\WINDOWS\system32
44c svchost.exe 11 10 normal C:\WINDOWS\System32
4ac svchost.exe 4 0 normal C:\WINDOWS\system32
4d0 svchost.exe 4 0 normal C:\WINDOWS\system32
590 spoolsv.exe 4 0 normal C:\WINDOWS\system32
70c Explorer.EXE 429 269 normal C:\WINDOWS
758 NBService.exe 4 0 normal C:\Program Files\Nero\Nero8\Nero BackItUp
778 GoogleUpdate.exe 4 1 below normal C:\Program Files\Google\Update
78c RTPSvc.exe 4 0 normal C:\WINDOWS\system32
110 wdfmgr.exe 4 0 normal C:\WINDOWS\system32
290 alg.exe 4 0 normal C:\WINDOWS\System32
440 ctfmon.exe 25 9 normal C:\WINDOWS\system32
460 IDMan.exe 93 59 normal C:\Program Files\Internet Download Manager
664 wscntfy.exe 17 6 normal C:\WINDOWS\system32
744 IEMonitor.exe 22 12 normal C:\Program Files\Internet Download Manager
fd8 PCMAV.exe 231 109 normal C:\Documents and Settings\RAHMAN\Desktop\Predator
808 RTPshell.exe 33 22 normal c:\documents and settings\rahman\desktop\predator
9d8 taskmgr.exe 113 123 high C:\WINDOWS\system32

disassembling:
007daed8 public segment%170.public%18136 (PCMAV.exe): ; function entry point
007daed8 push ebp
007daed9 mov ebp, esp
007daedb mov ecx, 5
007daed9
007daee0 loc_7daee0:
007daee0 push 0
007daee2 push 0
007daee4 dec ecx
007daee5 jnz loc_7daee0
007daee5
007daee7 push ecx
007daee8 push ebx
007daee9 push esi
007daeea push edi
007daeeb mov [ebp-$c], eax
007daeee xor eax, eax
007daef0 push ebp
007daef1 push $7db43c ; segment%0.public%300 (PCMAV.exe)
007daef6 push dword ptr fs:[eax]
007daef9 mov fs:[eax], esp
007daefc xor eax, eax
007daefe push ebp
007daeff push $7db3f2 ; segment%0.public%300 (PCMAV.exe)
007daf04 push dword ptr fs:[eax]
007daf07 mov fs:[eax], esp
007daf0a mov eax, [$904004]
007daf0f mov eax, [eax]
007daf11 mov eax, [eax+$40c]
007daf17 xor edx, edx
007daf19 mov ecx, [eax]
007daf1b call dword ptr [ecx+$80]
007daf1b
007daf21 xor edx, edx
007daf23 mov eax, [ebp-$c]
007daf26 > mov ecx, [eax]
007daf28 call dword ptr [ecx+$80]
007daf28
007daf2e mov eax, [ebp-$c]
007daf31 mov eax, [eax+$3a8]
007daf37 call -$1aa684 ($6308b8) ; segment%96.public%11894 (PCMAV.exe)
007daf37
007daf3c test eax, eax
007daf3e jz loc_7db3ba
007daf3e
007daf44 mov eax, [ebp-$c]
007daf47 mov eax, [eax+$3a8]
007daf4d call -$1aa69a ($6308b8) ; segment%96.public%11894 (PCMAV.exe)
007daf4d
007daf52 mov esi, eax
007daf54 dec esi
007daf55 test esi, esi
007daf57 jb loc_7dafd3
007daf57
007daf59 inc esi
007daf5a xor ebx, ebx
007daf59
007daf5c loc_7daf5c:
007daf5c mov eax, [ebp-$c]
007daf5f mov eax, [eax+$3a8]
007daf65 mov edx, ebx
007daf67 call -$1aa644 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007daf67
007daf6c mov edx, [eax]
007daf6e call dword ptr [edx+$48]
007daf6e
007daf71 test al, al
007daf73 jz loc_7dafcf
007daf73
007daf75 mov eax, [ebp-$c]
007daf78 mov eax, [eax+$3a8]
007daf7e mov edx, ebx
007daf80 call -$1aa65d ($630928) ; segment%96.public%11895 (PCMAV.exe)
007daf80
007daf85 lea ecx, [ebp-$18]
007daf88 mov edx, 2
007daf8d mov edi, [eax]
007daf8f call dword ptr [edi+$80]
007daf8f
007daf95 mov edx, [ebp-$18]
007daf98 lea eax, [ebp-8]
007daf9b mov ecx, 0
007dafa0 call -$3d20d5 ($408ed0) ; segment%0.public%385 (PCMAV.exe)
007dafa0
007dafa5 mov eax, [ebp-8]
007dafa8 mov edx, [$904548]
007dafae mov edx, [edx]
007dafb0 call -$3d1f05 ($4090b0) ; segment%0.public%390 (PCMAV.exe)
007dafb0
007dafb5 jnz loc_7dafcf
007dafb5
007dafb7 push $41020
007dafbc push $7db44c
007dafc1 push $7db464
007dafc6 push 0
007dafc8 call -$3c7fb1 ($41301c) ; segment%4.public%1311 (PCMAV.exe)
007dafc8
007dafcd jmp loc_7dafd3
007dafcd
007dafcd ; ---------------------------------------------------------
007dafcd
007dafcf loc_7dafcf:
007dafcf inc ebx
007dafd0 dec esi
007dafd1 jnz loc_7daf5c
007dafd1
007dafd3 loc_7dafd3:
007dafd3 mov eax, [ebp-$c]
007dafd6 mov eax, [eax+$3a8]
007dafdc call -$1aa729 ($6308b8) ; segment%96.public%11894 (PCMAV.exe)
007dafdc
007dafe1 mov esi, eax
007dafe3 dec esi
007dafe4 test esi, esi
007dafe6 jb loc_7db3ba
007dafe6
007dafec inc esi
007dafed xor ebx, ebx
007dafec
007dafef loc_7dafef:
007dafef mov eax, [ebp-$c]
007daff2 mov eax, [eax+$3a8]
007daff8 mov edx, ebx
007daffa call -$1aa6d7 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007daffa
007dafff mov edx, [eax]
007db001 call dword ptr [edx+$48]
007db001
007db004 test al, al
007db006 jz loc_7db3b2
007db006
007db00c mov eax, [ebp-$c]
007db00f mov eax, [eax+$3a8]
007db015 mov edx, ebx
007db017 call -$1aa6f4 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db017
007db01c lea edx, [ebp-$1c]
007db01f mov ecx, [eax]
007db021 call dword ptr [ecx+$7c]
007db021
007db024 mov edx, [ebp-$1c]
007db027 lea eax, [ebp-4]
007db02a call -$3d17e3 ($40984c) ; segment%0.public%422 (PCMAV.exe)
007db02a
007db02f mov eax, [ebp-$c]
007db032 mov eax, [eax+$3a8]
007db038 mov edx, ebx
007db03a call -$1aa717 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db03a
007db03f lea ecx, [ebp-$20]
007db042 mov edx, 2
007db047 mov edi, [eax]
007db049 call dword ptr [edi+$80]
007db049
007db04f mov edx, [ebp-$20]
007db052 lea eax, [ebp-8]
007db055 mov ecx, 0
007db05a call -$3d218f ($408ed0) ; segment%0.public%385 (PCMAV.exe)
007db05a
007db05f mov eax, [ebp-$c]
007db062 mov eax, [eax+$3a8]
007db068 mov edx, ebx
007db06a call -$1aa747 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db06a
007db06f lea ecx, [ebp-$28]
007db072 mov edx, 3
007db077 mov edi, [eax]
007db079 call dword ptr [edi+$80]
007db079
007db07f mov edx, [ebp-$28]
007db082 lea eax, [ebp-$24]
007db085 call -$3d183e ($40984c) ; segment%0.public%422 (PCMAV.exe)
007db085
007db08a mov eax, [ebp-$24]
007db08d call -$38d0c6 ($44dfcc) ; segment%26.public%2211 (PCMAV.exe)
007db08d
007db092 mov edi, eax
007db094 test edi, edi
007db096 jl loc_7db0ea
007db096
007db098 mov eax, [ebp-8]
007db09b mov edx, [$900ee0] ; 'File will be deleted'
007db0a1 call -$3d1ff6 ($4090b0) ; segment%0.public%390 (PCMAV.exe)
007db0a1
007db0a6 jz loc_7db114
007db0a6
007db0a8 mov eax, [ebp-8]
007db0ab mov edx, [$900ee4] ; 'File will be cured'
007db0b1 call -$3d2006 ($4090b0) ; segment%0.public%390 (PCMAV.exe)
007db0b1
007db0b6 jz loc_7db114
007db0b6
007db0b8 mov eax, [ebp-8]
007db0bb mov edx, [$900ef0] ; 'Can't be cleaned'
007db0c1 call -$3d2016 ($4090b0) ; segment%0.public%390 (PCMAV.exe)
007db0c1
007db0c6 jz loc_7db114
007db0c6
007db0c8 mov eax, [ebp-8]
007db0cb mov edx, [$900ef4] ; 'Can't be deleted'
007db0d1 call -$3d2026 ($4090b0) ; segment%0.public%390 (PCMAV.exe)
007db0d1
007db0d6 jz loc_7db114
007db0d6
007db0d8 mov eax, [ebp-8]
007db0db mov edx, [$904c0c]
007db0e1 mov edx, [edx]
007db0e3 call -$3d2038 ($4090b0) ; segment%0.public%390 (PCMAV.exe)
007db0e3
007db0e8 jz loc_7db114
007db0e8
007db0ea loc_7db0ea:
007db0ea mov edx, [ebp-8]
007db0ed mov eax, [$900ed8] ; 'Suspended'
007db0f2 call -$3d131f ($409dd8) ; segment%0.public%438 (PCMAV.exe)
007db0f2
007db0f7 test eax, eax
007db0f9 jz loc_7db3b2
007db0f9
007db0ff mov edx, [ebp-8]
007db102 mov eax, [$900edc] ; 'Not Suspended'
007db107 call -$3d1334 ($409dd8) ; segment%0.public%438 (PCMAV.exe)
007db107
007db10c test eax, eax
007db10e jz loc_7db3b2
007db10e
007db114 loc_7db114:
007db114 mov byte ptr [ebp-$11], 0
007db118 push edi
007db119 push 0
007db11b lea eax, [ebp-$11]
007db11e push eax
007db11f lea eax, [ebp-$12]
007db122 push eax
007db123 mov ecx, [ebp-4]
007db126 mov dl, 1
007db128 mov eax, [$7c136c]
007db12d call -$19c3e ($7c14f4) ; segment%167.public%18084 (PCMAV.exe)
007db12d
007db132 mov [ebp-$10], eax
007db135 jmp loc_7db143
007db135
007db135 ; ---------------------------------------------------------
007db135
007db137 loc_7db137:
007db137 mov eax, [$904798]
007db13c mov eax, [eax]
007db13e call -$233fbf ($5a7184) ; segment%79.public%9877 (PCMAV.exe)
007db13e
007db143 loc_7db143:
007db143 cmp byte ptr [ebp-$11], 0
007db147 jnz loc_7db159
007db147
007db149 mov eax, [$904798]
007db14e mov eax, [eax]
007db150 cmp byte ptr [eax+$a8], 0
007db157 jz loc_7db137
007db157
007db159 loc_7db159:
007db159 mov eax, [$904798]
007db15e mov eax, [eax]
007db160 cmp byte ptr [eax+$a8], 0
007db167 jz loc_7db173
007db167
007db169 call -$3d3326 ($407e48) ; segment%0.public%306 (PCMAV.exe)
007db169
007db16e jmp loc_7db3f9
007db16e
007db16e ; ---------------------------------------------------------
007db16e
007db173 loc_7db173:
007db173 cmp byte ptr [ebp-$11], 0
007db177 jnz loc_7db187
007db177
007db179 push 0
007db17b mov eax, [ebp-$10]
007db17e mov eax, [eax+4]
007db181 push eax
007db182 call -$3c8c13 ($412574) ; segment%4.public%971 (PCMAV.exe)
007db182
007db187 loc_7db187:
007db187 cmp byte ptr [ebp-$12], 0
007db18b jz loc_7db2cc
007db18b
007db191 test edi, edi
007db193 jnz loc_7db236
007db193
007db199 mov eax, [$904004]
007db19e mov eax, [eax]
007db1a0 mov eax, [eax+$5d8]
007db1a6 cmp eax, [ebp-$c]
007db1a9 jnz loc_7db1d5
007db1a9
007db1ab mov eax, [ebp-$c]
007db1ae mov eax, [eax+$3a8]
007db1b4 mov edx, ebx
007db1b6 call -$1aa893 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db1b6
007db1bb mov eax, [eax+$c]
007db1be add eax, $c
007db1c1 mov edx, [$900eec] ; 'Deleted'
007db1c7 call -$3d26d4 ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db1c7
007db1cc mov eax, [$903e3c]
007db1d1 dec dword ptr [eax]
007db1d3 jmp loc_7db1f6
007db1d3
007db1d3 ; ---------------------------------------------------------
007db1d3
007db1d5 loc_7db1d5:
007db1d5 mov eax, [ebp-$c]
007db1d8 mov eax, [eax+$3a8]
007db1de mov edx, ebx
007db1e0 call -$1aa8bd ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db1e0
007db1e5 mov eax, [eax+$c]
007db1e8 add eax, $c
007db1eb mov edx, [$900eec] ; 'Deleted'
007db1f1 call -$3d26fe ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db1f1
007db1f6 loc_7db1f6:
007db1f6 mov eax, [ebp-$c]
007db1f9 mov eax, [eax+$3a8]
007db1ff mov edx, ebx
007db201 call -$1aa8de ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db201
007db206 mov dl, 1
007db208 mov ecx, [eax]
007db20a call dword ptr [ecx+$110]
007db20a
007db210 lea edx, [ebp-$2c]
007db213 mov eax, [$903e3c]
007db218 mov eax, [eax]
007db21a call -$38d44f ($44ddd0) ; segment%26.public%2204 (PCMAV.exe)
007db21a
007db21f mov edx, [ebp-$2c]
007db222 mov eax, [$904004]
007db227 mov eax, [eax]
007db229 mov eax, [eax+$3dc]
007db22f call -$2df880 ($4fb9b4) ; segment%62.public%5918 (PCMAV.exe)
007db22f
007db234 jmp loc_7db2ad
007db234
007db234 ; ---------------------------------------------------------
007db234
007db236 loc_7db236:
007db236 mov eax, [$904004]
007db23b mov eax, [eax]
007db23d mov eax, [eax+$5d8]
007db243 cmp eax, [ebp-$c]
007db246 jnz loc_7db272
007db246
007db248 mov eax, [ebp-$c]
007db24b mov eax, [eax+$3a8]
007db251 mov edx, ebx
007db253 call -$1aa930 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db253
007db258 mov eax, [eax+$c]
007db25b add eax, $c
007db25e mov edx, [$900ee8] ; 'Cleaned'
007db264 call -$3d2771 ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db264
007db269 mov eax, [$903e3c]
007db26e dec dword ptr [eax]
007db270 jmp loc_7db293
007db270
007db270 ; ---------------------------------------------------------
007db270
007db272 loc_7db272:
007db272 mov eax, [ebp-$c]
007db275 mov eax, [eax+$3a8]
007db27b mov edx, ebx
007db27d call -$1aa95a ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db27d
007db282 mov eax, [eax+$c]
007db285 add eax, $c
007db288 mov edx, [$900ee8] ; 'Cleaned'
007db28e call -$3d279b ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db28e
007db293 loc_7db293:
007db293 mov eax, [ebp-$c]
007db296 mov eax, [eax+$3a8]
007db29c mov edx, ebx
007db29e call -$1aa97b ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db29e
007db2a3 mov dl, 1
007db2a5 mov ecx, [eax]
007db2a7 call dword ptr [ecx+$110]
007db2a7
007db2ad loc_7db2ad:
007db2ad mov eax, [ebp-$c]
007db2b0 mov eax, [eax+$3a8]
007db2b6 mov edx, ebx
007db2b8 call -$1aa995 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db2b8
007db2bd xor edx, edx
007db2bf mov ecx, [eax]
007db2c1 call dword ptr [ecx+$e4]
007db2c1
007db2c7 jmp loc_7db3b2
007db2c7
007db2c7 ; ---------------------------------------------------------
007db2c7
007db2cc loc_7db2cc:
007db2cc test edi, edi
007db2ce jnz loc_7db342
007db2ce
007db2d0 mov eax, [$904004]
007db2d5 mov eax, [eax]
007db2d7 mov eax, [eax+$5d8]
007db2dd cmp eax, [ebp-$c]
007db2e0 jnz loc_7db305
007db2e0
007db2e2 mov eax, [ebp-$c]
007db2e5 mov eax, [eax+$3a8]
007db2eb mov edx, ebx
007db2ed call -$1aa9ca ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db2ed
007db2f2 mov eax, [eax+$c]
007db2f5 add eax, $c
007db2f8 mov edx, [$900ef4] ; 'Can't be deleted'
007db2fe call -$3d280b ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db2fe
007db303 jmp loc_7db326
007db303
007db303 ; ---------------------------------------------------------
007db303
007db305 loc_7db305:
007db305 mov eax, [ebp-$c]
007db308 mov eax, [eax+$3a8]
007db30e mov edx, ebx
007db310 call -$1aa9ed ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db310
007db315 mov eax, [eax+$c]
007db318 add eax, $c
007db31b mov edx, [$900ef4] ; 'Can't be deleted'
007db321 call -$3d282e ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db321
007db326 loc_7db326:
007db326 mov eax, [ebp-$c]
007db329 mov eax, [eax+$3a8]
007db32f mov edx, ebx
007db331 call -$1aaa0e ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db331
007db336 mov dl, 1
007db338 mov ecx, [eax]
007db33a call dword ptr [ecx+$110]
007db33a
007db340 jmp loc_7db3b2
007db340
007db340 ; ---------------------------------------------------------
007db340
007db342 loc_7db342:
007db342 mov eax, [$904004]
007db347 mov eax, [eax]
007db349 mov eax, [eax+$5d8]
007db34f cmp eax, [ebp-$c]
007db352 jnz loc_7db377
007db352
007db354 mov eax, [ebp-$c]
007db357 mov eax, [eax+$3a8]
007db35d mov edx, ebx
007db35f call -$1aaa3c ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db35f
007db364 mov eax, [eax+$c]
007db367 add eax, $c
007db36a mov edx, [$900ef0] ; 'Can't be cleaned'
007db370 call -$3d287d ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db370
007db375 jmp loc_7db398
007db375
007db375 ; ---------------------------------------------------------
007db375
007db377 loc_7db377:
007db377 mov eax, [ebp-$c]
007db37a mov eax, [eax+$3a8]
007db380 mov edx, ebx
007db382 call -$1aaa5f ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db382
007db387 mov eax, [eax+$c]
007db38a add eax, $c
007db38d mov edx, [$900ef0] ; 'Can't be cleaned'
007db393 call -$3d28a0 ($408af8) ; segment%0.public%358 (PCMAV.exe)
007db393
007db398 loc_7db398:
007db398 mov eax, [ebp-$c]
007db39b mov eax, [eax+$3a8]
007db3a1 mov edx, ebx
007db3a3 call -$1aaa80 ($630928) ; segment%96.public%11895 (PCMAV.exe)
007db3a3
007db3a8 mov dl, 1
007db3aa mov ecx, [eax]
007db3ac call dword ptr [ecx+$110]
007db3ac
007db3b2 loc_7db3b2:
007db3b2 inc ebx
007db3b3 dec esi
007db3b4 jnz loc_7dafef
007db3b4
007db3ba loc_7db3ba:
007db3ba xor eax, eax
007db3bc pop edx
007db3bd pop ecx
007db3be pop ecx
007db3bf mov fs:[eax], edx
007db3c2 push $7db3f9
007db3bf
007db3c7 loc_7db3c7:
007db3c7 mov eax, [$904004]
007db3cc mov eax, [eax]
007db3ce mov eax, [eax+$40c]
007db3d4 mov dl, 1
007db3d6 mov ecx, [eax]
007db3d8 call dword ptr [ecx+$80]
007db3d8
007db3de cmp dword ptr [ebp-$c], 0
007db3e2 jz loc_7db3f1
007db3e2
007db3e4 mov dl, 1
007db3e6 mov eax, [ebp-$c]
007db3e9 mov ecx, [eax]
007db3eb call dword ptr [ecx+$80]
007db3eb
007db3f1 loc_7db3f1:
007db3f1 ret
007db3f1
007db3f1 ; ---------------------------------------------------------
007db3f1
007db3f2 jmp -$3d3847 ($407bb0) ; segment%0.public%300 (PCMAV.exe)
007db3f2
007db3f7 jmp loc_7db3c7
007db3f7
007db3f7 ; ---------------------------------------------------------
007db3f7
007db3f9 loc_7db3f9:
007db3f9 xor eax, eax
[...]

date/time : 2012-03-28, 07:46:51, 453ms
computer name : RAHMAN-6B121E99
user name : RAHMAN <admin>
registered owner : RAHMAN
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 1 hour 2 minutes
program up time : 38 seconds
processors : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory : 517/1013 MB (free/total)
free disk space : (C:) 14.13 GB
display mode : 1024x768, 32 bit
process id : $f58
allocated memory : 21.92 MB
executable : PCMAV.exe
exec. date/time : 2012-03-19 13:36
version : 7.0.61078.27766
compiled with : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad : $0003bfbc, $34804073, $1164c539
callstack crc : $23a58092, $936e4963, $936e4963
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 007A51B6 in module 'PCMAV.exe'. Read of address 0000000C.

main thread ($cf4):
007a51b6 +07e PCMAV.exe segment%155 public%17676
008c9be0 +114 PCMAV.exe segment%261 public%20545
008ca7c7 +0eb PCMAV.exe segment%261 public%20547
00483521 +12d PCMAV.exe segment%30 public%3629
005a690a +76e PCMAV.exe segment%79 public%9859
0048668c +014 PCMAV.exe segment%30 public%3805
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a718e +00a PCMAV.exe segment%79 public%9877
008d9f0c +15c PCMAV.exe segment%265 public%20674
0058ecaf +0a7 PCMAV.exe segment%77 public%9314
005902b3 +013 PCMAV.exe segment%77 public%9377
00591546 +082 PCMAV.exe segment%77 public%9426
00591495 +01d PCMAV.exe segment%77 public%9425
0048668c +014 PCMAV.exe segment%30 public%3805
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a718e +00a PCMAV.exe segment%79 public%9877
0054f130 +238 PCMAV.exe segment%74 public%7970
0048668c +014 PCMAV.exe segment%30 public%3805
7c90eae0 +010 ntdll.dll KiUserCallbackDispatcher
008d5aab +5bb PCMAV.exe segment%265 public%20629
00406f7a +002 PCMAV.exe segment%0 public%260
004dacd6 +05a PCMAV.exe segment%52 public%5330
00406924 +008 PCMAV.exe segment%0 public%227
004dac74 +018 PCMAV.exe segment%52 public%5329
004dcc41 +0bd PCMAV.exe segment%52 public%5375
004dbcd2 +06e PCMAV.exe segment%52 public%5344
005cbc13 +5c3 PCMAV.exe segment%83 public%10648
004fcebc +024 PCMAV.exe segment%62 public%5992
00500fe1 +10d PCMAV.exe segment%62 public%6149
005010f0 +0bc PCMAV.exe segment%62 public%6150
00503cae +026 PCMAV.exe segment%62 public%6249
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
004fcebc +024 PCMAV.exe segment%62 public%5992
004fb89a +026 PCMAV.exe segment%62 public%5908
0059d90a +03a PCMAV.exe segment%79 public%9581
005a74c3 +0b3 PCMAV.exe segment%79 public%9883
008eb1e4 +0d0 PCMAV.exe segment%393 public%20885

thread $cf8:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
100016e9 +00 IDMShellExt.dll

thread $ac4 (TWorkerThread):
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
00677a91 +19 PCMAV.exe segment%98 public%13639
004bc4c3 +2b PCMAV.exe segment%36 public%4586
00483662 +42 PCMAV.exe segment%30 public%3630
00408520 +28 PCMAV.exe segment%0 public%327
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
00677986 +16 PCMAV.exe segment%98 public%13635

thread $a28:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
005da78f +2f PCMAV.exe segment%89 public%10955
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $108:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
006b2e31 +4d PCMAV.exe segment%101 public%14689
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $78c:
77d491c9 +26 USER32.dll GetMessageW
006b21f7 +bb PCMAV.exe segment%101 public%14679
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $e8c (TRunningItemThread):
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
007ac20b +2b PCMAV.exe segment%157 public%17725
007ac48d +39 PCMAV.exe segment%157 public%17737
004bc4c3 +2b PCMAV.exe segment%36 public%4586
00483662 +42 PCMAV.exe segment%30 public%3630
00408520 +28 PCMAV.exe segment%0 public%327
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
007ac3bf +23 PCMAV.exe segment%157 public%17735

thread $668 (TMyThreadedScanMem):
7c90e9be +00a ntdll.dll NtWaitForSingleObject
7c8025d5 +085 kernel32.dll WaitForSingleObjectEx
7c80253d +00d kernel32.dll WaitForSingleObject
00455626 +002 PCMAV.exe segment%26 public%2436
004557d3 +01f PCMAV.exe segment%26 public%2443
00407779 +065 PCMAV.exe segment%0 public%286
004077e8 +020 PCMAV.exe segment%0 public%287
00483fab +13b PCMAV.exe segment%30 public%3653
00484041 +029 PCMAV.exe segment%30 public%3654
008ca843 +00b PCMAV.exe segment%261 public%20548
004bc4c3 +02b PCMAV.exe segment%36 public%4586
00483662 +042 PCMAV.exe segment%30 public%3630
00408520 +028 PCMAV.exe segment%0 public%327
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($cf4) at:
008ca6b1 +019 PCMAV.exe segment%261 public%20546

processes:
000 Idle 0 0
004 System 0 0 normal
274 smss.exe 0 0 normal C:\WINDOWS\system32
2ac csrss.exe 0 0
2c4 winlogon.exe 40 11 high C:\WINDOWS\system32
2f0 services.exe 4 0 normal C:\WINDOWS\system32
2fc lsass.exe 4 0 normal C:\WINDOWS\system32
3a8 svchost.exe 4 0 normal C:\WINDOWS\system32
3ec svchost.exe 0 0
44c svchost.exe 11 10 normal C:\WINDOWS\System32
4c4 svchost.exe 0 0
4ec svchost.exe 0 0
5ac spoolsv.exe 4 0 normal C:\WINDOWS\system32
694 NBService.exe 4 0 normal C:\Program Files\Nero\Nero8\Nero BackItUp
6b0 GoogleUpdate.exe 4 1 below normal C:\Program Files\Google\Update
6c4 RTPSvc.exe 4 0 normal C:\WINDOWS\system32
738 wdfmgr.exe 0 0
26c Explorer.EXE 387 241 normal C:\WINDOWS
298 alg.exe 0 0
48c ctfmon.exe 25 9 normal C:\WINDOWS\system32
494 IDMan.exe 113 65 normal C:\Program Files\Internet Download Manager
0d0 IEMonitor.exe 22 12 normal C:\Program Files\Internet Download Manager
158 wscntfy.exe 17 6 normal C:\WINDOWS\system32
b3c firefox.exe 466 62 normal C:\Program Files\Mozilla Firefox
dc4 plugin-container.exe 11 7 normal C:\Program Files\Mozilla Firefox
8a0 winamp.exe 410 287 normal C:\Program Files\Winamp
398 ProcessHacker.exe 220 115 high C:\Program Files\Process Hacker 2
f58 PCMAV.exe 204 83 normal C:\Documents and Settings\RAHMAN\Desktop\Predator

disassembling:
007a5138 public segment%155.public%17676 (PCMAV.exe): ; function entry point
007a5138 push ebp
007a5139 mov ebp, esp
007a513b push ecx
007a513c mov ecx, $26
007a513b
007a5141 loc_7a5141:
007a5141 push 0
007a5143 push 0
007a5145 dec ecx
007a5146 jnz loc_7a5141
007a5146
007a5148 xchg ecx, [ebp-4]
007a514b push ebx
007a514c push esi
007a514d mov [ebp-$94], ecx
007a5153 mov [ebp-$90], edx
007a5159 mov [ebp-$8c], eax
007a515f lea eax, [ebp-$88]
007a5165 mov edx, [$7a1c68]
007a516b call -$39b0b8 ($40a0b8) ; segment%0.public%441 (PCMAV.exe)
007a516b
007a5170 xor eax, eax
007a5172 push ebp
007a5173 push $7a5860 ; segment%0.public%300 (PCMAV.exe)
007a5178 push dword ptr fs:[eax]
007a517b mov fs:[eax], esp
007a517e mov byte ptr [ebp-$95], 0
007a5185 mov eax, [ebp-$90]
007a518b mov byte ptr [eax], 0
007a518e mov byte ptr [ebp-$bd], 1
007a5195 mov eax, [ebp-$94]
007a519b mov eax, [eax]
007a519d mov dl, 1
007a519f call -$329ae4 ($47b6c0) ; segment%30.public%3370 (PCMAV.exe)
007a519f
007a51a4 mov eax, [ebp-$94]
007a51aa mov eax, [eax]
007a51ac mov byte ptr [eax+$39], 0
007a51b0 mov eax, [ebp-$8c]
007a51b6 > mov eax, [eax+$c]
007a51b9 call -$2e8a ($7a2334) ; segment%154.public%17642 (PCMAV.exe)
007a51b9
007a51be lea edx, [ebp-4]
007a51c1 mov eax, $7a5884
007a51c6 call -$5456f ($750c5c) ; segment%133.public%16904 (PCMAV.exe)
007a51c6
007a51cb mov dword ptr [ebp-$a0], 3
007a51d5 mov dword ptr [ebp-$c8], $900a78
007a51cb
007a51df loc_7a51df:
007a51df lea eax, [ebp-$18]
007a51e2 mov edx, [ebp-$c8]
007a51e8 mov edx, [edx]
007a51ea call -$39c753 ($408a9c) ; segment%0.public%355 (PCMAV.exe)
007a51ea
007a51ef mov eax, [ebp-4]
007a51f2 mov edx, [eax]
007a51f4 call dword ptr [edx+$70]
007a51f4
007a51f7 dec eax
007a51f8 test eax, eax
007a51fa jl loc_7a5756
007a51fa
007a5200 inc eax
007a5201 mov [ebp-$c4], eax
007a5207 mov dword ptr [ebp-$a4], 0
007a5201
007a5211 loc_7a5211:
007a5211 lea ecx, [ebp-8]
007a5214 mov edx, [ebp-$a4]
007a521a mov eax, [ebp-4]
007a521d mov ebx, [eax]
007a521f call dword ptr [ebx+$d8]
007a521f
007a5225 lea edx, [ebp-$f4]
007a522b mov eax, [ebp-8]
007a522e mov ecx, [eax]
007a5230 call dword ptr [ecx+$a0]
007a5230
007a5236 mov edx, [ebp-$f4]
007a523c lea eax, [ebp-$f0]
007a5242 call -$39ba1b ($40982c) ; segment%0.public%421 (PCMAV.exe)
007a5242
007a5247 mov eax, [ebp-$f0]
007a524d lea edx, [ebp-$ec]
007a5253 call -$3560a4 ($44f1b4) ; segment%26.public%2256 (PCMAV.exe)
007a5253
007a5258 mov eax, [ebp-$ec]
007a525e lea edx, [ebp-$e8]
007a5264 call -$358261 ($44d008) ; segment%26.public%2181 (PCMAV.exe)
007a5264
007a5269 mov eax, [ebp-$e8]
007a526f mov edx, [ebp-$18]
007a5272 call -$39b71f ($409b58) ; segment%0.public%431 (PCMAV.exe)
007a5272
007a5277 jnz loc_7a5744
007a5277
007a527d mov eax, [ebp-8]
007a5280 mov edx, [eax]
007a5282 call dword ptr [edx+$80]
007a5282
007a5288 mov [ebp-$ac], eax
007a528e lea edx, [ebp-$c]
007a5291 mov eax, [ebp-8]
007a5294 mov ecx, [eax]
007a5296 call dword ptr [ecx+$110]
007a5296
007a529c mov eax, [ebp-$c]
007a529f mov edx, [eax]
007a52a1 call dword ptr [edx+$70]
007a52a1
007a52a4 mov esi, eax
007a52a6 dec esi
007a52a7 test esi, esi
007a52a9 jl loc_7a555a
007a52a9
007a52af inc esi
007a52b0 mov dword ptr [ebp-$a8], 0
007a52af
007a52ba loc_7a52ba:
007a52ba mov eax, [$904798]
007a52bf mov eax, [eax]
007a52c1 call -$1fe142 ($5a7184) ; segment%79.public%9877 (PCMAV.exe)
007a52c1
007a52c6 lea ecx, [ebp-$10]
007a52c9 mov edx, [ebp-$a8]
007a52cf mov eax, [ebp-$c]
007a52d2 mov ebx, [eax]
007a52d4 call dword ptr [ebx+$d8]
007a52d4
007a52da mov eax, [ebp-$10]
007a52dd mov edx, [eax]
007a52df call dword ptr [edx+$80]
007a52df
007a52e5 mov ebx, eax
007a52e7 mov edx, ebx
007a52e9 mov eax, [ebp-$8c]
007a52ef call -$eb0 ($7a4444) ; segment%155.public%17671 (PCMAV.exe)
007a52ef
007a52f4 mov [ebp-$9c], eax
007a52fa lea eax, [ebp-$14]
007a52fd push eax
007a52fe mov ecx, ebx
007a5300 mov edx, [ebp-$ac]
007a5306 mov eax, [ebp-$8c]
007a530c call -$d9d ($7a4574) ; segment%155.public%17672 (PCMAV.exe)
007a530c
007a5311 cmp dword ptr [ebp-$14], 0
007a5315 jz loc_7a5329
007a5315
007a5317 mov dl, 1
007a5319 mov eax, [ebp-$14]
007a531c call -$356aa5 ($44e87c) ; segment%26.public%2235 (PCMAV.exe)
007a531c
007a5321 test al, al
007a5323 jnz loc_7a554d
007a5323
007a5329 loc_7a5329:
007a5329 xor ebx, ebx
007a532b lea eax, [ebp-$e4]
007a5331 xor ecx, ecx
007a5333 mov edx, $1c
007a5338 call -$39ffe5 ($405358) ; segment%0.public%174 (PCMAV.exe)
007a5338
007a533d jmp loc_7a5519
007a533d
007a533d ; ---------------------------------------------------------
007a533d
007a5342 loc_7a5342:
007a5342 mov eax, [ebp-$dc]
007a5348 or eax, 4
007a534b or eax, $10
007a534e jz loc_7a550d
007a534e
007a5354 cmp dword ptr [ebp-$d4], $1000
007a535e jnz loc_7a550d
007a535e
007a5364 mov eax, [ebp-$e4]
007a536a mov [ebp-$b8], eax
007a5370 mov eax, [ebp-$e4]
007a5376 add eax, [ebp-$d8]
007a537c mov [ebp-$bc], eax
007a5382 mov eax, [ebp-$b8]
007a5388 cmp eax, [ebp-$9c]
007a538e ja loc_7a550d
007a538e
007a5394 mov eax, [ebp-$bc]
007a539a cmp eax, [ebp-$9c]
007a53a0 jbe loc_7a550d
007a53a0
007a53a6 push 4
007a53a8 push $1000
007a53ad mov eax, [ebp-$d8]
007a53b3 push eax
007a53b4 push 0
007a53b6 call -$392e2f ($41258c) ; segment%4.public%974 (PCMAV.exe)
007a53b6
007a53bb mov [ebp-$b4], eax
007a53c1 cmp dword ptr [ebp-$b4], 0
007a53c8 jz loc_7a550d
007a53c8
007a53ce lea eax, [ebp-$20]
007a53d1 xor ecx, ecx
007a53d3 mov edx, [ebp-$d8]
007a53d9 call -$39c172 ($40926c) ; segment%0.public%395 (PCMAV.exe)
007a53d9
007a53de lea eax, [ebp-$b0]
007a53e4 push eax
007a53e5 mov eax, [ebp-$d8]
007a53eb push eax
007a53ec mov eax, [ebp-$20]
007a53ef push eax
007a53f0 mov eax, [ebp-$e4]
007a53f6 push eax
007a53f7 lea edx, [ebp-$f8]
007a53fd mov eax, [ebp-8]
007a5400 mov ecx, [eax]
007a5402 call dword ptr [ecx+$88]
007a5402
007a5408 mov eax, [ebp-$f8]
007a540e mov edx, [eax]
007a5410 call dword ptr [edx+$78]
007a5410
007a5413 push eax
007a5414 call -$392f9d ($41247c) ; segment%4.public%940 (PCMAV.exe)
007a5414
007a5419 test eax, eax
007a541b jz loc_7a54fa
007a541b
007a5421 mov eax, [ebp-$b0]
007a5427 cmp eax, [ebp-$d8]
007a542d jnz loc_7a54fa
007a542d
007a5433 push 1
007a5435 lea eax, [ebp-$100]
007a543b mov edx, [$900ac8] ; 'A0CF252481C21173A0CF252481C21173E7C8AA3464283264C1B768EFE95004B6F1069F8D9023FBE8BFE591A6CB762EDD41BC'
007a5441 call -$39bc1a ($40982c) ; segment%0.public%421 (PCMAV.exe)
007a5441
007a5446 mov eax, [ebp-$100]
007a544c lea edx, [ebp-$fc]
007a5452 call -$af0fb ($6f635c) ; segment%112.public%15854 (PCMAV.exe)
007a5452
007a5457 mov eax, [ebp-$fc]
007a545d push eax
007a545e lea eax, [ebp-$104]
007a5464 mov edx, [ebp-$20]
007a5467 call -$39bc40 ($40982c) ; segment%0.public%421 (PCMAV.exe)
007a5467
007a546c mov eax, [ebp-$104]
007a5472 xor ecx, ecx
007a5474 pop edx
007a5475 call -$af2ee ($6f618c) ; segment%112.public%15852 (PCMAV.exe)
007a5475
007a547a test eax, eax
007a547c jz loc_7a54fa
007a547c
007a547e cmp byte ptr [ebp-$95], 0
007a5485 jnz loc_7a548e
007a5485
007a5487 mov byte ptr [ebp-$95], 1
007a5485
007a548e loc_7a548e:
007a548e cmp byte ptr [ebp-$bd], 0
007a5495 jz loc_7a54ca
007a5495
007a5497 push 0
007a5499 push $ffffffff
007a549b push $ffffffff
007a549d push 0
007a549f movzx ecx, word ptr [$7a5888]
007a54a6 mov dl, 2
007a54a8 mov eax, $7a5898
007a54ad call -$25d9da ($547ad8) ; segment%73.public%7866 (PCMAV.exe)
007a54ad
007a54b2 cmp eax, 6
007a54b5 jz loc_7a54c3
007a54b5
007a54b7 mov byte ptr [ebp-$95], 1
007a54be jmp loc_7a5769
007a54be
007a54be ; ---------------------------------------------------------
007a54be
007a54c3 loc_7a54c3:
007a54c3 mov byte ptr [ebp-$bd], 0
007a54be
007a54ca loc_7a54ca:
007a54ca mov eax, [ebp-$10]
007a54cd mov edx, [eax]
007a54cf call dword ptr [edx+$9c]
007a54cf
007a54d5 test al, al
007a54d7 jz loc_7a54e6
007a54d7
007a54d9 xor edx, edx
007a54db mov eax, [ebp-$10]
007a54de mov ecx, [eax]
007a54e0 call dword ptr [ecx+$108]
007a54e0
007a54e6 loc_7a54e6:
007a54e6 mov eax, [ebp-$90]
007a54ec cmp byte ptr [eax], 0
007a54ef jnz loc_7a54fa
007a54ef
007a54f1 mov eax, [ebp-$90]
007a54f7 mov byte ptr [eax], 1
007a54f1
007a54fa loc_7a54fa:
007a54fa push $8000
007a54ff push 0
007a5501 mov eax, [ebp-$b4]
007a5507 push eax
007a5508 call -$392f79 ($412594) ; segment%4.public%975 (PCMAV.exe)
007a5508
007a550d loc_7a550d:
007a550d mov ebx, [ebp-$e4]
007a5513 add ebx, [ebp-$d8]
007a550d
007a5519 loc_7a5519:
007a5519 push $1c
007a551b lea eax, [ebp-$e4]
007a5521 push eax
007a5522 push ebx
007a5523 lea edx, [ebp-$108]
007a5529 mov eax, [ebp-8]
007a552c mov ecx, [eax]
007a552e call dword ptr [ecx+$88]
007a552e
007a5534 mov eax, [ebp-$108]
007a553a mov edx, [eax]
007a553c call dword ptr [edx+$78]
007a553c
007a553f push eax
007a5540 call -$392f89 ($4125bc) ; segment%4.public%980 (PCMAV.exe)
007a5540
007a5545 test eax, eax
007a5547 ja loc_7a5342
007a5547
007a554d loc_7a554d:
007a554d inc dword ptr [ebp-$a8]
007a5553 dec esi
007a5554 jnz loc_7a52ba
007a5554
007a555a loc_7a555a:
007a555a cmp byte ptr [ebp-$95], 0
007a5561 jz loc_7a5744
007a5561
007a5567 mov eax, [ebp-$8c]
007a556d mov eax, [eax+$c]
007a5570 mov esi, [eax+$10]
007a5573 dec esi
007a5574 test esi, esi
007a5576 jl loc_7a5744
007a5576
007a557c inc esi
007a557d xor ebx, ebx
007a557c
007a557f loc_7a557f:
007a557f lea ecx, [ebp-$88]
007a5585 mov eax, [ebp-$8c]
007a558b mov eax, [eax+$c]
007a558e mov edx, ebx
007a5590 call -$32cd ($7a22c8) ; segment%154.public%17640 (PCMAV.exe)
007a5590
007a5595 mov eax, [ebp-$88]
007a559b cmp eax, [ebp-$ac]
007a55a1 jnz loc_7a573c
007a55a1
007a55a7 mov dl, 1
007a55a9 mov eax, [ebp-$80]
007a55ac call -$356d35 ($44e87c) ; segment%26.public%2235 (PCMAV.exe)
007a55ac
007a55b1 test al, al
007a55b3 jz loc_7a573c
007a55b3
007a55b9 lea edx, [ebp-$110]
007a55bf mov eax, [ebp-$80]
007a55c2 call -$3563d3 ($44f1f4) ; segment%26.public%2257 (PCMAV.exe)
007a55c2
007a55c7 mov eax, [ebp-$110]
007a55cd lea edx, [ebp-$10c]
007a55d3 call -$3585d0 ($44d008) ; segment%26.public%2181 (PCMAV.exe)
007a55d3
007a55d8 mov eax, [ebp-$10c]
007a55de mov edx, $7a59bc
007a55e3 call -$39ba90 ($409b58) ; segment%0.public%431 (PCMAV.exe)
007a55e3
007a55e8 jnz loc_7a573c
007a55e8
007a55ee movzx ecx, word ptr [ebp-$82]
007a55f5 mov edx, [ebp-$ac]
007a55fb mov eax, [ebp-$8c]
007a5601 call -$132a ($7a42dc) ; segment%155.public%17669 (PCMAV.exe)
007a5601
007a5606 test eax, eax
007a5608 lea eax, [ebp-$114]
007a560e mov edx, [ebp-$80]
007a5611 call -$39bdb6 ($409860) ; segment%0.public%423 (PCMAV.exe)
007a5611
007a5616 mov ecx, [ebp-$114]
007a561c mov edx, $1f01ff
007a5621 mov eax, [ebp-$8c]
007a5627 call -$14f0 ($7a413c) ; segment%155.public%17668 (PCMAV.exe)
007a5627
007a562c test al, al
007a562e jnz loc_7a56a0
007a562e
007a5630 lea eax, [ebp-$11c]
007a5636 mov edx, [ebp-$80]
007a5639 call -$39bdde ($409860) ; segment%0.public%423 (PCMAV.exe)
007a5639
007a563e mov eax, [ebp-$11c]
007a5644 lea edx, [ebp-$118]
007a564a call -$2ed73 ($7768dc) ; segment%146.public%17313 (PCMAV.exe)
007a564a
007a564f mov eax, [ebp-$118]
007a5655 xor edx, edx
007a5657 mov ecx, [eax]
007a5659 call dword ptr [ecx+$a0]
007a5659
007a565f lea eax, [ebp-$128]
007a5665 mov edx, [ebp-$80]
007a5668 call -$39be0d ($409860) ; segment%0.public%423 (PCMAV.exe)
007a5668
007a566d mov eax, [ebp-$128]
007a5673 lea edx, [ebp-$124]
007a5679 call -$2eda2 ($7768dc) ; segment%146.public%17313 (PCMAV.exe)
007a5679
007a567e mov eax, [ebp-$124]
007a5684 lea edx, [ebp-$120]
007a568a mov ecx, [eax]
007a568c call dword ptr [ecx+$8c]
007a568c
007a5692 mov eax, [ebp-$120]
007a5698 mov edx, [eax]
007a569a call dword ptr [edx+$104]
007a569a
007a56a0 loc_7a56a0:
007a56a0 push 0
007a56a2 lea ecx, [ebp-$1c]
007a56a5 mov edx, [ebp-$80]
007a56a8 mov eax, [ebp-$8c]
007a56ae call -$c43 ($7a4a70) ; segment%155.public%17675 (PCMAV.exe)
007a56ae
007a56b3 test al, al
007a56b5 jz loc_7a573c
007a56b5
007a56bb lea eax, [ebp-$12c]
007a56c1 mov ecx, [ebp-$80]
007a56c4 mov edx, $7a59d4
007a56c9 call -$39bd0e ($4099c0) ; segment%0.public%428 (PCMAV.exe)
007a56c9
007a56ce mov edx, [ebp-$12c]
007a56d4 mov eax, [ebp-$8c]
007a56da call -$187f ($7a3e60) ; segment%155.public%17664 (PCMAV.exe)
007a56da
007a56df push dword ptr [ebp-$1c]
007a56e2 push $7a5a08
007a56e7 push dword ptr [ebp-$80]
007a56ea lea eax, [ebp-$130]
007a56f0 mov edx, 3
007a56f5 call -$39bcb2 ($409a48) ; segment%0.public%429 (PCMAV.exe)
007a56f5
007a56fa mov edx, [ebp-$130]
007a5700 mov eax, [ebp-$8c]
007a5706 mov eax, [eax+4]
007a5709 mov ecx, [eax]
007a570b call dword ptr [ecx+$38]
007a570b
007a570e push dword ptr [ebp-$1c]
007a5711 push $7a5a08
007a5716 push dword ptr [ebp-$80]
007a5719 lea eax, [ebp-$134]
007a571f mov edx, 3
007a5724 call -$39bce1 ($409a48) ; segment%0.public%429 (PCMAV.exe)
007a5724
007a5729 mov edx, [ebp-$134]
007a572f mov eax, [ebp-$94]
007a5735 mov eax, [eax]
007a5737 mov ecx, [eax]
007a5739 call dword ptr [ecx+$38]
007a5739
007a573c loc_7a573c:
007a573c inc ebx
007a573d dec esi
007a573e jnz loc_7a557f
007a573e
007a5744 loc_7a5744:
007a5744 inc dword ptr [ebp-$a4]
007a574a dec dword ptr [ebp-$c4]
007a5750 jnz loc_7a5211
007a5750
007a5756 loc_7a5756:
007a5756 add dword ptr [ebp-$c8], 4
007a575d dec dword ptr [ebp-$a0]
007a5763 jnz loc_7a51df
007a5763
007a5769 loc_7a5769:
007a5769 xor eax, eax
007a576b pop edx
007a576c pop ecx
007a576d pop ecx
007a576e mov fs:[eax], edx
007a5771 push $7a586a
007a576e
007a5776 loc_7a5776:
007a5776 lea eax, [ebp-$134]
007a577c mov edx, 3
007a5781 call -$39d0b2 ($4086d4) ; segment%0.public%337 (PCMAV.exe)
007a5781
007a5786 lea eax, [ebp-$128]
007a578c call -$39d0d5 ($4086bc) ; segment%0.public%336 (PCMAV.exe)
007a578c
007a5791 lea eax, [ebp-$124]
007a5797 call -$3992d8 ($40c4c4) ; segment%0.public%516 (PCMAV.exe)
007a5797
007a579c lea eax, [ebp-$120]
007a57a2 call -$3992e3 ($40c4c4) ; segment%0.public%516 (PCMAV.exe)
007a57a2
007a57a7 lea eax, [ebp-$11c]
007a57ad call -$39d0f6 ($4086bc) ; segment%0.public%336 (PCMAV.exe)
007a57ad
007a57b2 lea eax, [ebp-$118]
007a57b8 call -$3992f9 ($40c4c4) ; segment%0.public%516 (PCMAV.exe)
007a57b8
007a57bd lea eax, [ebp-$114]
007a57c3 call -$39d10c ($4086bc) ; segment%0.public%336 (PCMAV.exe)
007a57c3
007a57c8 lea eax, [ebp-$110]
007a57ce mov edx, 2
007a57d3 call -$39d104 ($4086d4) ; segment%0.public%337 (PCMAV.exe)
007a57d3
007a57d8 lea eax, [ebp-$108]
007a57de call -$39931f ($40c4c4) ; segment%0.public%516 (PCMAV.exe)
007a57de
007a57e3 lea eax, [ebp-$104]
007a57e9 mov edx, 3
007a57ee call -$39d11f ($4086d4) ; segment%0.public%337 (PCMAV.exe)
007a57ee
007a57f3 lea eax, [ebp-$f8]
007a57f9 call -$39933a ($40c4c4) ; segment%0.public%516 (PCMAV.exe)
007a57f9
[...]

date/time : 2012-03-29, 18:47:30, 953ms
computer name : RAHMAN-6B121E99
user name : RAHMAN <admin>
registered owner : RAHMAN
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 29 minutes 31 seconds
program up time : 4 minutes 23 seconds
processors : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory : 727/1013 MB (free/total)
free disk space : (C:) 13.99 GB
display mode : 1024x768, 32 bit
process id : $4e8
allocated memory : 34.36 MB
executable : PCMAV.exe
exec. date/time : 2012-03-19 13:36
version : 7.0.61078.27766
compiled with : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad : $0003bfbc, $34804073, $1164c539
callstack crc : $02bac69e, $e51166a8, $e51166a8
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 004F005B in module 'PCMAV.exe'. Write of address 00000001.

main thread ($e4):
004f005b +44f PCMAV.exe segment%62 public%5713
00406924 +008 PCMAV.exe segment%0 public%227
008dbd71 +0cd PCMAV.exe segment%265 public%20726
008d518a +01e PCMAV.exe segment%265 public%20623
005a23a5 +055 PCMAV.exe segment%79 public%9701
005a22cd +021 PCMAV.exe segment%79 public%9700
005a1324 +000 PCMAV.exe segment%79 public%9672
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
7c90eae0 +010 ntdll.dll KiUserCallbackDispatcher
77d4b9b7 +7d2 USER32.dll DefWindowProcW
77d4c02f +016 USER32.dll CallWindowProcW
00501ce0 +0d8 PCMAV.exe segment%62 public%6159
005a0322 +05a PCMAV.exe segment%79 public%9638
00503945 +0a1 PCMAV.exe segment%62 public%6228
005a13f5 +055 PCMAV.exe segment%79 public%9675
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
77d4b7a6 +044 USER32.dll SendMessageW
77d4b9b7 +7d2 USER32.dll DefWindowProcW
77d4c02f +016 USER32.dll CallWindowProcW
00501ce0 +0d8 PCMAV.exe segment%62 public%6159
005a0322 +05a PCMAV.exe segment%79 public%9638
004fd951 +015 PCMAV.exe segment%62 public%6011
005a0fe0 +084 PCMAV.exe segment%79 public%9664
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a718e +00a PCMAV.exe segment%79 public%9877
007a99c6 +142 PCMAV.exe segment%156 public%17697
008c9de8 +31c PCMAV.exe segment%261 public%20545
008ca7c7 +0eb PCMAV.exe segment%261 public%20547
00483521 +12d PCMAV.exe segment%30 public%3629
005a690a +76e PCMAV.exe segment%79 public%9859
0048668c +014 PCMAV.exe segment%30 public%3805
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a718e +00a PCMAV.exe segment%79 public%9877
008da986 +15e PCMAV.exe segment%265 public%20693
004fd7f3 +06f PCMAV.exe segment%62 public%6006
00517c2a +01e PCMAV.exe segment%63 public%6738
005cd828 +068 PCMAV.exe segment%83 public%10707
00518718 +010 PCMAV.exe segment%63 public%6770
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
005178f4 +06c PCMAV.exe segment%63 public%6726
004fcebc +024 PCMAV.exe segment%62 public%5992
00501d33 +023 PCMAV.exe segment%62 public%6160
005027bf +00b PCMAV.exe segment%62 public%6168
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
77d4b7a6 +044 USER32.dll SendMessageW
77d4c02f +016 USER32.dll CallWindowProcW
00501ce0 +0d8 PCMAV.exe segment%62 public%6159
004fdc48 +010 PCMAV.exe segment%62 public%6023
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
005178f4 +06c PCMAV.exe segment%63 public%6726
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a71a6 +00a PCMAV.exe segment%79 public%9878
005a74d9 +0c9 PCMAV.exe segment%79 public%9883
008eb1e4 +0d0 PCMAV.exe segment%393 public%20885

thread $ec8:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
100016e9 +00 IDMShellExt.dll

thread $ec4 (TWorkerThread):
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
00677a91 +19 PCMAV.exe segment%98 public%13639
004bc4c3 +2b PCMAV.exe segment%36 public%4586
00483662 +42 PCMAV.exe segment%30 public%3630
00408520 +28 PCMAV.exe segment%0 public%327
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
00677986 +16 PCMAV.exe segment%98 public%13635

thread $9c:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
005da78f +2f PCMAV.exe segment%89 public%10955
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $edc:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
006b2e31 +4d PCMAV.exe segment%101 public%14689
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $3e4:
77d491c9 +26 USER32.dll GetMessageW
006b21f7 +bb PCMAV.exe segment%101 public%14679
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
005da09d +6d PCMAV.exe segment%89 public%10932

thread $f4c:
7c90e286 +00a ntdll.dll NtReadFile
7c80186f +061 kernel32.dll ReadFile
0079460b +1e7 PCMAV.exe segment%150 public%17583
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
0079487f +233 PCMAV.exe segment%150 public%17584

thread $518:
7c90d85a +a ntdll.dll NtDelayExecution

thread $704:
7c90e9a9 +a ntdll.dll NtWaitForMultipleObjects

thread $378:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
769c8951 +00 Userenv.dll

thread $860:
7c90e397 +0a ntdll.dll NtReplyWaitReceivePortEx
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
77e8760d +00 RPCRT4.dll

thread $350:
7c90e397 +0a ntdll.dll NtReplyWaitReceivePortEx
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
77e8760d +00 RPCRT4.dll

thread $ef4 (TMyThreadedScanMem):
7c90e9be +00a ntdll.dll NtWaitForSingleObject
7c8025d5 +085 kernel32.dll WaitForSingleObjectEx
7c80253d +00d kernel32.dll WaitForSingleObject
00455626 +002 PCMAV.exe segment%26 public%2436
004557d3 +01f PCMAV.exe segment%26 public%2443
00407779 +065 PCMAV.exe segment%0 public%286
004077e8 +020 PCMAV.exe segment%0 public%287
00483fab +13b PCMAV.exe segment%30 public%3653
00484041 +029 PCMAV.exe segment%30 public%3654
008ca843 +00b PCMAV.exe segment%261 public%20548
004bc4c3 +02b PCMAV.exe segment%36 public%4586
00483662 +042 PCMAV.exe segment%30 public%3630
00408520 +028 PCMAV.exe segment%0 public%327
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($e4) at:
008ca6b1 +019 PCMAV.exe segment%261 public%20546

thread $834:
7c90e319 +0a ntdll.dll NtRemoveIoCompletion
7c80cbd3 +23 kernel32.dll GetQueuedCompletionStatus
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $8f8 at:
77e8760d +00 RPCRT4.dll

processes:
000 Idle 0 0
004 System 0 0 normal
274 smss.exe 0 0 normal C:\WINDOWS\system32
2a4 csrss.exe 43 54 normal C:\WINDOWS\system32
2bc winlogon.exe 40 11 high C:\WINDOWS\system32
2e8 services.exe 4 0 normal C:\WINDOWS\system32
2f4 lsass.exe 4 0 normal C:\WINDOWS\system32
3a0 svchost.exe 4 0 normal C:\WINDOWS\system32
3ec svchost.exe 4 0 normal C:\WINDOWS\system32
44c svchost.exe 11 10 normal C:\WINDOWS\System32
4c8 svchost.exe 4 0 normal C:\WINDOWS\system32
4f0 svchost.exe 4 0 normal C:\WINDOWS\system32
5b0 spoolsv.exe 4 0 normal C:\WINDOWS\system32
688 NBService.exe 4 0 normal C:\Program Files\Nero\Nero8\Nero BackItUp
750 RTPSvc.exe 4 0 normal C:\WINDOWS\system32
758 GoogleUpdate.exe 4 1 below normal C:\Program Files\Google\Update
77c Explorer.EXE 226 98 normal C:\WINDOWS
0ac wdfmgr.exe 4 0 normal C:\WINDOWS\system32
4dc alg.exe 4 0 normal C:\WINDOWS\System32
69c ctfmon.exe 25 9 normal C:\WINDOWS\system32
6f0 IDMan.exe 93 59 normal C:\Program Files\Internet Download Manager
0c0 wscntfy.exe 17 6 normal C:\WINDOWS\system32
0e8 IEMonitor.exe 22 12 normal C:\Program Files\Internet Download Manager
674 GoogleCrashHandler.exe 8 0 normal C:\Documents and Settings\RAHMAN\Local Settings\Application Data\Google\Update\1.2.183.29
4e8 PCMAV.exe 228 118 normal C:\Documents and Settings\RAHMAN\Desktop\Predator

**HerryHernandez** · 31-03-2012 01:33:45

HerryHernandez
Junior Member
Offline

Registered: 27-04-2010
Posts: 171
User Karma: 4

Re: PC Media Predator Technical Preview

Saya jg sering mengalami hal yang sama dengan Sdr. indraramadhan094..
Crash jg terjadi sewaktu percobaan scan tetapi tidak memilih drive yang akan di scan...

**Rahman** · 31-03-2012 08:27:42

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

Team PCMAV jgn lupa ya ditambahkan fitur yg dapat memunculkan file yang di hidden virus biar ngk pakai Software lain lagi, biar makin Complete nih Predatornya

**Rahman** · 01-04-2012 08:39:27

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 731
User Karma: 32

Re: PC Media Predator Technical Preview

@Indra
Bro, mau nanya nih, menurut km berguna tidak kalau Predator ini dilengkapi Attribut Fixer agar dapat memunculkan file yg di hidden virus???? soalnya mau coba PCMAV Predator di Laptop saya sygnya lagi tidak bersahabat,,, jadi saya tdk tahu apkh Predator sdh dilengkapi fitur itu/tidak...

Last edited by Rahman (01-04-2012 08:44:10)

**indraramadhan094** · 01-04-2012 10:16:15

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

Berguna, Tetapi Mungkin Fitur Nanti di Sertakan. Untuk Saat ini mungkin sedang dalam pengembangan. Hanya developer yang tau..

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

**indraramadhan094** · 03-04-2012 20:19:56

indraramadhan094
Moderator
Offline

From: Kota Tangerang, Banten
Registered: 04-04-2010
Posts: 545
User Karma: 13

Re: PC Media Predator Technical Preview

Saya Melakukan Pengujian pada PC Media Predator Technical Preview di OS Windows 7 SP1.

Ketika muncul Program PCMAV, Muncul seperti gambar dibawah ini. Hal ini juga Muncul ketika checklist RTP PCMAV

Saya ingin bertanya, Koq tidak bisa di Karantina?

Malah muncul seperti ini, padahal kapasitas Flashdisk Masih Penuh.

Saya bingung dengan Bacaan Threat di RTP PCMAV, Apakah Heuristik PCMAV atau semacam Block Program in USB. Lalu saya juga Tidak menemuka Virus Suspection di PCMAV ini. Apakah digantikan dengan Heur.Crypted? Apakah file yang di Encrypt dengan Packer2 yang Umum digunakan atau apa?

Dan Juga PCMAV ini sepertinya tidak ada Fitur Scan With di Win7 SP1 X64

Saya juga Ingin Melaporkan PCMAV tidak bisa dijalankan dengan Program Sandboxie di OS Windows XP.

Like Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Follow Akun Twitter Majalah PC Media : https://twitter.com/PCMedia_ID

> PENGUMUMAN <

[ Closed ] PC Media Predator Technical Preview (Page 1 of 2)

Posts [ 1 to 25 of 28 ]

1 Topic by indraramadhan094 26-03-2012 19:18:57

Topic: PC Media Predator Technical Preview

2 Reply by Rahman 26-03-2012 20:10:04

Re: PC Media Predator Technical Preview

3 Reply by wizardft 26-03-2012 20:15:36

Re: PC Media Predator Technical Preview

4 Reply by Rahman 26-03-2012 20:17:27

Re: PC Media Predator Technical Preview

5 Reply by indraramadhan094 26-03-2012 20:21:06

Re: PC Media Predator Technical Preview

6 Reply by indraramadhan094 26-03-2012 22:10:14

Re: PC Media Predator Technical Preview

7 Reply by hari 27-03-2012 00:50:06

Re: PC Media Predator Technical Preview

8 Reply by Rahman 27-03-2012 05:54:15

Re: PC Media Predator Technical Preview

9 Reply by anjing_hitam 27-03-2012 09:40:15

Re: PC Media Predator Technical Preview

10 Reply by fajar.anggiawan 27-03-2012 10:38:12

Re: PC Media Predator Technical Preview

11 Reply by Rahman 27-03-2012 11:07:06

Re: PC Media Predator Technical Preview

12 Reply by fajar.anggiawan 27-03-2012 11:32:49

Re: PC Media Predator Technical Preview

13 Reply by Rahman 27-03-2012 12:31:41

Re: PC Media Predator Technical Preview

14 Reply by indraramadhan094 27-03-2012 18:30:35

Re: PC Media Predator Technical Preview

15 Reply by hari 27-03-2012 18:32:00

Re: PC Media Predator Technical Preview

16 Reply by Fandy 27-03-2012 19:23:16

Re: PC Media Predator Technical Preview

17 Reply by indraramadhan094 28-03-2012 20:07:15

Re: PC Media Predator Technical Preview

18 Reply by Rahman 29-03-2012 18:02:19

Re: PC Media Predator Technical Preview

19 Reply by indraramadhan094 29-03-2012 19:00:18

Re: PC Media Predator Technical Preview

20 Reply by Rahman 30-03-2012 05:47:12

Re: PC Media Predator Technical Preview

21 Reply by HerryHernandez 31-03-2012 01:33:45

Re: PC Media Predator Technical Preview

22 Reply by Rahman 31-03-2012 08:27:42

Re: PC Media Predator Technical Preview

23 Reply by Rahman 01-04-2012 08:39:27

Re: PC Media Predator Technical Preview

24 Reply by indraramadhan094 01-04-2012 10:16:15

Re: PC Media Predator Technical Preview

25 Reply by indraramadhan094 03-04-2012 20:19:56

Re: PC Media Predator Technical Preview

Posts [ 1 to 25 of 28 ]