HProtect_Ring0

2013-06-18 14:09:11:577 - .\main.c,482,0,1,1,352
2013-06-18 14:09:11:708 - .\BaseFunc.c,2496
2013-06-18 14:09:11:723 - 0xc28ac008 is Executable
2013-06-18 14:09:11:844 - .\Hook.c,3030
2013-06-18 14:09:11:878 - .\GetCleanSSDT.C,715
2013-06-18 14:09:12:051 - .\Hook.c,3040
2013-06-18 14:09:12:089 - .\Hook.c,3050
2013-06-18 14:09:12:137 - .\Hook.c,3061
2013-06-18 14:09:12:174 - .\Hook.c,3071
2013-06-18 14:09:12:243 - .\Hook.c,3081
2013-06-18 14:09:12:309 - .\Hook.c,3086
2013-06-18 14:09:12:387 - 0xbf845760 is Executable
2013-06-18 14:09:13:115 - 0xb3921910 is Executable
2013-06-18 14:11:52:895 - .\SignData.c,177
2013-06-18 14:11:52:897 - .\Hook.c,127
2013-06-18 14:13:16:561 - 0xba1ce910 is Executable
2013-06-18 14:17:19:918 - 0xb8246008 is Executable
2013-06-18 14:21:23:282 - 0x8c1cc740 is Executable
2013-06-18 14:25:26:682 - 0xb955a008 is Executable
2013-06-18 14:29:30:120 - 0xc35025d8 is Executable
2013-06-18 14:33:33:524 - 0xb8157008 is Executable
2013-06-18 14:37:36:917 - 0xb014a910 is Executable
2013-06-18 14:41:40:347 - 0xb065c5b0 is Executable
2013-06-18 14:45:43:860 - 0xb065c5b0 is Executable
2013-06-18 14:49:47:874 - 0xb065c5b0 is Executable
2013-06-18 14:53:51:331 - 0xa9c63730 is Executable
2013-06-18 14:57:54:472 - 0xbef8a008 is Executable
2013-06-18 15:01:57:842 - 0xb9513910 is Executable
2013-06-18 15:06:01:255 - 0xc6d663c0 is Executable
2013-06-18 15:10:04:355 - 0xc375d910 is Executable
2013-06-18 15:14:07:455 - 0xb79ba910 is Executable
2013-06-18 15:18:10:576 - 0x8f1a8910 is Executable
2013-06-18 15:22:13:596 - 0xc375d910 is Executable
2013-06-18 15:26:16:666 - 0xb9513910 is Executable
2013-06-18 15:30:19:907 - 0xc375d910 is Executable
2013-06-18 15:34:22:968 - 0xb2044008 is Executable
2013-06-18 15:38:26:187 - 0xc31d6008 is Executable
2013-06-18 15:42:29:581 - 0xc341a008 is Executable
2013-06-18 15:46:30:740 - .\Function.c,2422
2013-06-18 15:46:30:740 - 0xb81b7f90 is Executable
2013-06-18 15:46:33:080 - .\main.c,297
2013-06-18 16:16:08:925 - .\main.c,482,0,1,1,352
2013-06-18 16:16:08:956 - .\BaseFunc.c,2496
2013-06-18 16:16:08:956 - 0xbde61388 is Executable
2013-06-18 16:16:09:018 - .\Hook.c,3030
2013-06-18 16:16:09:018 - .\GetCleanSSDT.C,715
2013-06-18 16:16:09:081 - .\Hook.c,3040
2013-06-18 16:16:09:081 - .\Hook.c,3050
2013-06-18 16:16:09:096 - .\Hook.c,3061
2013-06-18 16:16:09:096 - .\Hook.c,3071
2013-06-18 16:16:09:096 - .\Hook.c,3081
2013-06-18 16:16:09:096 - .\Hook.c,3086
2013-06-18 16:16:09:096 - 0xbab2a910 is Executable
2013-06-18 16:16:09:720 - 0xc3b30910 is Executable
2013-06-18 16:20:13:360 - 0x8e19f910 is Executable
2013-06-18 16:24:16:770 - 0xc3685910 is Executable
2013-06-18 16:25:42:681 - .\SignData.c,177
2013-06-18 16:25:42:681 - .\Hook.c,127
2013-06-18 16:28:20:491 - 0xb672a910 is Executable
2013-06-18 16:32:24:091 - 0xb662a568 is Executable
2013-06-18 16:36:27:861 - 0xa9da4510 is Executable
2013-06-18 16:40:31:492 - 0x8bce0008 is Executable
2013-06-18 16:4

4:35:172 - 0xa9c10008 is Executable
2013-06-18 16:48:38:874 - 0x8e04e008 is Executable
2013-06-18 16:52:42:614 - 0x8e04e008 is Executable
2013-06-18 16:56:46:603 - 0xa76d7910 is Executable
2013-06-18 17:00:50:387 - 0xa5b113c0 is Executable
2013-06-18 17:04:53:888 - 0xbec12910 is Executable
2013-06-18 17:08:57:249 - 0xbd389568 is Executable
2013-06-18 17:13:00:659 - 0x899ef910 is Executable
2013-06-18 17:17:04:141 - 0xa0c1a670 is Executable
2013-06-18 17:21:07:484 - 0xb20db600 is Executable
2013-06-18 17:25:10:969 - 0xb10f7910 is Executable
2013-06-18 17:26:47:663 - .\SignData.c,177
2013-06-18 17:26:47:692 - .\Hook.c,127
2013-06-18 17:29:14:400 - 0x89914910 is Executable
2013-06-18 17:33:17:870 - 0x89863008 is Executable
2013-06-18 17:37:21:423 - 0x8c0a1910 is Executable
2013-06-18 17:41:24:895 - 0xb792c578 is Executable
2013-06-18 17:45:28:371 - 0xa762f008 is Executable
2013-06-18 17:49:31:897 - 0x8c102910 is Executable
2013-06-18 17:53:35:405 - 0xbf9ef520 is Executable
2013-06-18 17:57:38:963 - 0x8cdd9520 is Executable
2013-06-18 18:01:42:636 - 0x8982b910 is Executable
2013-06-18 18:05:46:107 - 0xaa07e910 is Executable
2013-06-18 18:09:49:609 - 0xae876348 is Executable
2013-06-18 18:13:53:116 - 0x8a768008 is Executable
2013-06-18 18:17:56:682 - 0xbbb31568 is Executable
2013-06-18 18:22:00:140 - 0xb663f568 is Executable
2013-06-18 18:26:03:606 - 0xc2937910 is Executable
2013-06-18 18:30:07:061 - 0x8a792008 is Executable
2013-06-18 18:34:10:478 - 0x966d7910 is Executable
2013-06-18 18:38:13:971 - 0xa7232568 is Executable
2013-06-18 18:42:17:316 - 0xb4b15520 is Executable
2013-06-18 18:46:20:689 - 0xb39b3590 is Executable
2013-06-18 18:50:24:064 - 0x8ae73910 is Executable
2013-06-18 18:54:27:480 - 0xb07d2518 is Executable
2013-06-18 18:58:30:950 - 0xb2ce3530 is Executable
2013-06-18 19:02:34:340 - 0xb2cd5008 is Executable
2013-06-18 19:06:37:717 - 0x899c1910 is Executable
2013-06-18 19:10:41:251 - 0x8c1d6510 is Executable
2013-06-18 19:14:44:840 - 0xa777a910 is Executable
2013-06-18 19:18:48:432 - 0xb834f578 is Executable
2013-06-18 19:22:51:840 - 0xb834f578 is Executable
2013-06-18 19:26:55:235 - 0xc3762910 is Executable
2013-06-18 19:30:58:644 - 0xb3941910 is Executable
2013-06-18 19:35:02:053 - 0x899333f8 is Executable
2013-06-18 19:39:05:523 - 0x899333f8 is Executable
2013-06-18 19:43:09:032 - 0x89909008 is Executable
2013-06-18 19:46:44:324 - .\Function.c,2422
2013-06-18 19:46:44:326 - 0xae9853f0 is Executable
2013-06-18 19:46:46:827 - .\main.c,297
2013-06-18 20:47:23:743 - .\main.c,482,0,1,1,352
2013-06-18 20:47:23:955 - .\BaseFunc.c,2496
2013-06-18 20:47:24:239 - 0xb7902ac0 is Executable
2013-06-18 20:47:24:363 - .\Hook.c,3030
2013-06-18 20:47:24:531 - .\GetCleanSSDT.C,715
2013-06-18 20:47:25:081 - .\Hook.c,3040
2013-06-18 20:47:25:121 - .\Hook.c,3050
2013-06-18 20:47:25:184 - .\Hook.c,3061
2013-06-18 20:47:25:274 - .\Hook.c,3071
2013-06-18 20:47:25:527 - .\Hook.c,3081
2013-06-18 20

:47:25:756 - .\Hook.c,3086
2013-06-18 20:47:25:779 - 0x966d1910 is Executable
2013-06-18 20:47:26:465 - 0x8a646910 is Executable
2013-06-18 20:51:30:118 - 0xb205f910 is Executable
2013-06-18 20:53:58:467 - .\SignData.c,177
2013-06-18 20:53:58:469 - .\Hook.c,127
2013-06-18 20:55:33:624 - 0xba039388 is Executable
2013-06-18 20:59:37:193 - 0xa0aa6910 is Executable
2013-06-18 21:03:40:760 - 0xb2cc72f8 is Executable
2013-06-18 21:07:44:369 - 0xbf97b910 is Executable
2013-06-18 21:11:47:915 - 0xba04f568 is Executable
2013-06-18 21:15:51:498 - 0x8c1f0910 is Executable
2013-06-18 21:19:55:133 - 0xa9c3c008 is Executable
2013-06-18 21:23:58:764 - 0xa9c3c008 is Executable
2013-06-18 21:28:02:364 - 0x8ae78008 is Executable
2013-06-18 21:32:05:794 - 0x8bdfd910 is Executable
2013-06-18 21:36:09:405 - 0xb4ae3450 is Executable
2013-06-18 21:40:13:145 - 0x8c080008 is Executable
2013-06-18 21:44:16:775 - 0xbaa38568 is Executable
2013-06-18 21:48:20:506 - 0xb21f5910 is Executable
2013-06-18 21:52:24:066 - 0xa0b0b008 is Executable
2013-06-18 21:56:27:676 - 0x8ae3f1c0 is Executable
2013-06-18 22:00:31:207 - 0xb570e910 is Executable
2013-06-18 22:04:34:877 - 0xb66cb568 is Executable
2013-06-18 22:08:38:717 - 0x8a60b910 is Executable
2013-06-18 22:12:42:408 - 0x8ae3f1c0 is Executable
2013-06-18 22:16:45:998 - 0x8bca9568 is Executable
2013-06-18 22:20:49:578 - 0xb679a008 is Executable
2013-06-18 22:24:53:089 - 0xb56eb008 is Executable
2013-06-18 22:28:56:519 - 0xb679a008 is Executable
2013-06-18 22:33:00:089 - 0xb07c9008 is Executable
2013-06-18 22:37:03:630 - 0xb5761568 is Executable
2013-06-18 22:41:07:140 - 0xb807b008 is Executable
2013-06-18 22:45:10:770 - 0xb83e1910 is Executable
2013-06-18 22:49:14:421 - 0xb81ad388 is Executable
2013-06-18 22:53:17:971 - 0xbd23e4f8 is Executable
2013-06-18 22:57:21:411 - 0xa5a8f568 is Executable
2013-06-18 23:01:24:895 - 0xb0179910 is Executable
2013-06-18 23:01:55:319 - .\Function.c,2422
2013-06-18 23:01:55:335 - 0xa7255238 is Executable
2013-06-18 23:01:57:457 - .\main.c,297
2013-06-19 07:20:09:690 - .\main.c,482,0,1,1,352
2013-06-19 07:20:09:724 - .\BaseFunc.c,2496
2013-06-19 07:20:09:729 - 0xb47ce340 is Executable
2013-06-19 07:20:09:774 - .\Hook.c,3030
2013-06-19 07:20:09:787 - .\GetCleanSSDT.C,715
2013-06-19 07:20:09:795 - .\Hook.c,3040
2013-06-19 07:20:09:796 - .\Hook.c,3050
2013-06-19 07:20:09:798 - .\Hook.c,3061
2013-06-19 07:20:09:813 - .\Hook.c,3071
2013-06-19 07:20:09:814 - .\Hook.c,3081
2013-06-19 07:20:09:815 - .\Hook.c,3086
2013-06-19 07:20:09:817 - 0xb7a7d008 is Executable
2013-06-19 07:20:10:398 - 0xb73c5910 is Executable
2013-06-19 07:24:13:824 - 0xba28d910 is Executable
2013-06-19 07:28:17:216 - 0xba283910 is Executable
2013-06-19 07:32:20:399 - 0xbbb6f008 is Executable
2013-06-19 07:36:23:564 - 0xbba736a0 is Executable
2013-06-19 07:40:26:485 - 0xba283910 is Executable
2013-06-19 07:44:29:375 - 0xbbbe4910 is Executable
2013-06-19 07:48:32:285 - 0xbbc21

008 is Executable
2013-06-19 07:52:35:206 - 0xbbb45910 is Executable
2013-06-19 07:56:38:056 - 0xba3f64c0 is Executable
2013-06-19 08:00:41:056 - 0xbbc0c568 is Executable
2013-06-19 08:04:43:907 - 0xb9262910 is Executable
2013-06-19 08:08:46:797 - 0xba21d910 is Executable
2013-06-19 08:12:49:617 - 0xbbc21008 is Executable
2013-06-19 08:16:52:468 - 0xba275910 is Executable
2013-06-19 08:20:55:378 - 0xbbbdf008 is Executable
2013-06-19 08:24:58:368 - 0xbbd5c008 is Executable
2013-06-19 08:29:01:189 - 0xbbd9d008 is Executable
2013-06-19 08:33:03:989 - 0xbd65f910 is Executable
2013-06-19 08:37:06:769 - 0xbbaa4910 is Executable
2013-06-19 08:41:09:640 - 0xbbd53008 is Executable
2013-06-19 08:45:12:590 - 0xbd654008 is Executable
2013-06-19 08:45:25:930 - .\SignData.c,177
2013-06-19 08:45:25:930 - .\Hook.c,127
2013-06-19 08:49:15:410 - 0xbd6d1910 is Executable
2013-06-19 08:53:18:191 - 0xbd654008 is Executable
2013-06-19 08:57:21:141 - 0xbd748008 is Executable
2013-06-19 09:01:24:141 - 0xbbca9910 is Executable
2013-06-19 09:05:27:112 - 0xbbd24910 is Executable
2013-06-19 09:09:30:082 - 0xbd716008 is Executable
2013-06-19 09:13:32:912 - 0xbbc73910 is Executable
2013-06-19 09:17:35:873 - 0xbd716008 is Executable
2013-06-19 09:21:38:893 - 0xbc220008 is Executable
2013-06-19 09:25:41:713 - 0xbbd40910 is Executable
2013-06-19 09:29:44:646 - 0xbd636910 is Executable
2013-06-19 09:33:47:506 - 0xbc386910 is Executable
2013-06-19 09:37:50:436 - 0xbc3a9438 is Executable
2013-06-19 09:41:53:677 - 0xbc38f008 is Executable
2013-06-19 09:45:57:337 - 0xbd68b568 is Executable
2013-06-19 09:50:00:877 - 0xbbd3e910 is Executable
2013-06-19 09:54:04:558 - 0xbc323388 is Executable
2013-06-19 09:58:08:138 - 0xbce6a910 is Executable
2013-06-19 10:02:11:938 - 0xbce65910 is Executable
2013-06-19 10:06:15:479 - 0xbceab008 is Executable
2013-06-19 10:10:18:879 - 0xc312a910 is Executable
2013-06-19 10:14:22:109 - 0xc6e77008 is Executable
2013-06-19 10:18:25:600 - 0xc98ae520 is Executable
2013-06-19 10:22:29:240 - 0xc5308008 is Executable
2013-06-19 10:26:33:000 - 0xc6f7d508 is Executable
2013-06-19 10:30:36:561 - 0xbc24f008 is Executable
2013-06-19 10:34:40:121 - 0xc6751508 is Executable
2013-06-19 10:38:43:801 - 0xc98aa910 is Executable
2013-06-19 10:42:47:482 - 0xbc3bc6b0 is Executable
2013-06-19 10:46:51:232 - 0xc9279910 is Executable
2013-06-19 10:48:36:412 - .\SignData.c,177
2013-06-19 10:48:36:412 - .\Hook.c,127
2013-06-19 10:50:54:842 - 0xc934a910 is Executable
2013-06-19 10:54:58:603 - 0xc1d24410 is Executable
2013-06-19 10:59:02:313 - 0xbce73508 is Executable
2013-06-19 11:03:06:113 - 0xc9818388 is Executable
2013-06-19 11:07:09:774 - 0xbce73508 is Executable
2013-06-19 11:11:13:404 - 0xc6eb3568 is Executable
2013-06-19 11:15:17:014 - 0xcc277008 is Executable
2013-06-19 11:19:20:535 - 0xcc277008 is Executable
2013-06-19 11:23:24:305 - 0xcc288910 is Executable
2013-06-19 11:27:27:935 - 0xcc2e0910 is Executable
2013-

06-19 11:31:31:506 - 0xc6eb3568 is Executable
2013-06-19 11:35:35:156 - 0xcc27f568 is Executable
2013-06-19 11:39:38:966 - 0xcc2d5910 is Executable
2013-06-19 11:43:42:737 - 0xcc3e6910 is Executable
2013-06-19 11:47:46:427 - 0xc614c590 is Executable
2013-06-19 11:51:49:967 - 0xcc2db910 is Executable
2013-06-19 11:55:53:528 - 0xa3b40328 is Executable
2013-06-19 11:59:57:088 - 0xa3b42910 is Executable
2013-06-19 12:04:00:878 - 0xcc781910 is Executable
2013-06-19 12:08:04:519 - 0xcc2fc568 is Executable
2013-06-19 12:12:08:169 - 0xcc6ba008 is Executable
2013-06-19 12:16:11:849 - 0xa3b25568 is Executable
2013-06-19 12:20:15:450 - 0xcc79f568 is Executable
2013-06-19 12:24:19:020 - 0xcc7c9910 is Executable
2013-06-19 12:28:22:391 - 0xcc748910 is Executable
2013-06-19 12:32:25:535 - 0xcc748910 is Executable
2013-06-19 12:36:28:592 - 0xbc401568 is Executable
2013-06-19 12:40:31:557 - 0xcc783008 is Executable
2013-06-19 12:44:34:668 - 0xcc783008 is Executable
2013-06-19 12:48:37:791 - 0xa3b4c388 is Executable
2013-06-19 12:52:40:937 - 0xbc51e568 is Executable
2013-06-19 12:56:43:964 - 0xbc8ed008 is Executable
2013-06-19 13:00:47:053 - 0xcc295568 is Executable
2013-06-19 13:04:50:297 - 0xc92e7568 is Executable
2013-06-19 13:08:53:363 - 0xa3b2d388 is Executable
2013-06-19 13:12:56:436 - 0xbc51e568 is Executable
2013-06-19 13:16:59:470 - 0xbc4e6568 is Executable
2013-06-19 13:21:02:527 - 0xc92e7568 is Executable
2013-06-19 13:25:05:656 - 0xbc8ed008 is Executable
2013-06-19 13:29:08:749 - 0xbc946910 is Executable
2013-06-19 13:33:11:803 - 0xbc8a5910 is Executable
2013-06-19 13:37:14:838 - 0x8bfc9568 is Executable
2013-06-19 13:41:17:931 - 0xa3b26308 is Executable
2013-06-19 13:45:21:005 - 0xb0843700 is Executable
2013-06-19 13:49:24:040 - 0x8bfc9568 is Executable
2013-06-19 13:53:27:147 - 0xc3773910 is Executable
2013-06-19 13:57:30:164 - 0xc3718910 is Executable
2013-06-19 14:01:33:224 - 0x8bece910 is Executable
2013-06-19 14:05:36:337 - 0xc37f0910 is Executable
2013-06-19 14:09:39:356 - 0xc37d7910 is Executable
2013-06-19 14:13:42:328 - 0xb0843700 is Executable
2013-06-19 14:17:45:369 - 0x8bece910 is Executable
2013-06-19 14:21:48:415 - 0xc66fa910 is Executable
2013-06-19 14:25:51:500 - 0x8bece910 is Executable
2013-06-19 14:29:54:485 - 0xbcfd5430 is Executable
2013-06-19 14:31:10:821 - .\Function.c,2422
2013-06-19 14:31:10:821 - 0xb7b62510 is Executable
2013-06-19 14:31:13:380 - .\main.c,297
2013-06-19 14:31:16:315 - .\main.c,482,0,1,1,352
2013-06-19 14:31:16:315 - .\BaseFunc.c,2496
2013-06-19 14:31:16:330 - 0xb089aa10 is Executable
2013-06-19 14:31:16:377 - .\Hook.c,3030
2013-06-19 14:31:16:377 - .\GetCleanSSDT.C,715
2013-06-19 14:31:16:377 - .\Hook.c,3040
2013-06-19 14:31:16:393 - .\Hook.c,3050
2013-06-19 14:31:16:393 - .\Hook.c,3061
2013-06-19 14:31:16:393 - .\Hook.c,3071
2013-06-19 14:31:16:393 - .\Hook.c,3081
2013-06-19 14:31:16:393 - .\Hook.c,3086
2013-06-19 14:31:16:393 - 0x8bece910 is Execut

able
2013-06-19 14:31:16:985 - 0x8bece910 is Executable
2013-06-19 14:35:20:255 - 0xbf831160 is Executable
2013-06-19 14:39:23:417 - 0xbf831160 is Executable
2013-06-19 14:43:26:560 - 0xc31b45a0 is Executable
2013-06-19 14:47:29:667 - 0x8cebe420 is Executable
2013-06-19 14:51:32:874 - 0xc2a0e440 is Executable
2013-06-19 14:55:35:937 - 0xc2a0e440 is Executable
2013-06-19 14:59:39:025 - 0x8cebe420 is Executable
2013-06-19 15:03:42:098 - 0x8cebe420 is Executable
2013-06-19 15:07:45:115 - 0x8cebe420 is Executable
2013-06-19 15:11:48:305 - 0x8bece910 is Executable
2013-06-19 15:15:51:453 - 0x8cebe420 is Executable
2013-06-19 15:19:54:497 - 0xc2a0e440 is Executable
2013-06-19 15:23:57:525 - 0xc31b45a0 is Executable
2013-06-19 15:28:00:771 - 0xc2a0e440 is Executable
2013-06-19 15:32:04:046 - 0xb3cec910 is Executable
2013-06-19 15:36:07:218 - 0xb4727910 is Executable
2013-06-19 15:40:10:424 - 0xbf8e6768 is Executable
2013-06-19 15:44:13:653 - 0x8ac75568 is Executable
2013-06-19 15:48:16:896 - 0xc43b6008 is Executable
2013-06-19 15:52:20:198 - 0xc2a0e440 is Executable
2013-06-19 15:56:23:383 - 0xb735e910 is Executable
2013-06-19 16:00:26:573 - 0x89e06910 is Executable
2013-06-19 16:04:29:795 - 0xb7e1f6d0 is Executable
2013-06-19 16:08:33:013 - 0xb7b72910 is Executable
2013-06-19 16:12:36:316 - 0x8bf98410 is Executable
2013-06-19 16:16:39:497 - 0xb3c90440 is Executable
2013-06-19 16:20:42:749 - 0x8aca05b0 is Executable
2013-06-19 16:24:46:006 - 0xc5eb7910 is Executable
2013-06-19 16:28:49:257 - 0xb1476910 is Executable
2013-06-19 16:32:52:583 - 0xb0836910 is Executable
2013-06-19 16:36:55:807 - 0x8bf7f1d8 is Executable
2013-06-19 16:40:58:974 - 0xc60bc390 is Executable
2013-06-19 16:45:02:182 - 0xbf948638 is Executable
2013-06-19 16:49:05:373 - 0x8ce45008 is Executable
2013-06-19 16:53:08:651 - 0xb7bff1b0 is Executable
2013-06-19 16:57:11:869 - 0xb7471720 is Executable
2013-06-19 17:01:15:033 - 0xb3c70330 is Executable
2013-06-19 17:05:18:141 - 0xb3c70330 is Executable
2013-06-19 17:09:21:307 - 0xbc4301d0 is Executable
2013-06-19 17:13:24:506 - 0xbbdb76c8 is Executable
2013-06-19 17:17:27:648 - 0xb45d9910 is Executable
2013-06-19 17:21:30:813 - 0x8bf7f1d8 is Executable
2013-06-19 17:25:33:955 - 0xb7471720 is Executable
2013-06-19 17:29:37:182 - 0xbc4301d0 is Executable
2013-06-19 17:33:40:388 - 0xb45d9910 is Executable
2013-06-19 17:37:43:464 - 0xbc4301d0 is Executable
2013-06-19 17:39:37:405 - t:5536->4100
2013-06-19 17:39:37:406 - t:5536->6000
2013-06-19 17:39:37:407 - t:5536->3916
2013-06-19 17:39:37:408 - t:5536->4728
2013-06-19 17:39:37:409 - t:5536->4092
2013-06-19 17:39:37:410 - t:5536->5216
2013-06-19 17:39:37:411 - t:5536->3372
2013-06-19 17:39:37:412 - t:5536->4760
2013-06-19 17:39:37:413 - t:5536->1968
2013-06-19 17:39:37:434 - t:5536->4724
2013-06-19 17:39:37:446 - t:5536->912
2013-06-19 17:39:37:448 - t:5536->4988
2013-06-19 17:39:37:449 - t:5536->5548
2013-06-19 17:39:37:450 - t:553

6->4872
2013-06-19 17:39:37:451 - t:5536->4940
2013-06-19 17:39:37:453 - t:5536->4380
2013-06-19 17:39:37:454 - t:5536->5788
2013-06-19 17:39:37:455 - t:5536->4608
2013-06-19 17:39:37:456 - t:5536->4448
2013-06-19 17:39:37:457 - t:5536->4392
2013-06-19 17:39:37:458 - t:5536->4592
2013-06-19 17:39:37:459 - t:5536->4456
2013-06-19 17:39:37:460 - t:5536->5304
2013-06-19 17:39:37:461 - t:5536->2668
2013-06-19 17:39:37:462 - t:5536->5568
2013-06-19 17:39:37:464 - t:5536->4520
2013-06-19 17:39:37:465 - t:5536->6116
2013-06-19 17:39:37:466 - t:5536->756
2013-06-19 17:39:37:467 - t:5536->1220
2013-06-19 17:39:37:468 - t:5536->4352
2013-06-19 17:39:37:469 - t:5536->4676
2013-06-19 17:39:37:470 - t:5536->4124
2013-06-19 17:39:37:471 - t:5536->816
2013-06-19 17:39:37:473 - t:5536->4036
2013-06-19 17:39:37:474 - t:5536->6120
2013-06-19 17:39:37:474 - t:5536->5020
2013-06-19 17:39:44:007 - .\Function.c,2422
2013-06-19 17:39:44:007 - 0xb0824570 is Executable
2013-06-19 17:39:46:214 - .\main.c,297
2013-06-19 17:39:53:158 - .\main.c,482,0,1,1,352
2013-06-19 17:39:53:174 - .\BaseFunc.c,2496
2013-06-19 17:39:53:189 - 0xbd764548 is Executable
2013-06-19 17:39:53:236 - .\Hook.c,3030
2013-06-19 17:39:53:267 - .\GetCleanSSDT.C,715
2013-06-19 17:39:53:345 - .\Hook.c,3040
2013-06-19 17:39:53:345 - .\Hook.c,3050
2013-06-19 17:39:53:345 - .\Hook.c,3061
2013-06-19 17:39:53:345 - .\Hook.c,3071
2013-06-19 17:39:53:345 - .\Hook.c,3081
2013-06-19 17:39:53:345 - .\Hook.c,3086
2013-06-19 17:39:53:345 - 0xb7471720 is Executable
2013-06-19 17:39:53:954 - 0xb7471720 is Executable
2013-06-19 17:43:57:208 - 0xbc4e6568 is Executable
2013-06-19 17:48:00:506 - 0xc5e68910 is Executable
2013-06-19 17:52:03:685 - 0xb22aa7c0 is Executable
2013-06-19 17:56:06:812 - 0xbc36e008 is Executable
2013-06-19 17:58:11:486 - .\Function.c,2422
2013-06-19 17:58:11:488 - 0xb3cf52a0 is Executable
2013-06-19 17:58:14:488 - .\main.c,297
2013-06-19 21:05:16:080 - .\main.c,482,0,1,1,352
2013-06-19 21:05:16:112 - .\BaseFunc.c,2496
2013-06-19 21:05:16:127 - 0xc5eee818 is Executable
2013-06-19 21:05:16:174 - .\Hook.c,3030
2013-06-19 21:05:16:174 - .\GetCleanSSDT.C,715
2013-06-19 21:05:16:299 - .\Hook.c,3040
2013-06-19 21:05:16:299 - .\Hook.c,3050
2013-06-19 21:05:16:299 - .\Hook.c,3061
2013-06-19 21:05:16:299 - .\Hook.c,3071
2013-06-19 21:05:16:299 - .\Hook.c,3081
2013-06-19 21:05:16:299 - .\Hook.c,3086
2013-06-19 21:05:16:299 - 0xc66f0910 is Executable
2013-06-19 21:05:16:907 - 0xb0832008 is Executable
2013-06-19 21:09:20:156 - 0xc2b39008 is Executable
2013-06-19 21:13:23:187 - 0x8be9c910 is Executable
2013-06-19 21:17:26:287 - 0xc2b39008 is Executable
2013-06-19 21:21:29:391 - 0xb45d9910 is Executable
2013-06-19 21:25:32:549 - 0xb6fb6910 is Executable
2013-06-19 21:29:35:657 - 0x8f9a4910 is Executable
2013-06-19 21:31:20:144 - .\Function.c,2422
2013-06-19 21:31:20:144 - 0xc98536c8 is Executable
2013-06-19 21:31:22:375 - .\main.c,297
2013-06-19

21:31:24:904 - .\main.c,482,0,1,1,352
2013-06-19 21:31:24:919 - .\BaseFunc.c,2496
2013-06-19 21:31:24:919 - 0xc63bbe58 is Executable
2013-06-19 21:31:24:966 - .\Hook.c,3030
2013-06-19 21:31:24:966 - .\GetCleanSSDT.C,715
2013-06-19 21:31:24:982 - .\Hook.c,3040
2013-06-19 21:31:24:997 - .\Hook.c,3050
2013-06-19 21:31:24:997 - .\Hook.c,3061
2013-06-19 21:31:24:997 - .\Hook.c,3071
2013-06-19 21:31:24:997 - .\Hook.c,3081
2013-06-19 21:31:24:997 - .\Hook.c,3086
2013-06-19 21:31:24:997 - 0xc37ed910 is Executable
2013-06-19 21:31:25:590 - 0xc66f0910 is Executable
2013-06-19 21:35:29:233 - 0xb46ab910 is Executable
2013-06-19 21:39:32:853 - 0xc37ed910 is Executable
2013-06-19 21:43:36:524 - 0x8bc90590 is Executable
2013-06-19 21:47:40:014 - 0x89e7e568 is Executable
2013-06-19 21:51:43:674 - 0x89ebe568 is Executable
2013-06-19 21:55:47:175 - 0x8bc35910 is Executable
2013-06-19 21:59:50:835 - 0xc6e2c910 is Executable
2013-06-19 22:03:54:495 - 0xb735e910 is Executable
2013-06-19 22:07:58:186 - 0xc5e0c438 is Executable
2013-06-19 22:12:01:896 - 0x8cee3008 is Executable
2013-06-19 22:16:05:486 - 0xbf8b46c0 is Executable
2013-06-19 22:20:09:137 - 0xc624c568 is Executable
2013-06-19 22:24:12:827 - 0x8ac74008 is Executable
2013-06-19 22:28:16:267 - 0xa924f008 is Executable
2013-06-19 22:32:19:848 - 0x95850388 is Executable
2013-06-19 22:36:23:346 - 0xb735e910 is Executable
2013-06-19 22:40:26:582 - 0x8bfa3568 is Executable
2013-06-19 22:44:29:787 - 0xbc94d568 is Executable
2013-06-19 22:48:32:931 - 0xb3db7568 is Executable
2013-06-19 22:52:36:275 - 0xbc4ec648 is Executable
2013-06-19 22:56:39:601 - 0xb74f6890 is Executable
2013-06-19 22:58:52:208 - .\Function.c,2422
2013-06-19 22:58:52:208 - 0xba283488 is Executable
2013-06-19 22:58:55:204 - .\main.c,297
2013-06-20 06:58:27:015 - .\main.c,482,0,1,1,352
2013-06-20 06:58:27:046 - .\BaseFunc.c,2496
2013-06-20 06:58:27:062 - 0xb749bf68 is Executable
2013-06-20 06:58:27:140 - .\Hook.c,3030
2013-06-20 06:58:27:140 - .\GetCleanSSDT.C,715
2013-06-20 06:58:27:140 - .\Hook.c,3040
2013-06-20 06:58:27:155 - .\Hook.c,3050
2013-06-20 06:58:27:155 - .\Hook.c,3061
2013-06-20 06:58:27:155 - .\Hook.c,3071
2013-06-20 06:58:27:155 - .\Hook.c,3081
2013-06-20 06:58:27:155 - .\Hook.c,3086
2013-06-20 06:58:27:155 - 0xbdc3c910 is Executable
2013-06-20 06:58:27:748 - 0xbdc3c910 is Executable
2013-06-20 07:02:31:100 - 0xc2355910 is Executable
2013-06-20 07:06:34:541 - 0xc220a008 is Executable
2013-06-20 07:10:38:201 - 0xc22c5008 is Executable
2013-06-20 07:14:41:761 - 0xc23b2910 is Executable
2013-06-20 07:18:45:442 - 0x8a128008 is Executable
2013-06-20 07:22:48:912 - 0xc222d008 is Executable
2013-06-20 07:26:52:422 - 0x8a157008 is Executable
2013-06-20 07:30:55:718 - 0x8a0c4910 is Executable
2013-06-20 07:31:15:847 - .\Function.c,2111
2013-06-20 07:31:15:849 - Function.h,265
2013-06-20 07:31:15:852 - Function.h,265
2013-06-20 07:31:17:853 - .\Function.c,2422
2013-06-20 07:31:17

:855 - 0xc1e9e398 is Executable
2013-06-20 07:31:20:156 - .\main.c,297
2013-06-20 07:31:44:629 - .\main.c,482,0,1,1,352
2013-06-20 07:31:44:645 - .\BaseFunc.c,2496
2013-06-20 07:31:44:645 - 0xbc2b0708 is Executable
2013-06-20 07:31:44:691 - .\Hook.c,3030
2013-06-20 07:31:44:691 - .\GetCleanSSDT.C,715
2013-06-20 07:31:44:691 - .\Hook.c,3040
2013-06-20 07:31:44:691 - .\Hook.c,3050
2013-06-20 07:31:44:691 - .\Hook.c,3061
2013-06-20 07:31:44:691 - .\Hook.c,3071
2013-06-20 07:31:44:707 - .\Hook.c,3081
2013-06-20 07:31:44:707 - .\Hook.c,3086
2013-06-20 07:31:44:707 - 0xb9058910 is Executable
2013-06-20 07:31:45:284 - 0xb87b7910 is Executable
2013-06-20 07:35:48:207 - 0x8a1d3008 is Executable
2013-06-20 07:39:51:027 - 0xb11d95e8 is Executable
2013-06-20 07:43:53:808 - 0x8c1b2910 is Executable
2013-06-20 07:47:56:628 - 0xbc388510 is Executable
2013-06-20 07:51:59:538 - 0x8a35c910 is Executable
2013-06-20 07:56:02:653 - 0x8a2ad910 is Executable
2013-06-20 08:00:05:775 - 0x8a35c910 is Executable
2013-06-20 08:04:08:827 - 0x8c1ca008 is Executable
2013-06-20 08:08:11:880 - 0x8a294910 is Executable
2013-06-20 08:12:15:088 - 0x8a2d6008 is Executable
2013-06-20 08:16:18:161 - 0x8a368568 is Executable
2013-06-20 08:20:21:239 - 0x8a1d6910 is Executable
2013-06-20 08:22:21:794 - .\Function.c,2422
2013-06-20 08:22:21:794 - 0x8bc62660 is Executable
2013-06-20 08:22:23:918 - .\main.c,297
2013-06-20 08:22:26:991 - .\main.c,482,0,1,1,352
2013-06-20 08:22:27:007 - .\BaseFunc.c,2496
2013-06-20 08:22:27:007 - 0xacc68cf8 is Executable
2013-06-20 08:22:27:054 - .\Hook.c,3030
2013-06-20 08:22:27:054 - .\GetCleanSSDT.C,715
2013-06-20 08:22:27:054 - .\Hook.c,3040
2013-06-20 08:22:27:069 - .\Hook.c,3050
2013-06-20 08:22:27:069 - .\Hook.c,3061
2013-06-20 08:22:27:069 - .\Hook.c,3071
2013-06-20 08:22:27:069 - .\Hook.c,3081
2013-06-20 08:22:27:069 - .\Hook.c,3086
2013-06-20 08:22:27:069 - 0x8a1c1910 is Executable
2013-06-20 08:22:27:662 - 0x8b019910 is Executable
2013-06-20 08:25:16:446 - .\Function.c,2111
2013-06-20 08:25:16:515 - Function.h,265
2013-06-20 08:25:16:602 - Function.h,265
2013-06-20 08:25:18:775 - .\Function.c,2422
2013-06-20 08:25:18:877 - 0xc2137688 is Executable
2013-06-20 08:25:21:062 - .\main.c,297
2013-06-20 08:25:28:466 - .\main.c,482,0,1,1,352
2013-06-20 08:25:28:481 - .\BaseFunc.c,2496
2013-06-20 08:25:28:481 - 0xc1a2ca90 is Executable
2013-06-20 08:25:28:481 - .\Hook.c,3018
2013-06-20 08:25:28:481 - .\Hook.c,3086
2013-06-20 08:25:28:481 - .\Hook.c,3090
2013-06-20 08:28:36:017 - .\main.c,482,0,1,1,352
2013-06-20 08:28:36:048 - .\BaseFunc.c,2496
2013-06-20 08:28:36:064 - 0xa9196a48 is Executable
2013-06-20 08:28:36:095 - .\Hook.c,3030
2013-06-20 08:28:36:126 - .\GetCleanSSDT.C,715
2013-06-20 08:28:36:157 - .\Hook.c,3040
2013-06-20 08:28:36:157 - .\Hook.c,3050
2013-06-20 08:28:36:157 - .\Hook.c,3061
2013-06-20 08:28:36:157 - .\Hook.c,3071
2013-06-20 08:28:36:157 - .\Hook.c,3081
2013-06-20 08:28:

36:157 - .\Hook.c,3086
2013-06-20 08:28:36:157 - 0xa918d008 is Executable
2013-06-20 08:28:36:750 - 0xa8af9008 is Executable
2013-06-20 08:32:39:897 - 0x875e2590 is Executable
2013-06-20 08:36:42:852 - 0xb36bd910 is Executable
2013-06-20 08:40:45:913 - 0xaf4f7640 is Executable
2013-06-20 08:44:48:951 - 0xae4a3500 is Executable
2013-06-20 08:48:52:155 - 0xa9028220 is Executable
2013-06-20 08:52:55:343 - 0x8a1fc008 is Executable
2013-06-20 08:56:58:631 - 0xad880008 is Executable
2013-06-20 09:01:01:746 - 0xad880008 is Executable
2013-06-20 09:05:05:067 - 0xa392f008 is Executable
2013-06-20 09:09:08:627 - 0xa392f008 is Executable
2013-06-20 09:13:11:806 - 0xafb2a910 is Executable
2013-06-20 09:17:15:126 - 0x878c8008 is Executable
2013-06-20 09:21:18:567 - 0xaf45c520 is Executable
2013-06-20 09:25:21:917 - 0xaeafd910 is Executable
2013-06-20 09:29:25:247 - 0xa911b910 is Executable
2013-06-20 09:33:28:668 - 0xaeb66008 is Executable
2013-06-20 09:35:31:429 - .\Function.c,2422
2013-06-20 09:35:31:429 - 0xa9ebc5e8 is Executable
2013-06-20 09:35:33:660 - .\main.c,297
2013-06-20 17:42:39:370 - .\main.c,482,0,1,1,352
2013-06-20 17:42:39:401 - .\BaseFunc.c,2496
2013-06-20 17:42:39:416 - 0xc1df02e8 is Executable
2013-06-20 17:42:39:448 - .\Hook.c,3030
2013-06-20 17:42:39:448 - .\GetCleanSSDT.C,715
2013-06-20 17:42:39:494 - .\Hook.c,3040
2013-06-20 17:42:39:494 - .\Hook.c,3050
2013-06-20 17:42:39:494 - .\Hook.c,3061
2013-06-20 17:42:39:494 - .\Hook.c,3071
2013-06-20 17:42:39:494 - .\Hook.c,3081
2013-06-20 17:42:39:494 - .\Hook.c,3086
2013-06-20 17:42:39:494 - 0xc1b36008 is Executable
2013-06-20 17:42:40:087 - 0xc251c490 is Executable
2013-06-20 17:46:43:313 - 0xcdd91008 is Executable
2013-06-20 17:50:46:363 - 0xcdd55910 is Executable
2013-06-20 17:54:49:704 - 0xce00c008 is Executable
2013-06-20 17:58:52:874 - 0xc28c3388 is Executable
2013-06-20 18:02:56:444 - 0xce132008 is Executable
2013-06-20 18:07:00:035 - 0xce1a21b8 is Executable
2013-06-20 18:11:03:695 - 0xce1a21b8 is Executable
2013-06-20 18:15:07:135 - 0xce68b008 is Executable
2013-06-20 18:19:10:566 - 0xad851910 is Executable
2013-06-20 18:23:14:096 - 0xcdb72910 is Executable
2013-06-20 18:27:17:526 - 0xaecee008 is Executable
2013-06-20 18:31:20:887 - 0xce132008 is Executable
2013-06-20 18:35:24:177 - 0xbf2cf630 is Executable
2013-06-20 18:39:27:657 - 0xc1178910 is Executable
2013-06-20 18:43:31:068 - 0xbf2cf630 is Executable
2013-06-20 18:47:34:338 - 0xc2c89160 is Executable
2013-06-20 18:51:37:968 - 0xce132008 is Executable
2013-06-20 18:55:41:239 - 0xc1178910 is Executable
2013-06-20 18:59:44:609 - 0xc2c89160 is Executable
2013-06-20 19:03:47:839 - 0xc1184910 is Executable
2013-06-20 19:07:50:870 - 0xb3698910 is Executable
2013-06-20 19:11:54:320 - 0xb3698910 is Executable
2013-06-20 19:15:57:620 - 0xafa54910 is Executable
2013-06-20 19:20:00:831 - 0xce132008 is Executable
2013-06-20 19:24:04:161 - 0xcdc7d008 is Executable
2013-06-20 19:28:

07:381 - 0xb3698910 is Executable
2013-06-20 19:32:10:502 - 0xb3698910 is Executable
2013-06-20 19:36:13:692 - 0xcdc7d008 is Executable
2013-06-20 19:40:17:172 - 0xafa54910 is Executable
2013-06-20 19:44:20:533 - 0xb3698910 is Executable
2013-06-20 19:48:23:973 - 0xb3698910 is Executable
2013-06-20 19:52:27:513 - 0xa9f25208 is Executable
2013-06-20 19:56:31:054 - 0xb3698910 is Executable
2013-06-20 20:00:34:524 - 0xc139e008 is Executable
2013-06-20 20:04:03:900 - .\Function.c,2422
2013-06-20 20:04:03:916 - 0xb1aa5198 is Executable
2013-06-20 20:04:06:584 - .\main.c,297
2013-06-20 22:01:26:918 - .\main.c,482,0,1,1,352
2013-06-20 22:01:26:934 - .\BaseFunc.c,2496
2013-06-20 22:01:26:934 - 0x87995b68 is Executable
2013-06-20 22:01:26:981 - .\Hook.c,3030
2013-06-20 22:01:26:981 - .\GetCleanSSDT.C,715
2013-06-20 22:01:26:996 - .\Hook.c,3040
2013-06-20 22:01:26:996 - .\Hook.c,3050
2013-06-20 22:01:26:996 - .\Hook.c,3061
2013-06-20 22:01:26:996 - .\Hook.c,3071
2013-06-20 22:01:26:996 - .\Hook.c,3081
2013-06-20 22:01:26:996 - .\Hook.c,3086
2013-06-20 22:01:26:996 - 0xc736f568 is Executable
2013-06-20 22:01:27:589 - 0xafbe3910 is Executable
2013-06-20 22:05:30:519 - 0xc294d388 is Executable
2013-06-20 22:09:33:500 - 0xaf475910 is Executable
2013-06-20 22:13:36:480 - 0xce85a388 is Executable
2013-06-20 22:17:39:370 - 0xcdaea590 is Executable
2013-06-20 22:21:42:251 - 0xce1bb590 is Executable
2013-06-20 22:25:45:091 - 0xadd05568 is Executable
2013-06-20 22:29:47:921 - 0xbf2a6910 is Executable
2013-06-20 22:33:50:792 - 0xc1ce5618 is Executable
2013-06-20 22:37:53:580 - 0xb231a568 is Executable
2013-06-20 22:41:56:682 - 0xc1c7c7c0 is Executable
2013-06-20 22:45:59:691 - 0xad938910 is Executable
2013-06-20 22:50:02:705 - 0xae53b568 is Executable
2013-06-20 22:54:05:687 - 0xc2a87008 is Executable
2013-06-20 22:58:04:609 - .\Function.c,2422
2013-06-20 22:58:04:609 - 0xcdd984d0 is Executable
2013-06-20 22:58:07:167 - .\main.c,297
2013-06-21 11:20:36:411 - .\main.c,482,0,1,1,352
2013-06-21 11:20:36:427 - .\BaseFunc.c,2496
2013-06-21 11:20:36:427 - 0x9fee1618 is Executable
2013-06-21 11:20:36:473 - .\Hook.c,3030
2013-06-21 11:20:36:473 - .\GetCleanSSDT.C,715
2013-06-21 11:20:36:473 - .\Hook.c,3040
2013-06-21 11:20:36:473 - .\Hook.c,3050
2013-06-21 11:20:36:489 - .\Hook.c,3061
2013-06-21 11:20:36:489 - .\Hook.c,3071
2013-06-21 11:20:36:489 - .\Hook.c,3081
2013-06-21 11:20:36:489 - .\Hook.c,3086
2013-06-21 11:20:36:489 - 0xb6317008 is Executable
2013-06-21 11:20:37:066 - 0xb0d2d008 is Executable
2013-06-21 11:24:40:188 - 0xb6bc54a8 is Executable
2013-06-21 11:28:43:108 - 0xb6bb1910 is Executable
2013-06-21 11:32:46:009 - 0xb8b2c890 is Executable
2013-06-21 11:36:48:819 - 0xb9464008 is Executable
2013-06-21 11:40:51:799 - 0xb62e9590 is Executable
2013-06-21 11:44:54:787 - 0xb9472008 is Executable
2013-06-21 11:48:57:938 - 0xbe983008 is Executable
2013-06-21 11:53:01:062 - 0xbe9e1008 is Executable
2013-06-21

11:57:04:169 - 0xb55a0910 is Executable
2013-06-21 12:01:07:325 - 0xbe9e1008 is Executable
2013-06-21 12:05:10:493 - 0xbe920008 is Executable
2013-06-21 12:09:13:666 - 0xbe983008 is Executable
2013-06-21 12:13:16:843 - 0xbe983008 is Executable
2013-06-21 12:17:19:990 - 0x89cc3008 is Executable
2013-06-21 12:21:23:091 - 0xb5575008 is Executable
2013-06-21 12:25:26:320 - 0x89d73008 is Executable
2013-06-21 12:29:29:472 - 0xbe906008 is Executable
2013-06-21 12:33:32:559 - 0x89c9c910 is Executable
2013-06-21 12:36:55:300 - t:3708->3576
2013-06-21 12:36:55:302 - t:3708->3596
2013-06-21 12:36:55:303 - t:3708->3988
2013-06-21 12:36:55:304 - t:3708->3052
2013-06-21 12:36:55:304 - t:3708->4000
2013-06-21 12:36:55:305 - t:3708->2864
2013-06-21 12:36:55:306 - t:3708->4680
2013-06-21 12:36:55:307 - t:3708->4684
2013-06-21 12:36:55:308 - t:3708->4700
2013-06-21 12:36:55:309 - t:3708->4732
2013-06-21 12:36:55:310 - t:3708->4736
2013-06-21 12:36:55:311 - t:3708->164
2013-06-21 12:36:55:312 - t:3708->2396
2013-06-21 12:36:55:313 - t:3708->820
2013-06-21 12:36:55:314 - t:3708->5384
2013-06-21 12:36:55:315 - t:3708->3472
2013-06-21 12:36:55:324 - t:3708->5904
2013-06-21 12:36:55:325 - t:3708->532
2013-06-21 12:36:55:326 - t:3708->4044
2013-06-21 12:36:55:327 - t:3708->1156
2013-06-21 12:36:55:328 - t:3708->4968
2013-06-21 12:36:55:328 - t:3708->3468
2013-06-21 12:36:55:329 - t:3708->3956
2013-06-21 12:36:55:330 - t:3708->1516
2013-06-21 12:36:55:331 - t:3708->1132
2013-06-21 12:36:55:332 - t:3708->5076
2013-06-21 12:36:55:333 - t:3708->3396
2013-06-21 12:36:55:336 - t:3708->2708
2013-06-21 12:37:01:608 - .\Function.c,2422
2013-06-21 12:37:01:610 - 0xae472958 is Executable
2013-06-21 12:37:03:742 - .\main.c,297
2013-06-21 12:37:18:807 - .\main.c,482,0,1,1,352
2013-06-21 12:37:18:821 - .\BaseFunc.c,2496
2013-06-21 12:37:18:826 - 0xb3152ca8 is Executable
2013-06-21 12:37:18:871 - .\Hook.c,3030
2013-06-21 12:37:18:873 - .\GetCleanSSDT.C,715
2013-06-21 12:37:18:882 - .\Hook.c,3040
2013-06-21 12:37:18:883 - .\Hook.c,3050
2013-06-21 12:37:18:885 - .\Hook.c,3061
2013-06-21 12:37:18:886 - .\Hook.c,3071
2013-06-21 12:37:18:887 - .\Hook.c,3081
2013-06-21 12:37:18:887 - .\Hook.c,3086
2013-06-21 12:37:18:889 - 0xbe920008 is Executable
2013-06-21 12:37:19:474 - 0xae4c5508 is Executable
2013-06-21 12:41:23:041 - 0x89cc2008 is Executable
2013-06-21 12:45:26:766 - 0xb95b6008 is Executable
2013-06-21 12:49:29:967 - 0xb9566520 is Executable
2013-06-21 12:53:33:090 - 0xc6cbf008 is Executable
2013-06-21 12:57:36:265 - 0xc4786910 is Executable
2013-06-21 13:01:39:367 - 0xb948a910 is Executable
2013-06-21 13:05:42:503 - 0x89f63910 is Executable
2013-06-21 13:09:45:636 - 0xc7a35910 is Executable
2013-06-21 13:13:48:740 - 0xc7a53008 is Executable
2013-06-21 13:17:51:917 - 0xab8d26d8 is Executable
2013-06-21 13:21:55:069 - 0xc6c8f008 is Executable
2013-06-21 13:25:58:214 - 0xae5d86a8 is Executable
2013-06-21 13:30:01:406 - 0

xc14c7910 is Executable
2013-06-21 13:34:04:574 - 0xc4709508 is Executable
2013-06-21 13:38:07:836 - 0xc25c1910 is Executable
2013-06-21 13:42:11:109 - 0xc2260008 is Executable
2013-06-21 13:43:44:226 - .\SignData.c,177
2013-06-21 13:43:44:227 - .\Hook.c,127
2013-06-21 13:46:14:244 - 0xb8b44910 is Executable
2013-06-21 13:50:17:403 - 0xb17de5a8 is Executable
2013-06-21 13:54:20:558 - 0xb94a0508 is Executable
2013-06-21 13:58:23:766 - 0xc14dc400 is Executable
2013-06-21 14:02:26:900 - 0xc266f660 is Executable
2013-06-21 14:06:30:058 - 0xc2379910 is Executable
2013-06-21 14:10:33:210 - 0xc23e2910 is Executable
2013-06-21 14:14:36:428 - 0xb4ffb910 is Executable
2013-06-21 14:18:39:664 - 0xb5039910 is Executable
2013-06-21 14:22:42:848 - 0xb8b44910 is Executable
2013-06-21 14:26:46:043 - 0xae47c910 is Executable
2013-06-21 14:30:49:232 - 0xc6df9910 is Executable
2013-06-21 14:34:52:539 - 0xb3059508 is Executable
2013-06-21 14:38:55:915 - 0xb2734910 is Executable
2013-06-21 14:42:59:147 - 0xb2734910 is Executable
2013-06-21 14:43:33:318 - .\Function.c,2422
2013-06-21 14:43:33:320 - 0xb94fd0d8 is Executable
2013-06-21 14:43:36:321 - .\main.c,297
2013-06-22 07:35:48:519 - .\main.c,482,0,1,1,352
2013-06-22 07:35:48:538 - .\BaseFunc.c,2496
2013-06-22 07:35:48:544 - 0xb8a26ac0 is Executable
2013-06-22 07:35:48:584 - .\Hook.c,3030
2013-06-22 07:35:48:585 - .\GetCleanSSDT.C,715
2013-06-22 07:35:48:594 - .\Hook.c,3040
2013-06-22 07:35:48:601 - .\Hook.c,3050
2013-06-22 07:35:48:603 - .\Hook.c,3061
2013-06-22 07:35:48:603 - .\Hook.c,3071
2013-06-22 07:35:48:605 - .\Hook.c,3081
2013-06-22 07:35:48:605 - .\Hook.c,3086
2013-06-22 07:35:48:607 - 0xb9b34008 is Executable
2013-06-22 07:35:49:185 - 0xb9b4a008 is Executable
2013-06-22 07:39:52:446 - 0xbc093910 is Executable
2013-06-22 07:43:55:575 - 0xbc0c3910 is Executable
2013-06-22 07:47:58:638 - 0xbc648008 is Executable
2013-06-22 07:52:01:742 - 0xbc1c2008 is Executable
2013-06-22 07:56:04:930 - 0xbc0ef5b0 is Executable
2013-06-22 08:00:08:096 - 0xbc1a3008 is Executable
2013-06-22 08:04:11:312 - 0xbc049910 is Executable
2013-06-22 08:08:14:531 - 0xbc123910 is Executable
2013-06-22 08:12:17:652 - 0xbd8626f0 is Executable
2013-06-22 08:16:20:998 - 0xbc11d700 is Executable
2013-06-22 08:20:24:179 - 0xbc6f8910 is Executable
2013-06-22 08:24:27:439 - 0xbc74d008 is Executable
2013-06-22 08:28:30:617 - 0xbc7cb008 is Executable
2013-06-22 08:32:33:869 - 0xba295568 is Executable
2013-06-22 08:36:37:159 - 0xbd923910 is Executable
2013-06-22 08:40:40:410 - 0xbc772910 is Executable
2013-06-22 08:44:43:669 - 0xbc74d008 is Executable
2013-06-22 08:48:46:789 - 0xbd8f7008 is Executable
2013-06-22 08:52:49:982 - 0xbc75f910 is Executable
2013-06-22 08:56:53:143 - 0xbc76b910 is Executable
2013-06-22 09:00:56:276 - 0xbc757910 is Executable
2013-06-22 09:04:59:417 - 0xbc79b910 is Executable
2013-06-22 09:09:02:659 - 0xbe2b3008 is Executable
2013-06-22 09:11:39:423 - .\Function

.c,2422
2013-06-22 09:11:39:426 - 0xba27bd48 is Executable
2013-06-22 09:11:41:944 - .\main.c,297
2013-06-22 09:11:47:623 - .\main.c,482,0,1,1,352
2013-06-22 09:11:47:637 - .\BaseFunc.c,2496
2013-06-22 09:11:47:666 - 0xba2868e0 is Executable
2013-06-22 09:11:47:808 - .\Hook.c,3030
2013-06-22 09:11:47:823 - .\GetCleanSSDT.C,715
2013-06-22 09:11:47:832 - .\Hook.c,3040
2013-06-22 09:11:47:835 - .\Hook.c,3050
2013-06-22 09:11:47:836 - .\Hook.c,3061
2013-06-22 09:11:47:837 - .\Hook.c,3071
2013-06-22 09:11:47:838 - .\Hook.c,3081
2013-06-22 09:11:47:839 - .\Hook.c,3086
2013-06-22 09:11:47:840 - 0xbd9fc910 is Executable
2013-06-22 09:11:48:423 - 0xbe2b2008 is Executable
2013-06-22 09:15:51:765 - 0x8780c910 is Executable
2013-06-22 09:19:54:961 - 0xbe27e910 is Executable
2013-06-22 09:23:58:095 - 0x87846910 is Executable
2013-06-22 09:28:01:205 - 0x8783c910 is Executable
2013-06-22 09:32:04:406 - 0xbc79d910 is Executable
2013-06-22 09:36:07:539 - 0xbe280910 is Executable
2013-06-22 09:40:10:651 - 0x87903008 is Executable
2013-06-22 09:44:13:770 - 0x87944008 is Executable
2013-06-22 09:48:16:854 - 0xbe3a1568 is Executable
2013-06-22 09:52:19:994 - 0x87873910 is Executable
2013-06-22 09:56:23:737 - 0x87958910 is Executable
2013-06-22 10:00:27:410 - 0xbe2b1008 is Executable
2013-06-22 10:04:30:569 - 0x8b624008 is Executable
2013-06-22 10:08:33:663 - 0x879af910 is Executable
2013-06-22 10:12:36:807 - 0x8b70f008 is Executable
2013-06-22 10:16:39:937 - 0xb7db1008 is Executable
2013-06-22 10:20:43:043 - 0x8b7db008 is Executable
2013-06-22 10:24:46:414 - 0x8b768008 is Executable
2013-06-22 10:28:50:072 - 0x8b768008 is Executable
2013-06-22 10:32:53:836 - 0x8b768008 is Executable
2013-06-22 10:36:57:211 - 0x8b754008 is Executable
2013-06-22 10:41:00:493 - 0x8b745008 is Executable
2013-06-22 10:45:04:037 - 0x8a5bb008 is Executable
2013-06-22 10:49:07:709 - 0xb7f99910 is Executable
2013-06-22 10:53:11:157 - 0x8b5de008 is Executable
2013-06-22 10:57:14:526 - 0x87876008 is Executable
2013-06-22 11:01:17:893 - 0x8a486910 is Executable
2013-06-22 11:05:21:246 - 0x8a486910 is Executable
2013-06-22 11:09:24:605 - 0x879a9910 is Executable
2013-06-22 11:13:28:033 - 0x879a9910 is Executable
2013-06-22 11:17:31:259 - 0x8a5bb008 is Executable
2013-06-22 11:21:34:448 - 0xb8b4c910 is Executable
2013-06-22 11:25:37:654 - 0x8a5bb008 is Executable
2013-06-22 11:29:40:984 - 0xae2e1910 is Executable
2013-06-22 11:33:44:299 - 0x87876008 is Executable
2013-06-22 11:37:47:582 - 0x87876008 is Executable
2013-06-22 11:41:50:913 - 0x8a486910 is Executable
2013-06-22 11:45:54:211 - 0x8b66c910 is Executable
2013-06-22 11:49:57:612 - 0x8b741008 is Executable
2013-06-22 11:54:01:049 - 0x8b63c008 is Executable
2013-06-22 11:58:04:517 - 0x8b6a4910 is Executable
2013-06-22 12:02:08:039 - 0x8a493008 is Executable
2013-06-22 12:06:11:581 - 0x8a57c520 is Executable
2013-06-22 12:10:15:023 - 0xabe0a910 is Executable
2013-06-22 12:14:18:552 -

0xbc791008 is Executable
2013-06-22 12:18:22:136 - 0x982808a8 is Executable
2013-06-22 12:22:25:728 - 0xb6c59008 is Executable
2013-06-22 12:26:29:364 - 0x8a53a388 is Executable
2013-06-22 12:30:32:956 - 0xb684a440 is Executable
2013-06-22 12:34:36:695 - 0xb7b54250 is Executable
2013-06-22 12:38:40:123 - 0x8b739008 is Executable
2013-06-22 12:42:43:471 - 0xae2c0688 is Executable
2013-06-22 12:46:46:817 - 0x8b739008 is Executable
2013-06-22 12:50:50:173 - 0xb4b2f810 is Executable
2013-06-22 12:54:53:587 - 0x8b739008 is Executable
2013-06-22 12:58:56:930 - 0xbc680008 is Executable
2013-06-22 13:03:00:353 - 0xa1209910 is Executable
2013-06-22 13:07:03:811 - 0xb7d79910 is Executable
2013-06-22 13:11:07:292 - 0xa7540910 is Executable
2013-06-22 13:15:10:870 - 0x8e1ab508 is Executable
2013-06-22 13:19:14:387 - 0x8b482008 is Executable
2013-06-22 13:23:17:925 - 0x8a526910 is Executable
2013-06-22 13:27:21:345 - 0xae2c0688 is Executable
2013-06-22 13:31:24:780 - 0xb191d568 is Executable
2013-06-22 13:35:28:389 - 0x8b406008 is Executable
2013-06-22 13:39:31:937 - 0xb7a58910 is Executable
2013-06-22 13:43:35:505 - 0xb4ae85c0 is Executable
2013-06-22 13:47:39:063 - 0xb2960910 is Executable
2013-06-22 13:51:42:662 - 0x8a497008 is Executable
2013-06-22 13:53:20:214 - .\SignData.c,177
2013-06-22 13:53:20:215 - .\Hook.c,127
2013-06-22 13:54:01:587 - .\Function.c,2422
2013-06-22 13:54:01:594 - 0xbc0483b8 is Executable
2013-06-22 13:54:03:895 - .\main.c,297
2013-06-23 09:08:24:387 - .\main.c,482,0,1,1,352
2013-06-23 09:08:24:420 - .\BaseFunc.c,2496
2013-06-23 09:08:24:424 - 0xb6fe3518 is Executable
2013-06-23 09:08:24:465 - .\Hook.c,3030
2013-06-23 09:08:24:474 - .\GetCleanSSDT.C,715
2013-06-23 09:08:24:483 - .\Hook.c,3040
2013-06-23 09:08:24:486 - .\Hook.c,3050
2013-06-23 09:08:24:487 - .\Hook.c,3061
2013-06-23 09:08:24:488 - .\Hook.c,3071
2013-06-23 09:08:24:489 - .\Hook.c,3081
2013-06-23 09:08:24:490 - .\Hook.c,3086
2013-06-23 09:08:24:498 - 0xb8e95910 is Executable
2013-06-23 09:08:25:078 - 0xb6ffb910 is Executable
2013-06-23 09:12:43:005 - 0xbf413910 is Executable
2013-06-23 09:16:46:130 - 0xbf503910 is Executable
2013-06-23 09:19:56:883 - .\Function.c,2422
2013-06-23 09:19:56:885 - 0xb8e89320 is Executable
2013-06-23 09:19:59:187 - .\main.c,297
2013-06-24 08:28:46:997 - .\main.c,482,0,1,1,352
2013-06-24 08:28:47:038 - .\BaseFunc.c,2496
2013-06-24 08:28:47:043 - 0xbf9e9488 is Executable
2013-06-24 08:28:47:088 - .\Hook.c,3030
2013-06-24 08:28:47:090 - .\GetCleanSSDT.C,715
2013-06-24 08:28:47:098 - .\Hook.c,3040
2013-06-24 08:28:47:099 - .\Hook.c,3050
2013-06-24 08:28:47:101 - .\Hook.c,3061
2013-06-24 08:28:47:102 - .\Hook.c,3071
2013-06-24 08:28:47:103 - .\Hook.c,3081
2013-06-24 08:28:47:104 - .\Hook.c,3086
2013-06-24 08:28:47:105 - 0xbc345910 is Executable
2013-06-24 08:28:47:688 - 0xbfccf690 is Executable
2013-06-24 08:32:51:083 - 0xc1d79910 is Executable
2013-06-24 08:36:54:428 - 0xbbf88508 is

Executable
2013-06-24 08:40:57:704 - 0xb8023910 is Executable
2013-06-24 08:45:00:956 - 0xb814e910 is Executable
2013-06-24 08:49:04:301 - 0xb2894910 is Executable
2013-06-24 08:53:07:814 - 0xbbeb3008 is Executable
2013-06-24 08:57:11:129 - 0xbfd62910 is Executable
2013-06-24 09:01:14:468 - 0xbf8a5910 is Executable
2013-06-24 09:05:17:770 - 0xbfd62910 is Executable
2013-06-24 09:09:21:175 - 0xb4d761c8 is Executable
2013-06-24 09:13:24:476 - 0xb4d761c8 is Executable
2013-06-24 09:17:27:720 - 0xa65c6910 is Executable
2013-06-24 09:21:30:971 - 0xb4d761c8 is Executable
2013-06-24 09:25:34:211 - 0xa65c6910 is Executable
2013-06-24 09:29:37:586 - 0xc1d1e008 is Executable
2013-06-24 09:33:40:880 - 0xb97db910 is Executable
2013-06-24 09:37:44:253 - 0xbbcf2500 is Executable
2013-06-24 09:41:47:692 - 0xbd562008 is Executable
2013-06-24 09:45:51:399 - 0xb2913370 is Executable
2013-06-24 09:49:55:057 - 0xbc578008 is Executable
2013-06-24 09:53:58:700 - 0xb288f910 is Executable
2013-06-24 09:58:02:374 - 0xbd47d428 is Executable
2013-06-24 10:02:06:074 - 0xb4c4a3b8 is Executable
2013-06-24 10:06:10:005 - 0xb3f47008 is Executable
2013-06-24 10:10:13:895 - 0xb8148910 is Executable
2013-06-24 10:14:17:621 - 0xb4c79910 is Executable
2013-06-24 10:18:21:576 - 0xb8148910 is Executable
2013-06-24 10:22:25:311 - 0xb4c79910 is Executable
2013-06-24 10:23:54:419 - .\Hook.c,127
2013-06-24 10:26:29:107 - 0xb4c79910 is Executable
2013-06-24 10:30:32:772 - 0xba9c6910 is Executable
2013-06-24 10:34:36:708 - 0xc1d65910 is Executable
2013-06-24 10:38:40:472 - 0xc1d65910 is Executable
2013-06-24 10:42:44:093 - 0xbc1415f0 is Executable
2013-06-24 10:46:47:818 - 0xba9c6910 is Executable
2013-06-24 10:50:51:750 - 0xbbcf2500 is Executable
2013-06-24 10:54:44:357 - .\SignData.c,177
2013-06-24 10:54:44:391 - .\Hook.c,127
2013-06-24 10:54:55:489 - 0xbbe1a910 is Executable
2013-06-24 10:58:59:289 - 0xba9c6910 is Executable
2013-06-24 11:03:03:276 - 0xba9c6910 is Executable
2013-06-24 11:07:07:225 - 0xbc53c520 is Executable
2013-06-24 11:09:22:263 - .\Function.c,2422
2013-06-24 11:09:22:265 - 0xaf7e7428 is Executable
2013-06-24 11:09:24:366 - .\main.c,297
2013-06-24 21:32:16:713 - .\main.c,482,0,1,1,352
2013-06-24 21:32:17:269 - .\BaseFunc.c,2496
2013-06-24 21:32:17:351 - 0x9064ab18 is Executable
2013-06-24 21:32:17:460 - .\Hook.c,3030
2013-06-24 21:32:17:461 - .\GetCleanSSDT.C,715
2013-06-24 21:32:17:524 - .\Hook.c,3040
2013-06-24 21:32:17:525 - .\Hook.c,3050
2013-06-24 21:32:17:526 - .\Hook.c,3061
2013-06-24 21:32:17:527 - .\Hook.c,3071
2013-06-24 21:32:17:528 - .\Hook.c,3081
2013-06-24 21:32:17:529 - .\Hook.c,3086
2013-06-24 21:32:17:530 - 0xa28014c0 is Executable
2013-06-24 21:32:18:192 - 0x8ab574c8 is Executable
2013-06-24 21:36:22:636 - 0x8b8d7008 is Executable
2013-06-24 21:40:26:974 - 0x8c33d008 is Executable
2013-06-24 21:44:31:321 - 0x8b4fe910 is Executable
2013-06-24 21:46:40:661 - .\Hook.c,127
2013-06-24 21:47:26:

918 - .\Function.c,2422
2013-06-24 21:47:26:920 - 0x991f7920 is Executable
2013-06-24 21:47:29:453 - .\main.c,297
2013-06-27 12:34:07:383 - .\main.c,482,0,1,1,352
2013-06-27 12:34:07:889 - .\BaseFunc.c,2496
2013-06-27 12:34:08:012 - 0xba3b2340 is Executable
2013-06-27 12:34:08:085 - .\Hook.c,3030
2013-06-27 12:34:08:120 - .\GetCleanSSDT.C,715
2013-06-27 12:34:08:186 - .\Hook.c,3040
2013-06-27 12:34:08:187 - .\Hook.c,3050
2013-06-27 12:34:08:188 - .\Hook.c,3061
2013-06-27 12:34:08:189 - .\Hook.c,3071
2013-06-27 12:34:08:190 - .\Hook.c,3081
2013-06-27 12:34:08:191 - .\Hook.c,3086
2013-06-27 12:34:08:192 - 0x9bb3c568 is Executable
2013-06-27 12:34:08:905 - 0xbfdfe590 is Executable
2013-06-27 12:38:12:467 - 0xbfd5e008 is Executable
2013-06-27 12:38:14:479 - .\Function.c,2422
2013-06-27 12:38:14:480 - 0xb0620918 is Executable
2013-06-27 12:38:17:083 - .\main.c,297
2013-06-27 21:15:59:962 - .\main.c,482,0,1,1,352
2013-06-27 21:16:00:197 - .\BaseFunc.c,2496
2013-06-27 21:16:00:290 - 0xba32b498 is Executable
2013-06-27 21:16:00:384 - .\Hook.c,3030
2013-06-27 21:16:00:385 - .\GetCleanSSDT.C,715
2013-06-27 21:16:00:455 - .\Hook.c,3040
2013-06-27 21:16:00:456 - .\Hook.c,3050
2013-06-27 21:16:00:457 - .\Hook.c,3061
2013-06-27 21:16:00:457 - .\Hook.c,3071
2013-06-27 21:16:00:458 - .\Hook.c,3081
2013-06-27 21:16:00:459 - .\Hook.c,3086
2013-06-27 21:16:00:460 - 0xb3894568 is Executable
2013-06-27 21:16:01:093 - 0xc16224f8 is Executable
2013-06-27 21:19:28:585 - .\Function.c,2422
2013-06-27 21:19:28:586 - 0xbc2ffa08 is Executable
2013-06-27 21:19:31:394 - .\main.c,297
2013-06-29 11:22:21:480 - .\main.c,482,0,1,1,352
2013-06-29 11:22:21:542 - .\BaseFunc.c,2496
2013-06-29 11:22:21:561 - 0xb752cef8 is Executable
2013-06-29 11:22:21:623 - .\Hook.c,3030
2013-06-29 11:22:21:625 - .\GetCleanSSDT.C,715
2013-06-29 11:22:21:715 - .\Hook.c,3040
2013-06-29 11:22:21:717 - .\Hook.c,3050
2013-06-29 11:22:21:718 - .\Hook.c,3061
2013-06-29 11:22:21:719 - .\Hook.c,3071
2013-06-29 11:22:21:720 - .\Hook.c,3081
2013-06-29 11:22:21:721 - .\Hook.c,3086
2013-06-29 11:22:21:723 - 0xbe04e660 is Executable
2013-06-29 11:22:22:331 - 0xa9cfa4f0 is Executable
2013-06-29 11:26:26:757 - 0xbe04e660 is Executable
2013-06-29 11:27:45:937 - .\SignData.c,177
2013-06-29 11:27:45:973 - .\Hook.c,127
2013-06-29 11:30:30:542 - 0xb1322590 is Executable
2013-06-29 11:32:13:201 - .\Function.c,2422
2013-06-29 11:32:13:203 - 0xa97e5520 is Executable
2013-06-29 11:32:15:605 - .\main.c,297