ÿþROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/29 10:14 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8F3C7000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x8F3D2000 Size: 40960 File Visible: No Signed: - Status: - Name: pgldafog.sys Image Path: C:\Users\Claudia\AppData\Local\Temp\pgldafog.sys Address: 0xA761E000 Size: 93824 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA7635000 Size: 49152 File Visible: No Signed: - Status: - Name: sptd.sys Image Path: C:\Windows\System32\Drivers\sptd.sys Address: 0x8068D000 Size: 1126400 File Visible: - Signed: - Status: Hidden from the Windows API! Hidden/Locked Files ------------------- Path: C:\Documents and Settings Status: Locked to the Windows API! Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\ProgramData\Application Data Status: Locked to the Windows API! Path: C:\ProgramData\Desktop Status: Locked to the Windows API! Path: C:\ProgramData\Documents Status: Locked to the Windows API! Path: C:\ProgramData\Favorites Status: Locked to the Windows API! Path: C:\ProgramData\Start Menu Status: Locked to the Windows API! Path: C:\ProgramData\Templates Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{454824fe-e196-11df-9fe2-0023543be733}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{45482502-e196-11df-9fe2-0023543be733}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{998cfae1-e2a3-11df-b117-0023543be733}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{998CF~2 Status: Locked to the Windows API! Path: C:\System Volume Information\{a07ebd1e-e330-11df-827f-0023543be733}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{f6e9fc8a-e32c-11df-a9a9-0023543be733}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Users\All Users Status: Locked to the Windows API! Path: C:\Users\Default User Status: Locked to the Windows API! Path: C:\Users\Default\Application Data Status: Locked to the Windows API! Path: C:\Users\Default\Cookies Status: Locked to the Windows API! Path: C:\Users\Default\Local Settings Status: Locked to the Windows API! Path: C:\Users\Default\My Documents Status: Locked to the Windows API! Path: C:\Users\Default\NetHood Status: Locked to the Windows API! Path: C:\Users\Default\PrintHood Status: Locked to the Windows API! Path: C:\Users\Default\Recent Status: Locked to the Windows API! Path: C:\Users\Default\SendTo Status: Locked to the Windows API! Path: C:\Users\Default\Start Menu Status: Locked to the Windows API! Path: C:\Users\Default\Templates Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Music Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Pictures Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Videos Status: Locked to the Windows API! Path: C:\Users\Public\Documents\My Music Status: Locked to the Windows API! Path: C:\Users\Public\Documents\My Pictures Status: Locked to the Windows API! Path: C:\Users\Public\Documents\My Videos Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\System32\migration\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.1.1.faro.ls_1d23f5635ba800ab_1.1.406.58_none_eee085372a11a2d0.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_faro.ls_1d23f5635ba800ab_1.1.406.58_none_4674ae31ba6222cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\534cf013667c78b2ecf44e00183c95e4c2336f1e150a38452cd7e61ec2a73bfc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\34f4e1067328cece3ad510dbcdd746657fd91ee96f89f25201a7c658918512d1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\7aefb85f3099da7d88809ade16e90c2e3d61c5eeb236093cddc0a546934b02ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\113260042a311e5a7871a6659a0a0cc23a5864196832c01f81f093942513b749.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\92a6d9ca6a73206405dc393c28776ea6cded8b6ef43bffcf248c1b852ccd4c2c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\1154a0dd8ec7062351d700a2d07b3bb5154c840bfc84077d20f6947d1e08bb6f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16762_pl-pl_738a39c1e2330326\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20935_pl-pl_5cb94da7fbdd645b\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6001.18155_pl-pl_7364f0e7e2854309\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6001.22286_pl-pl_5c9a343dfc2a08b5\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_ae092067ef732bd0\$$DeleteMe.ole32.dll.01cb6c55784c808c.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18167_none_03958f7b9f23b4ad\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE7561~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE427A~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\$$DeleteMe.comctl32.dll.01cb6c55780899bc.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.0.6002.18005_none_1f5b99e45ab5a251\$$DeleteMe.wmpmde.dll.01cb6c557812abdc.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfxProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1192 Status: Locked to the Windows API! SSDT ------------------- #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "<unknown>" at address 0x87a69450 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x87c97b18 #: 165 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x87a06450 #: 282 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x87bdada8 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x84dae1f8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_READ] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP] Process: System Address: 0xa58793c8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x84dab1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_READ] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP] Process: System Address: 0x867b01f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x86790328 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x87a21430 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x87a21430 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87a21430 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87a21430 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x87a21430 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x87a21430 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE] Process: System Address: 0x87a461f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE] Process: System Address: 0x87a461f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87a461f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87a461f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP] Process: System Address: 0x87a461f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_PNP] Process: System Address: 0x87a461f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_CREATE] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_CLOSE] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_POWER] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: iScsiPrtNtfx, IRP_MJ_PNP] Process: System Address: 0x86793430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8678e1f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_POWER] Process: System Address: 0x84dac1f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x84dac1f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_PNP] Process: System Address: 0x84dac1f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP] Process: System Address: 0x88178430 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_CREATE] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_CLOSE] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_READ] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_WRITE] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_SET_INFORMATION] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_SHUTDOWN] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_LOCK_CONTROL] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_CLEANUP] Process: System Address: 0xa59be1f8 Size: 121 Object: Hidden Code [Driver: cdfsVadSøØ_†, IRP_MJ_PNP] Process: System Address: 0xa59be1f8 Size: 121 ==EOF==