ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2011/01/01 16:23
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF0E71000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF9FCC000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: PCI_PNP3690
Image Path: \Driver\PCI_PNP3690
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: pwkiypoc.sys
Image Path: C:\DOCUME~1\Admin\USTAWI~1\Temp\pwkiypoc.sys
Address: 0xEF342000	Size: 94848	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF5C32000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spgq.sys
Image Path: spgq.sys
Address: 0xF9918000	Size: 1019904	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: vbmaca0d.SYS
Image Path: C:\WINDOWS\System32\Drivers\vbmaca0d.SYS
Address: 0x817DF000	Size: 37376	File Visible: -	Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Locked to the Windows API!

SSDT
-------------------
#: 041	Function Name: NtCreateKey
Status: Hooked by "spgq.sys" at address 0xf99190e0

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "spgq.sys" at address 0xf9933e4c

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "spgq.sys" at address 0xf99341da

#: 119	Function Name: NtOpenKey
Status: Hooked by "spgq.sys" at address 0xf99190c0

#: 160	Function Name: NtQueryKey
Status: Hooked by "spgq.sys" at address 0xf99342b2

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "spgq.sys" at address 0xf9934132

#: 247	Function Name: NtSetValueKey
Status: Hooked by "spgq.sys" at address 0xf9934344

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PSINProc.sys" at address 0xefdbb416

Stealth Objects
-------------------
Object: Hidden Code [Driver: Documents a, IRP_MJ_CREATE]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_CLOSE]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_READ]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_WRITE]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_QUERY_EA]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_SET_EA]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_CLEANUP]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Documents a, IRP_MJ_PNP]
Process: System	Address: 0x81827470	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System	Address: 0x81b731f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x8185a470	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System	Address: 0x81be41f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x81973470	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x81b751f8	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_CREATE]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_CLOSE]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_POWER]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: aov8ppi1ȅ浍浓鸰虈Ȃఅ慆硴鹀�量, IRP_MJ_PNP]
Process: System	Address: 0x81890470	Size: 121

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_CREATE]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_CLOSE]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_READ]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_WRITE]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_QUERY_EA]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SET_EA]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_CLEANUP]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_POWER]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: vbmaca0dȅ敓ꃘȂఇ慆䍴ԇ,ࠀ, IRP_MJ_PNP]
Process: System	Address: 0x817e1109	Size: 1460

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x818c1470	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x818c1470	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x818c1470	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x818c1470	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x818c1470	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x818c1470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x8187b470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_CREATE]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_CLOSE]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_READ]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_CLEANUP]
Process: System	Address: 0x818b3470	Size: 121

Object: Hidden Code [Driver: Cdfsȅఅ晌⁳㏀澐ݡ徭৽⇵톗ܫ鬲, IRP_MJ_PNP]
Process: System	Address: 0x818b3470	Size: 121

Hidden Services
-------------------
Service Name: vbmaca0d
Image Path: C:\WINDOWS\system32\drivers\vbmaca0d.sys

==EOF==