ÿþROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/09/07 01:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xADBEA000 Size: 786432 File Visible: No Signed: - Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF7A50000 Size: 1664 File Visible: No Signed: - Status: - Name: PCI_PNP5606 Image Path: \Driver\PCI_PNP5606 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xADDFD000 Size: 49152 File Visible: No Signed: - Status: - Name: speedfan.sys Image Path: speedfan.sys Address: 0xF798D000 Size: 5248 File Visible: No Signed: - Status: - Name: spoz.sys Image Path: spoz.sys Address: 0xF74D5000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: uphcleanhlp.sys Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Address: 0xACFC3000 Size: 8960 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\BugSplat.Net.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\BugSplat.Net.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOPatcherCore.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOPatcherCore.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\LibTorrentWrapper.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\LibTorrentWrapper.manifest Status: Locked to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "spoz.sys" at address 0xf74d60e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spoz.sys" at address 0xf74f4ca4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spoz.sys" at address 0xf74f5032 #: 119 Function Name: NtOpenKey Status: Hooked by "spoz.sys" at address 0xf74d60c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spoz.sys" at address 0xf74f510a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spoz.sys" at address 0xf74f4f8a #: 247 Function Name: NtSetValueKey Status: Hooked by "spoz.sys" at address 0xf74f519c #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xacfc36d0 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89c0c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x88f871f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CREATE] Process: System Address: 0x88fdf500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CLOSE] Process: System Address: 0x88fdf500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88fdf500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_POWER] Process: System Address: 0x88fdf500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x88fdf500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_PNP] Process: System Address: 0x88fdf500 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x89b9e1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x89b9e1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b9e1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x89b9e1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b9e1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x89b9e1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89020500 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x89b9f1f8 Size: 121 Object: Hidden Code [Driver: prodrv06 Wmipt4£áProcessor_, IRP_MJ_CREATE] Process: System Address: 0xe1b965e8 Size: 2557 Object: Hidden Code [Driver: prodrv06 Wmipt4£áProcessor_, IRP_MJ_CLOSE] Process: System Address: 0xe1b965e8 Size: 2557 Object: Hidden Code [Driver: prodrv06 Wmipt4£áProcessor_, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe1b965e8 Size: 2557 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x890f81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89c0f1f8 Size: 121 Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE] Process: System Address: 0xe15ad0e8 Size: 2503 Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE] Process: System Address: 0xe15ad0e8 Size: 2503 Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe15ad0e8 Size: 2503 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x87d53500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x87d53500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87d53500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87d53500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x87d53500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x87d53500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x890791f8 Size: 121 Object: Hidden Code [Driver: VClone, IRP_MJ_CREATE] Process: System Address: 0x89c0e1f8 Size: 121 Object: Hidden Code [Driver: VClone, IRP_MJ_CLOSE] Process: System Address: 0x89c0e1f8 Size: 121 Object: Hidden Code [Driver: VClone, IRP_MJ_POWER] Process: System Address: 0x89c0e1f8 Size: 121 Object: Hidden Code [Driver: VClone, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89c0e1f8 Size: 121 Object: Hidden Code [Driver: VClone, IRP_MJ_PNP] Process: System Address: 0x89c0e1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x88379500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_CREATE] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_CLOSE] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_READ] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_SET_INFORMATION] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_SHUTDOWN] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_CLEANUP] Process: System Address: 0x87d4f500 Size: 121 Object: Hidden Code [Driver: Cdfs NtfM°iºáød[á(ÞŽá@ÞŽáðïˆð, IRP_MJ_PNP] Process: System Address: 0x87d4f500 Size: 121 ==EOF==