ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/12/23 10:23 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x91627000 Size: 897024 File Visible: No Signed: - Status: - Name: PctWfpFilter.sys Image Path: \ArcName\multi(0)disk(0)rdisk(0)partition(2)\Windows\system32\drivers\PctWfpFilter.sys Address: 0x8FBD5000 Size: 118784 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xAE3E6000 Size: 49152 File Visible: No Signed: - Status: - Name: spnu.sys Image Path: C:\Windows\System32\Drivers\spnu.sys Address: 0x83A3E000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\System Volume Information\{15e0d3e3-074b-11e0-ac0f-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{355e34d1-08e2-11e0-b9d1-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{355e34d5-08e2-11e0-b9d1-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{978869d0-09b6-11e0-ae63-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a9cea0f5-081c-11e0-a816-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{b9646191-0b4f-11e0-842c-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c105069c-0cd2-11e0-b554-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c10506cd-0cd2-11e0-b554-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d6f1f450-0dc2-11e0-b3c3-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d6f1f46c-0dc2-11e0-b3c3-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d6f1f470-0dc2-11e0-b3c3-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{40542fbc-0c5f-11e0-b696-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4f387cfb-0a86-11e0-a72d-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{87e17a30-0830-11e0-a9a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{87e17a39-0830-11e0-a9a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{87e17a62-0830-11e0-a9a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{87e17a82-0830-11e0-a9a9-005056c00008}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: c:\program files\pc tools firewall plus\fwservice.txt Status: Allocation size mismatch (API: 8, Raw: 0) Path: C:\Windows\System32\$$DeleteMe.ieframe.dll.01cb9c43b2a263c2.0000 Status: Locked to the Windows API! Path: C:\Windows\System32\$$DeleteMe.iertutil.dll.01cb9c43b3121582.0002 Status: Locked to the Windows API! Path: C:\Windows\System32\$$DeleteMe.urlmon.dll.01cb9c43b39f1342.0004 Status: Locked to the Windows API! Path: C:\Windows\System32\$$DeleteMe.wininet.dll.01cb9c43b2e56032.0001 Status: Locked to the Windows API! Path: C:\ProgramData\AVG10\Chjw\3208d71e08d6e041.dat:ef1b8c60-95b4-4c27-9f33-943756790714 Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\AVG10\Chjw\b64a47ae4a4769e7.dat:bf012b27-2aaf-4318-96a1-7b11f1715d3b Status: Visible to the Windows API, but not on disk. Path: C:\Windows\System32\wbem\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30411.0_none_d70c8009a3652bd4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.218_none_d550bc90635d0454.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30411.0_none_7bd3eedf68aef97a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f47d3254f657e518.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30411.0_none_7f955bd5da1ee32d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f0eecac0f8a1c174.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f63b3c292618dec.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.218_none_f2f2113121ea24bc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_ecfe4c8afb2661fb.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14a82.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.218_none_d8df2424611327f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.218_none_362b6ef026a377ee.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.218_none_d1603e5a65e1a4db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_51c97d20bbe8350e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30411.0_none_dba7eb55a0823cdf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.218_none_34f1b3a4277681aa.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.218_none_305648582a59709f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30411.0_none_7816760bdeed6010.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30411.0_none_d48b2b1c591268e6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.218_none_2dd4f36ae006adb1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.218_none_6518d0f68959e152.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.218_none_d51db72defa33e45.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.0.6002.22354_pl-pl_5cda1395cdba8dc6\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_none_2d53319bd8bdd1a6\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_none_2de0cf8ef1d7d6cc\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\WindoProcesses ------------------- Path: SYSTEM PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1520 Status: Locked to the Windows API! SSDT ------------------- #: 018 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d752 #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d388 #: 042 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d440 #: 054 Function Name: NtConnectPort Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d482 #: 060 Function Name: NtCreateFile Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d530 #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28ddd8 #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28de64 #: 078 Function Name: NtCreateThread Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28def4 #: 116 Function Name: NtDebugActiveProcess Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d580 #: 129 Function Name: NtDuplicateObject Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d5c2 #: 165 Function Name: NtLoadDriver Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d606 #: 189 Function Name: NtOpenKey Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d648 #: 194 Function Name: NtOpenProcess Status: Hooked by "C:\Windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xae188780 #: 197 Function Name: NtOpenSection Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d68a #: 201 Function Name: NtOpenThread Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d6cc #: 210 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d79a #: 276 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d70e #: 280 Function Name: NtRestoreKey Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d7dc #: 282 Function Name: NtResumeThread Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d824 #: 286 Function Name: NtSecureConnectPort Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d8b4 #: 324 Function Name: NtSetValueKey Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d866 #: 330 Function Name: NtSuspendProcess Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d958 #: 332 Function Name: NtSystemDebugControl Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d99a #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28d9dc #: 335 Function Name: NtTerminateThread Status: Hooked by "C:\Windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xae1888d0 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28da2a #: 382 Function Name: NtCreateThreadEx Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28df96 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28dd68 Stealth Objects ------------------- Object: Hidden Handle [Index: 1152, Type: UnknownType] Process: svchost.exe (PID: 1388) Address: 0x85e261f0 Size: - Object: Hidden Handle [Index: 3732, Type: UnknownType] Process: svchost.exe (PID: 1388) Address: 0x86be2530 Size: - Object: Hidden Handle [Index: 3908, Type: UnknownType] Process: svchost.exe (PID: 1388) Address: 0xd2dce8b0 Size: - Object: Hidden Handle [Index: 4092, Type: UnknownType] Process: svchost.exe (PID: 1388) Address: 0x871ce1c0 Size: - Object: Hidden Handle [Index: 4672, Type: UnknownType] Process: svchost.exe (PID: 1388) Address: 0x86ebc720 Size: - Object: Hidden Handle [Index: 1088, Type: UnknownType] Process: SearchProtocolHost.exe (PID: 724) Address: 0x870dfb88 Size: - Object: Hidden Handle [Index: 1096, Type: UnknownType] Process: SearchProtocolHost.exe (PID: 724) Address: 0x870028d8 Size: - Object: Hidden Handle [Index: 1160, Type: UnknownType] Process: SearchProtocolHost.exe (PID: 724) Address: 0x86ece858 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x85fc71f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_CREATE] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_CLOSE] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_READ] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_WRITE] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_SET_INFORMATION] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_QUERY_EA] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_SET_EA] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_SHUTDOWN] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_CLEANUP] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: fastfat襻Ї敓, IRP_MJ_PNP] Process: System Address: 0x897de1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x85fc61f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8797f1f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_CREATE] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_CLOSE] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_READ] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_WRITE] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_SHUTDOWN] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_POWER] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdrom螗, IRP_MJ_PNP] Process: System Address: 0x879b41f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_CREATE] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_CLOSE] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_POWER] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: cdro, IRP_MJ_PNP] Process: System Address: 0x879b31f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x885fc1f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x885fc1f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x885fc1f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x885fc1f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x885fc1f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x885fc1f8 Size: 121 Object: Hidden Code [Driver: netbti, IRP_MJ_CREATE] Process: System Address: 0x88b8a500 Size: 121 Object: Hidden Code [Driver: netbti, IRP_MJ_CLOSE] Process: System Address: 0x88b8a500 Size: 121 Object: Hidden Code [Driver: netbti, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88b8a500 Size: 121 Object: Hidden Code [Driver: netbti, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88b8a500 Size: 121 Object: Hidden Code [Driver: netbti, IRP_MJ_CLEANUP] Process: System Address: 0x88b8a500 Size: 121 Object: Hidden Code [Driver: netbti, IRP_MJ_PNP] Process: System Address: 0x88b8a500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_CREATE] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_CLOSE] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_POWER] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄识䜠趬, IRP_MJ_PNP] Process: System Address: 0x87a1c500 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x856371f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x879851f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP] Process: System Address: 0x879a61f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CREATE] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLOSE] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_READ] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_WRITE] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SET_INFORMATION] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SHUTDOWN] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLEANUP] Process: System Address: 0x897581f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_PNP] Process: System Address: 0x897581f8 Size: 121 Shadow SSDT ------------------- #: 317 Function Name: NtUserAttachThreadInput Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28da6c #: 397 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\Windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xae187d00 #: 428 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\Windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xae187c40 #: 430 Function Name: NtUserGetKeyState Status: Hooked by "C:\Windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xae187c90 #: 479 Function Name: NtUserMessageCall Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28db80 #: 497 Function Name: NtUserPostMessage Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28dbd8 #: 498 Function Name: NtUserPostThreadMessage Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28dc30 #: 513 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28dc88 #: 573 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28dd1e #: 576 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0xae28dcd0 ==EOF==