SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\smss.exe PID: 568 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\csrss.exe PID: 636 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\winlogon.exe PID: 660 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 704 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\lsass.exe PID: 716 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 868 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 944 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 984 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1016 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1248 Hidden: No Window Visible: No Name: C:\WINDOWS\explorer.exe PID: 1364 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1440 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spoolsv.exe PID: 1552 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1628 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe PID: 1668 Hidden: No Window Visible: No Name: C:\Program Files\Bonjour\mDNSResponder.exe PID: 1680 Hidden: No Window Visible: No Name: C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PID: 1740 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jqs.exe PID: 1796 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe PID: 1912 Hidden: No Window Visible: No Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe PID: 1996 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG8\avgrsx.exe PID: 232 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\igfxtray.exe PID: 340 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\hkcmd.exe PID: 416 Hidden: No Window Visible: No Name: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PID: 440 Hidden: No Window Visible: No Name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe PID: 452 Hidden: No Window Visible: No Name: C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PID: 484 Hidden: No Window Visible: No Name: C:\Program Files\Nero\Nero 7\InCD\InCD.exe PID: 504 Hidden: No Window Visible: No Name: C:\Program Files\lg_fwupdate\fwupdate.exe PID: 544 Hidden: No Window Visible: No Name: C:\Program Files\QuickTime\qttask.exe PID: 600 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jusched.exe PID: 624 Hidden: No Window Visible: No Name: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe PID: 828 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe PID: 836 Hidden: No Window Visible: No Name: C:\Program Files\dvd43\DVD43_Tray.exe PID: 1008 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe PID: 1072 Hidden: No Window Visible: No Name: C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe PID: 1472 Hidden: No Window Visible: No Name: C:\Program Files\Messenger\msmsgs.exe PID: 1592 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2312 Hidden: No Window Visible: No Name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PID: 4092 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wscntfy.exe PID: 2176 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\alg.exe PID: 2264 Hidden: No Window Visible: No Name: C:\Documents and Settings\Administrator\Desktop\SysProt\SysProt.exe PID: 3708 Hidden: No Window Visible: Yes ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \??\C:\Documents and Settings\Administrator\Desktop\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: ECF62000 Module End: ECF6D000 Hidden: No Module Name: \WINDOWS\system32\ntoskrnl.exe Service Name: --- Module Base: 804D7000 Module End: 806ED700 Hidden: No Module Name: \WINDOWS\system32\hal.dll Service Name: --- Module Base: 806EE000 Module End: 8070E300 Hidden: No Module Name: \WINDOWS\system32\KDCOM.DLL Service Name: --- Module Base: F7B97000 Module End: F7B99000 Hidden: No Module Name: \WINDOWS\system32\BOOTVID.dll Service Name: --- Module Base: F7AA7000 Module End: F7AAA000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ACPI.sys Service Name: ACPI Module Base: F7648000 Module End: F7676000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS Service Name: --- Module Base: F7B99000 Module End: F7B9B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pci.sys Service Name: PCI Module Base: F7637000 Module End: F7648000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\isapnp.sys Service Name: isapnp Module Base: F7697000 Module End: F76A1000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PCIIde.sys Service Name: PCIIde Module Base: F7C5F000 Module End: F7C60000 Hidden: No Module Name: \WINDOWS\System32\Drivers\PCIIDEX.SYS Service Name: --- Module Base: F7917000 Module End: F791E000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\intelide.sys Service Name: IntelIde Module Base: F7B9B000 Module End: F7B9D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys Service Name: MountMgr Module Base: F76A7000 Module End: F76B2000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys Service Name: Disk Module Base: F7618000 Module End: F7637000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmload.sys Service Name: dmload Module Base: F7B9D000 Module End: F7B9F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmio.sys Service Name: dmio Module Base: F75F2000 Module End: F7618000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys Service Name: PartMgr Module Base: F791F000 Module End: F7924000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys Service Name: VolSnap Module Base: F76B7000 Module End: F76C4000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\atapi.sys Service Name: atapi Module Base: F75DA000 Module End: F75F2000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\disk.sys Service Name: --- Module Base: F76C7000 Module End: F76D0000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Service Name: --- Module Base: F76D7000 Module End: F76E4000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: F75BA000 Module End: F75DA000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sr.sys Service Name: sr Module Base: F75A8000 Module End: F75BA000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ikfilesec.sys Service Name: IKFileSec Module Base: F76E7000 Module End: F76F5000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: F76F7000 Module End: F7700000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys Service Name: KSecDD Module Base: F7591000 Module End: F75A8000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys Service Name: WudfPf Module Base: F757E000 Module End: F7591000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys Service Name: Ntfs Module Base: F74F1000 Module End: F757E000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\NDIS.sys Service Name: NDIS Module Base: F74C4000 Module End: F74F1000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Mup.sys Service Name: Mup Module Base: F74AA000 Module End: F74C4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: F7857000 Module End: F7860000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys Service Name: ialm Module Base: F743A000 Module End: F7451000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Service Name: --- Module Base: F7426000 Module End: F743A000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: F799F000 Module End: F79A5000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: F7402000 Module End: F7426000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: F79A7000 Module End: F79AF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\e1000325.sys Service Name: E1000 Module Base: F73E3000 Module End: F7402000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\smserial.sys Service Name: Serial Module Base: F72F2000 Module End: F73E3000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS Service Name: Modem Module Base: F79AF000 Module End: F79B7000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Service Name: i8042prt Module Base: F7867000 Module End: F7874000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Service Name: Kbdclass Module Base: F79B7000 Module End: F79BD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys Service Name: Mouclass Module Base: F79BF000 Module End: F79C5000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys Service Name: --- Module Base: F7877000 Module End: F7887000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys Service Name: serenum Module Base: F7B2F000 Module End: F7B33000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys Service Name: Parport Module Base: F72DE000 Module End: F72F2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys Service Name: Imapi Module Base: F7887000 Module End: F7892000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\dvd43llh.sys Service Name: dvd43llh Module Base: F79CF000 Module End: F79D4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys Service Name: Cdrom Module Base: F7897000 Module End: F78A7000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys Service Name: redbook Module Base: F78A7000 Module End: F78B6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys Service Name: --- Module Base: F72BB000 Module End: F72DE000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\InCDPass.sys Service Name: InCDPass Module Base: F79D7000 Module End: F79DF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\InCDRm.sys Service Name: incdrm Module Base: F78B7000 Module End: F78C0000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\smwdm.sys Service Name: smwdm Module Base: F723A000 Module End: F72BB000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\portcls.sys Service Name: --- Module Base: F7216000 Module End: F723A000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\drmk.sys Service Name: --- Module Base: F78C7000 Module End: F78D6000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\aeaudio.sys Service Name: aeaudio Module Base: F7BB3000 Module End: F7BB5000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys Service Name: audstub Module Base: F7D08000 Module End: F7D09000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: F78D7000 Module End: F78E4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: F7B3B000 Module End: F7B3E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: F71FF000 Module End: F7216000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: F78E7000 Module End: F78F2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: F78F7000 Module End: F7903000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: F79DF000 Module End: F79E4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys Service Name: PSched Module Base: F71EE000 Module End: F71FF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys Service Name: Gpc Module Base: F7907000 Module End: F7910000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys Service Name: Ptilink Module Base: F79E7000 Module End: F79EC000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys Service Name: Raspti Module Base: F79EF000 Module End: F79F4000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: F71BE000 Module End: F71EE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: F7717000 Module End: F7721000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: F7BB5000 Module End: F7BB7000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\update.sys Service Name: Update Module Base: F7098000 Module End: F70F6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: F7B57000 Module End: F7B5B000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: F7727000 Module End: F7731000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ialmkchw.sys Service Name: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Module Base: EF000000 Module End: EF018000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ialmsbw.sys Service Name: {6080A529-897E-4629-A488-ABA0C29B635E} Module Base: EEFB9000 Module End: EEFD7000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: F7747000 Module End: F7756000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: F7BB7000 Module End: F7BB9000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys Service Name: MODEMCSA Module Base: F7B7B000 Module End: F7B7F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys Service Name: Flpydisk Module Base: F79F7000 Module End: F79FC000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\iksysflt.sys Service Name: IKSysFlt Module Base: EE897000 Module End: EE8AC000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\KCOM.SYS Service Name: --- Module Base: F7767000 Module End: F7775000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\iksyssec.sys Service Name: IKSysSec Module Base: EE880000 Module End: EE897000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: F7BB9000 Module End: F7BBB000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Null.SYS Service Name: Null Module Base: F7D74000 Module End: F7D75000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS Service Name: Beep Module Base: F7BBB000 Module End: F7BBD000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\vga.sys Service Name: VgaSave Module Base: F7A0F000 Module End: F7A15000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS Service Name: mnmdd Module Base: F7BBD000 Module End: F7BBF000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: F7BBF000 Module End: F7BC1000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\InCDrec.SYS Service Name: InCDrec Module Base: F7B8F000 Module End: F7B92000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\InCDFs.sys Service Name: InCDfs Module Base: EE844000 Module End: EE860000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: F7A17000 Module End: F7A1C000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: F7A1F000 Module End: F7A27000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: F7B93000 Module End: F7B96000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys Service Name: IPSec Module Base: EE831000 Module End: EE844000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys Service Name: Tcpip Module Base: EE7D8000 Module End: EE831000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys Service Name: NetBT Module Base: EE7B0000 Module End: EE7D8000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\afd.sys Service Name: AFD Module Base: EE78E000 Module End: EE7B0000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: F7777000 Module End: F7780000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys Service Name: Rdbss Module Base: EE763000 Module End: EE78E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Service Name: MRxSmb Module Base: EE6F3000 Module End: EE763000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS Service Name: Fips Module Base: F7787000 Module End: F7792000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys Service Name: IpNat Module Base: EE6CD000 Module End: EE6F3000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: F7797000 Module End: F77A0000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys Service Name: AvgMfx86 Module Base: F7A2F000 Module End: F7A35000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys Service Name: AvgLdx86 Module Base: EE654000 Module End: EE6A5000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Service Name: USBSTOR Module Base: F7A3F000 Module End: F7A46000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS Service Name: Fastfat Module Base: EE630000 Module End: EE654000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: EE618000 Module End: EE630000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F7BCF000 Module End: F7BD1000 Hidden: Yes Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys Service Name: --- Module Base: F71A2000 Module End: F71A5000 Hidden: No Module Name: C:\WINDOWS\System32\watchdog.sys Service Name: --- Module Base: F7A5F000 Module End: F7A64000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys Service Name: --- Module Base: F7D37000 Module End: F7D38000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: EE4EC000 Module End: EE4F0000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Service Name: MRxDAV Module Base: EE203000 Module End: EE230000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS Service Name: ParVdm Module Base: F7BF3000 Module End: F7BF5000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys Service Name: wdmaud Module Base: EE0D6000 Module End: EE0EB000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys Service Name: sysaudio Module Base: EE2E0000 Module End: EE2EF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys Service Name: Srv Module Base: ED9D2000 Module End: EDA24000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS Service Name: Cdfs Module Base: ED732000 Module End: ED742000 Hidden: No Module Name: \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys Service Name: --- Module Base: F7CD2000 Module End: F7CD3000 Hidden: Yes Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys Service Name: HTTP Module Base: ECE79000 Module End: ECEBA000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys Service Name: Fdc Module Base: F79C7000 Module End: F79CE000 Hidden: No ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwCreateKey Address: EE89E7A6 Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwCreateProcess Address: EE89B794 Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwCreateProcessEx Address: EE89BF1E Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwDeleteKey Address: EE89F1F0 Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwDeleteValueKey Address: EE89F42A Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwRenameKey Address: EE8A012A Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwSetValueKey Address: EE89F83C Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwTerminateProcess Address: EE89AD0A Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys Function Name: ZwWriteVirtualMemory Address: EE89A384 Driver Base: EE897000 Driver End: EE8AC000 Driver Name: \SystemRoot\system32\drivers\iksysflt.sys ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** IRP Hooks: Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: F79D0B20 Hooking Module: C:\WINDOWS\System32\DRIVERS\dvd43llh.sys ****************************************************************************************** ****************************************************************************************** Ports: Local Address: WORKVENT-BDFC0A:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: WORKVENT-BDFC0A:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: WORKVENT-BDFC0A:1036 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: WORKVENT-BDFC0A:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: WORKVENT-BDFC0A:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: WORKVENT-BDFC0A:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: WORKVENT-BDFC0A:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: WORKVENT-BDFC0A:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: WORKVENT-BDFC0A:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: WORKVENT-BDFC0A:1025 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: WORKVENT-BDFC0A:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: WORKVENT-BDFC0A:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{7177A317-3555-4C42-A809-AF77D401ADB6} Status: Access denied