ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/08/19 02:01 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB04E6000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79D7000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP0842 Image Path: \Driver\PCI_PNP0842 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAD0C3000 Size: 49152 File Visible: No Signed: - Status: - Name: sprm.sys Image Path: sprm.sys Address: 0xF74D6000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: Volume I:\ Status: MBR Rootkit Detected! Path: Volume I:\, Sector 1 Status: Sector mismatch Path: Volume I:\, Sector 2 Status: Sector mismatch Path: Volume I:\, Sector 3 Status: Sector mismatch Path: Volume I:\, Sector 4 Status: Sector mismatch Path: Volume I:\, Sector 5 Status: Sector mismatch Path: Volume I:\, Sector 6 Status: Sector mismatch Path: Volume I:\, Sector 7 Status: Sector mismatch Path: Volume I:\, Sector 8 Status: Sector mismatch Path: Volume I:\, Sector 9 Status: Sector mismatch Path: Volume I:\, Sector 10 Status: Sector mismatch Path: Volume I:\, Sector 11 Status: Sector mismatch Path: Volume I:\, Sector 12 Status: Sector mismatch Path: Volume I:\, Sector 13 Status: Sector mismatch Path: Volume I:\, Sector 14 Status: Sector mismatch Path: Volume I:\, Sector 15 Status: Sector mismatch Path: Volume I:\, Sector 16 Status: Sector mismatch Path: Volume I:\, Sector 17 Status: Sector mismatch Path: Volume I:\, Sector 18 Status: Sector mismatch Path: Volume I:\, Sector 19 Status: Sector mismatch Path: Volume I:\, Sector 20 Status: Sector mismatch Path: Volume I:\, Sector 21 Status: Sector mismatch Path: Volume I:\, Sector 22 Status: Sector mismatch Path: Volume I:\, Sector 23 Status: Sector mismatch Path: Volume I:\, Sector 24 Status: Sector mismatch Path: Volume I:\, Sector 25 Status: Sector mismatch Path: Volume I:\, Sector 26 Status: Sector mismatch Path: Volume I:\, Sector 27 Status: Sector mismatch Path: Volume I:\, Sector 28 Status: Sector mismatch Path: Volume I:\, Sector 29 Status: Sector mismatch Path: Volume I:\, Sector 30 Status: Sector mismatch Path: Volume I:\, Sector 31 Status: Sector mismatch Path: Volume I:\, Sector 32 Status: Sector mismatch Path: Volume I:\, Sector 33 Status: Sector mismatch Path: Volume I:\, Sector 34 Status: Sector mismatch Path: Volume I:\, Sector 35 Status: Sector mismatch Path: Volume I:\, Sector 36 Status: Sector mismatch Path: Volume I:\, Sector 37 Status: Sector mismatch Path: Volume I:\, Sector 38 Status: Sector mismatch Path: Volume I:\, Sector 39 Status: Sector mismatch Path: Volume I:\, Sector 40 Status: Sector mismatch Path: Volume I:\, Sector 41 Status: Sector mismatch Path: Volume I:\, Sector 42 Status: Sector mismatch Path: Volume I:\, Sector 43 Status: Sector mismatch Path: Volume I:\, Sector 44 Status: Sector mismatch Path: Volume I:\, Sector 45 Status: Sector mismatch Path: Volume I:\, Sector 46 Status: Sector mismatch Path: Volume I:\, Sector 47 Status: Sector mismatch Path: Volume I:\, Sector 48 Status: Sector mismatch Path: Volume I:\, Sector 49 Status: Sector mismatch Path: Volume I:\, Sector 50 Status: Sector mismatch Path: Volume I:\, Sector 51 Status: Sector mismatch Path: Volume I:\, Sector 52 Status: Sector mismatch Path: Volume I:\, Sector 53 Status: Sector mismatch Path: Volume I:\, Sector 54 Status: Sector mismatch Path: Volume I:\, Sector 55 Status: Sector mismatch Path: Volume I:\, Sector 56 Status: Sector mismatch Path: Volume I:\, Sector 57 Status: Sector mismatch Path: Volume I:\, Sector 58 Status: Sector mismatch Path: Volume I:\, Sector 59 Status: Sector mismatch Path: Volume I:\, Sector 60 Status: Sector mismatch Path: Volume I:\, Sector 61 Status: Sector mismatch Path: Volume I:\, Sector 62 Status: Sector mismatch SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "sprm.sys" at address 0xf74d70e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sprm.sys" at address 0xf74f5ca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sprm.sys" at address 0xf74f6030 #: 119 Function Name: NtOpenKey Status: Hooked by "sprm.sys" at address 0xf74d70c0 #: 160 Function Name: NtQueryKey Status: Hooked by "sprm.sys" at address 0xf74f6108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sprm.sys" at address 0xf74f5f88 #: 247 Function Name: NtSetValueKey Status: Hooked by "sprm.sys" at address 0xf74f619a Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8aa131f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x8a6b4498 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_CREATE] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_CLOSE] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_POWER] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: a7rq78s4ȅ卆浩ȁఅ瑎獆끘뺐ĸ, IRP_MJ_PNP] Process: System Address: 0x8a5b31f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a6d91f8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x8a6cd3c8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8a65e1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a9a81f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8a6f91f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8a6f91f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a6f91f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a6f91f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8a6f91f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8a6f91f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8a6311f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_CREATE] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_CLOSE] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_POWER] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_PNP] Process: System Address: 0x8a9a61f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8a58a500 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_CREATE] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_CLOSE] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_READ] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_CLEANUP] Process: System Address: 0x8a7c44b8 Size: 121 Object: Hidden Code [Driver: CdfsЅఄ扏济SmApiPortem, IRP_MJ_PNP] Process: System Address: 0x8a7c44b8 Size: 121 ==EOF==