ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/01/28 17:23 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8B87E000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8B873000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x97F4C000 Size: 49152 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: spyz.sys Image Path: C:\Windows\System32\Drivers\spyz.sys Address: 0x80690000 Size: 1048576 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings Status: Locked to the Windows API! Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\ProgramData\Application Data Status: Locked to the Windows API! Path: C:\ProgramData\Desktop Status: Locked to the Windows API! Path: C:\ProgramData\Documents Status: Locked to the Windows API! Path: C:\ProgramData\Favorites Status: Locked to the Windows API! Path: C:\ProgramData\Start Menu Status: Locked to the Windows API! Path: C:\ProgramData\Templates Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9eb0d331-0919-11df-96d3-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9eb0d335-0919-11df-96d3-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9eb0d339-0919-11df-96d3-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9eb0d33d-0919-11df-96d3-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{e400d309-0a99-11df-9c5c-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{e400d30d-0a99-11df-9c5c-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{ecb5fa92-0852-11df-afc4-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{1f4d1a7f-0b38-11df-aabb-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{1f4d1a8d-0b38-11df-aabb-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{1f4d1a91-0b38-11df-aabb-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{22d32797-09f0-11df-8724-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{366e0877-0a63-11df-b424-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{366e088c-0a63-11df-b424-00030d99e1ef}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Users\All Users Status: Locked to the Windows API! Path: C:\Users\Default User Status: Locked to the Windows API! Path: C:\Users\Default\Application Data Status: Locked to the Windows API! Path: C:\Users\Default\Cookies Status: Locked to the Windows API! Path: C:\Users\Default\Local Settings Status: Locked to the Windows API! Path: C:\Users\Default\My Documents Status: Locked to the Windows API! Path: C:\Users\Default\NetHood Status: Locked to the Windows API! Path: C:\Users\Default\PrintHood Status: Locked to the Windows API! Path: C:\Users\Default\Recent Status: Locked to the Windows API! Path: C:\Users\Default\SendTo Status: Locked to the Windows API! Path: C:\Users\Default\Start Menu Status: Locked to the Windows API! Path: C:\Users\Default\Templates Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Music Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Pictures Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Videos Status: Locked to the Windows API! Path: C:\Users\Public\Documents\My Music Status: Locked to the Windows API! Path: C:\Users\Public\Documents\My Pictures Status: Locked to the Windows API! Path: C:\Users\Public\Documents\My Videos Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML Status: Locked to the Windows API! Path: c:\windows\temp\_avast5_\unp199956830.tmp Status: Allocation size mismatch (API: 4096, Raw: 0) Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_43ebc81abe5eccc7\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\WGXINS~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6002.18005_none_83a8694719af9b52\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6002.18005_none_75afde35f873240b\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6002.18005_none_75afde35f873240b\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.16708_none_ddb4cf58a13aa0ca\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.20864_none_ddf98b73ba8c82de\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18096_none_df37bc389eabfd5f\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.22208_none_e024aac9b77ed185\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6002.18005_none_e17e82d49b8a3528\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.16708_none_65c29499dcf31c4e\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.20864_none_660750b4f644fe62\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.22208_none_6832700af3374d09\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6002.18005_none_698c4815d742b0ac\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_none_2d53319bd8bdd1a6\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_none_2de0cf8ef1d7d6cc\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Users\Default\AppData\Local\Application Data Status: Locked to the Windows API! Path: C:\Users\Default\AppData\Local\History Status: Locked to the Windows API! Path: C:\Users\Default\AppData\Local\Temporary Internet Files Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MAN Status: Locked to the Windows API! Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN Status: Locked to the Windows API! Path: C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL Status: Locked to the Windows API! Path: c:\users\grizzle\appdata\local\temp\~df90b1.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\users\grizzle\appdata\local\temp\~df9f52.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\users\grizzle\appdata\local\temp\~dfb144.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\users\grizzle\appdata\local\temp\~dfb7a9.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM Status: Locked to the Windows API! Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5DF7~1.XRM Status: LoProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1244 Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x84a2b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x84a2a1f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_READ] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP] Process: System Address: 0x858e81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x858e11f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x85f431f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x85f431f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85f431f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85f431f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x85f431f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x85f431f8 Size: 121 Object: Hidden Code [Driver: netbt藊ā, IRP_MJ_CREATE] Process: System Address: 0x8637d500 Size: 121 Object: Hidden Code [Driver: netbt藊ā, IRP_MJ_CLOSE] Process: System Address: 0x8637d500 Size: 121 Object: Hidden Code [Driver: netbt藊ā, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8637d500 Size: 121 Object: Hidden Code [Driver: netbt藊ā, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8637d500 Size: 121 Object: Hidden Code [Driver: netbt藊ā, IRP_MJ_CLEANUP] Process: System Address: 0x8637d500 Size: 121 Object: Hidden Code [Driver: netbt藊ā, IRP_MJ_PNP] Process: System Address: 0x8637d500 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_CREATE] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_CLOSE] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_POWER] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtм牉⁰ǘ, IRP_MJ_PNP] Process: System Address: 0x859381f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x83c6f1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x858e21f8 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_CREATE] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_CLOSE] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_READ] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_WRITE] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_QUERY_EA] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SET_EA] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SHUTDOWN] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_CLEANUP] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SET_SECURITY] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_POWER] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_SET_QUOTA] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: mrxsmb⢈謻Е楆敖菄, IRP_MJ_PNP] Process: System Address: 0x85920500 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_CREATE] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_CLOSE] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_READ] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_WRITE] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_SET_INFORMATION] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_SHUTDOWN] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_CLEANUP] Process: System Address: 0x842791f8 Size: 121 Object: Hidden Code [Driver: cdfsЇ慖⁤鳃赢윐赽葉㚠, IRP_MJ_PNP] Process: System Address: 0x842791f8 Size: 121 ==EOF==