ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/03/03 23:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: a3yvz5ld.SYS Image Path: C:\WINDOWS\System32\Drivers\a3yvz5ld.SYS Address: 0xF5E76000 Size: 303104 File Visible: No Signed: - Status: - Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x9AB49000 Size: 876544 File Visible: No Signed: - Status: - Name: PCI_NTPNP2382 Image Path: \Driver\PCI_NTPNP2382 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9BB1D000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: Volume H:\ Status: MBR Rootkit Detected! Path: Volume H:\, Sector 1 Status: Sector mismatch Path: Volume H:\, Sector 2 Status: Sector mismatch Path: Volume H:\, Sector 3 Status: Sector mismatch Path: Volume H:\, Sector 4 Status: Sector mismatch Path: Volume H:\, Sector 5 Status: Sector mismatch Path: Volume H:\, Sector 6 Status: Sector mismatch Path: Volume H:\, Sector 7 Status: Sector mismatch Path: Volume H:\, Sector 8 Status: Sector mismatch Path: Volume H:\, Sector 9 Status: Sector mismatch Path: Volume H:\, Sector 10 Status: Sector mismatch Path: Volume H:\, Sector 11 Status: Sector mismatch Path: Volume H:\, Sector 12 Status: Sector mismatch Path: Volume H:\, Sector 13 Status: Sector mismatch Path: Volume H:\, Sector 14 Status: Sector mismatch Path: Volume H:\, Sector 15 Status: Sector mismatch Path: Volume H:\, Sector 16 Status: Sector mismatch Path: Volume H:\, Sector 17 Status: Sector mismatch Path: Volume H:\, Sector 18 Status: Sector mismatch Path: Volume H:\, Sector 19 Status: Sector mismatch Path: Volume H:\, Sector 20 Status: Sector mismatch Path: Volume H:\, Sector 21 Status: Sector mismatch Path: Volume H:\, Sector 22 Status: Sector mismatch Path: Volume H:\, Sector 23 Status: Sector mismatch Path: Volume H:\, Sector 24 Status: Sector mismatch Path: Volume H:\, Sector 25 Status: Sector mismatch Path: Volume H:\, Sector 26 Status: Sector mismatch Path: Volume H:\, Sector 27 Status: Sector mismatch Path: Volume H:\, Sector 28 Status: Sector mismatch Path: Volume H:\, Sector 29 Status: Sector mismatch Path: Volume H:\, Sector 30 Status: Sector mismatch Path: Volume H:\, Sector 31 Status: Sector mismatch Path: Volume H:\, Sector 32 Status: Sector mismatch Path: Volume H:\, Sector 33 Status: Sector mismatch Path: Volume H:\, Sector 34 Status: Sector mismatch Path: Volume H:\, Sector 35 Status: Sector mismatch Path: Volume H:\, Sector 36 Status: Sector mismatch Path: Volume H:\, Sector 37 Status: Sector mismatch Path: Volume H:\, Sector 38 Status: Sector mismatch Path: Volume H:\, Sector 39 Status: Sector mismatch Path: Volume H:\, Sector 40 Status: Sector mismatch Path: Volume H:\, Sector 41 Status: Sector mismatch Path: Volume H:\, Sector 42 Status: Sector mismatch Path: Volume H:\, Sector 43 Status: Sector mismatch Path: Volume H:\, Sector 44 Status: Sector mismatch Path: Volume H:\, Sector 45 Status: Sector mismatch Path: Volume H:\, Sector 46 Status: Sector mismatch Path: Volume H:\, Sector 47 Status: Sector mismatch Path: Volume H:\, Sector 48 Status: Sector mismatch Path: Volume H:\, Sector 49 Status: Sector mismatch Path: Volume H:\, Sector 50 Status: Sector mismatch Path: Volume H:\, Sector 51 Status: Sector mismatch Path: Volume H:\, Sector 52 Status: Sector mismatch Path: Volume H:\, Sector 53 Status: Sector mismatch Path: Volume H:\, Sector 54 Status: Sector mismatch Path: Volume H:\, Sector 55 Status: Sector mismatch Path: Volume H:\, Sector 56 Status: Sector mismatch Path: Volume H:\, Sector 57 Status: Sector mismatch Path: Volume H:\, Sector 58 Status: Sector mismatch Path: Volume H:\, Sector 59 Status: Sector mismatch Path: Volume H:\, Sector 60 Status: Sector mismatch Path: Volume H:\, Sector 61 Status: Sector mismatch Path: Volume H:\, Sector 62 Status: Sector mismatch Path: Volume K:\ Status: MBR Rootkit Detected! Path: Volume K:\, Sector 1 Status: Sector mismatch Path: Volume K:\, Sector 2 Status: Sector mismatch Path: Volume K:\, Sector 3 Status: Sector mismatch Path: Volume K:\, Sector 4 Status: Sector mismatch Path: Volume K:\, Sector 5 Status: Sector mismatch Path: Volume K:\, Sector 6 Status: Sector mismatch Path: Volume K:\, Sector 7 Status: Sector mismatch Path: Volume K:\, Sector 8 Status: Sector mismatch Path: Volume K:\, Sector 9 Status: Sector mismatch Path: Volume K:\, Sector 10 Status: Sector mismatch Path: Volume K:\, Sector 11 Status: Sector mismatch Path: Volume K:\, Sector 12 Status: Sector mismatch Path: Volume K:\, Sector 13 Status: Sector mismatch Path: Volume K:\, Sector 14 Status: Sector mismatch Path: Volume K:\, Sector 15 Status: Sector mismatch Path: Volume K:\, Sector 16 Status: Sector mismatch Path: Volume K:\, Sector 17 Status: Sector mismatch Path: Volume K:\, Sector 18 Status: Sector mismatch Path: Volume K:\, Sector 19 Status: Sector mismatch Path: Volume K:\, Sector 20 Status: Sector mismatch Path: Volume K:\, Sector 21 Status: Sector mismatch Path: Volume K:\, Sector 22 Status: Sector mismatch Path: Volume K:\, Sector 23 Status: Sector mismatch Path: Volume K:\, Sector 24 Status: Sector mismatch Path: Volume K:\, Sector 25 Status: Sector mismatch Path: Volume K:\, Sector 26 Status: Sector mismatch Path: Volume K:\, Sector 27 Status: Sector mismatch Path: Volume K:\, Sector 28 Status: Sector mismatch Path: Volume K:\, Sector 29 Status: Sector mismatch Path: Volume K:\, Sector 30 Status: Sector mismatch Path: Volume K:\, Sector 31 Status: Sector mismatch Path: Volume K:\, Sector 32 Status: Sector mismatch Path: Volume K:\, Sector 33 Status: Sector mismatch Path: Volume K:\, Sector 34 Status: Sector mismatch Path: Volume K:\, Sector 35 Status: Sector mismatch Path: Volume K:\, Sector 36 Status: Sector mismatch Path: Volume K:\, Sector 37 Status: Sector mismatch Path: Volume K:\, Sector 38 Status: Sector mismatch Path: Volume K:\, Sector 39 Status: Sector mismatch Path: Volume K:\, Sector 40 Status: Sector mismatch Path: Volume K:\, Sector 41 Status: Sector mismatch Path: Volume K:\, Sector 42 Status: Sector mismatch Path: Volume K:\, Sector 43 Status: Sector mismatch Path: Volume K:\, Sector 44 Status: Sector mismatch Path: Volume K:\, Sector 45 Status: Sector mismatch Path: Volume K:\, Sector 46 Status: Sector mismatch Path: Volume K:\, Sector 47 Status: Sector mismatch Path: Volume K:\, Sector 48 Status: Sector mismatch Path: Volume K:\, Sector 49 Status: Sector mismatch Path: Volume K:\, Sector 50 Status: Sector mismatch Path: Volume K:\, Sector 51 Status: Sector mismatch Path: Volume K:\, Sector 52 Status: Sector mismatch Path: Volume K:\, Sector 53 Status: Sector mismatch Path: Volume K:\, Sector 54 Status: Sector mismatch Path: Volume K:\, Sector 55 Status: Sector mismatch Path: Volume K:\, Sector 56 Status: Sector mismatch Path: Volume K:\, Sector 57 Status: Sector mismatch Path: Volume K:\, Sector 58 Status: Sector mismatch Path: Volume K:\, Sector 59 Status: Sector mismatch Path: Volume K:\, Sector 60 Status: Sector mismatch Path: Volume K:\, Sector 61 Status: Sector mismatch Path: Volume K:\, Sector 62 Status: Sector mismatch Path: Volume M:\ Status: MBR Rootkit Detected! Path: Volume M:\, Sector 4 Status: Sector mismatch Path: Volume M:\, Sector 5 Status: Sector mismatch Path: Volume M:\, Sector 6 Status: Sector mismatch Path: Volume M:\, Sector 62 Status: Sector mismatch Path: Volume X:\ Status: MBR Rootkit Detected! Path: Volume X:\, Sector 2 Status: Sector mismatch Path: Volume X:\, Sector 3 Status: Sector mismatch Path: Volume X:\, Sector 4 Status: Sector mismatch Path: Volume X:\, Sector 5 Status: Sector mismatch Path: Volume X:\, Sector 6 Status: Sector mismatch Path: Volume X:\, Sector 7 Status: Sector mismatch Path: Volume X:\, Sector 9 Status: Sector mismatch Path: Volume X:\, Sector 11 Status: Sector mismatch Path: Volume X:\, Sector 12 Status: Sector mismatch Path: Volume X:\, Sector 14 Status: Sector mismatch Path: Volume X:\, Sector 15 Status: Sector mismatch Path: Volume X:\, Sector 16 Status: Sector mismatch Path: Volume X:\, Sector 17 Status: Sector mismatch Path: Volume X:\, Sector 18 Status: Sector mismatch Path: Volume X:\, Sector 19 Status: Sector mismatch Path: Volume X:\, Sector 20 Status: Sector mismatch Path: Volume X:\, Sector 21 Status: Sector mismatch Path: Volume X:\, Sector 22 Status: Sector mismatch Path: Volume X:\, Sector 23 Status: Sector mismatch Path: Volume X:\, Sector 24 Status: Sector mismatch Path: Volume X:\, Sector 25 Status: Sector mismatch Path: Volume X:\, Sector 26 Status: Sector mismatch Path: Volume X:\, Sector 27 Status: Sector mismatch Path: Volume X:\, Sector 28 Status: Sector mismatch Path: Volume X:\, Sector 29 Status: Sector mismatch Path: Volume X:\, Sector 30 Status: Sector mismatch Path: Volume X:\, Sector 31 Status: Sector mismatch Path: Volume X:\, Sector 32 Status: Sector mismatch Path: Volume X:\, Sector 33 Status: Sector mismatch Path: Volume X:\, Sector 34 Status: Sector mismatch Path: Volume X:\, Sector 35 Status: Sector mismatch Path: Volume X:\, Sector 36 Status: Sector mismatch Path: Volume X:\, Sector 37 Status: Sector mismatch Path: Volume X:\, Sector 38 Status: Sector mismatch Path: Volume X:\, Sector 39 Status: Sector mismatch Path: Volume X:\, Sector 40 Status: Sector mismatch Path: Volume X:\, Sector 41 Status: Sector mismatch Path: Volume X:\, Sector 42 Status: Sector mismatch Path: Volume X:\, Sector 43 Status: Sector mismatch Path: Volume X:\, Sector 44 Status: Sector mismatch Path: Volume X:\, Sector 45 Status: Sector mismatch Path: Volume X:\, Sector 46 Status: Sector mismatch Path: Volume X:\, Sector 47 Status: Sector mismatch Path: Volume X:\, Sector 48 Status: Sector mismatch Path: Volume X:\, Sector 49 Status: Sector mismatch Path: Volume X:\, Sector 50 Status: Sector mismatch Path: Volume X:\, Sector 51 Status: Sector mismatch Path: Volume X:\, Sector 52 Status: Sector mismatch Path: Volume X:\, Sector 53 Status: Sector mismatch Path: Volume X:\, Sector 54 Status: Sector mismatch Path: Volume X:\, Sector 55 Status: Sector mismatch Path: Volume X:\, Sector 56 Status: Sector mismatch Path: Volume X:\, Sector 57 Status: Sector mismatch Path: Volume X:\, Sector 58 Status: Sector mismatch Path: Volume X:\, Sector 59 Status: Sector mismatch Path: Volume X:\, Sector 60 Status: Sector mismatch Path: Volume X:\, Sector 61 Status: Sector mismatch Path: Volume X:\, Sector 62 Status: Sector mismatch SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "" at address 0x9bd88626 #: 053 Function Name: NtCreateThread Status: Hooked by "" at address 0x9bd8861c #: 063 Function Name: NtDeleteKey Status: Hooked by "" at address 0x9bd8862b #: 065 Function Name: NtDeleteValueKey Status: Hooked by "" at address 0x9bd88635 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xf72b2a92 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xf72b2e20 #: 098 Function Name: NtLoadKey Status: Hooked by "" at address 0x9bd8863a #: 119 Function Name: NtOpenKey Status: Hooked by "sptd.sys" at address 0xf72ad090 #: 122 Function Name: NtOpenProcess Status: Hooked by "" at address 0x9bd88608 #: 128 Function Name: NtOpenThread Status: Hooked by "" at address 0x9bd8860d #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xf72b2ef8 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xf72b2d78 #: 193 Function Name: NtReplaceKey Status: Hooked by "" at address 0x9bd88644 #: 204 Function Name: NtRestoreKey Status: Hooked by "" at address 0x9bd8863f #: 247 Function Name: NtSetValueKey Status: Hooked by "" at address 0x9bd88630 #: 257 Function Name: NtTerminateProcess Status: Hooked by "" at address 0x9bd88617 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8b0a51e8 Size: 463 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x8a39f4f0 Size: 167 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8b027818 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_CREATE] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_CLOSE] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_POWER] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: a3yvz5ldࠅఅ坓慤㎸寀괄榔鏯ᇐ첣ꀀ⋉阱, IRP_MJ_PNP] Process: System Address: 0x8a5781e8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x8a06c5d8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8b0a71e8 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8a5bc6f0 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP] Process: System Address: 0x8b0a61e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8b11a1e8 Size: 463 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8a23e980 Size: 463 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8a23e980 Size: 463 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a23e980 Size: 463 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a23e980 Size: 463 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8a23e980 Size: 463 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8a23e980 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8a5cc558 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8a21c980 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_CREATE] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_CLOSE] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_READ] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_CLEANUP] Process: System Address: 0x8a00e3d8 Size: 463 Object: Hidden Code [Driver: Cdfsࠅఇ䵃慖, IRP_MJ_PNP] Process: System Address: 0x8a00e3d8 Size: 463 ==EOF==