ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2012/09/07 10:29 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAC239000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5D6000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP7926 Image Path: \Driver\PCI_PNP7926 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA8DC3000 Size: 49152 File Visible: No Signed: - Status: - Name: spsv.sys Image Path: spsv.sys Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\$NtUninstallKB15872$ Status: Locked to the Windows API! Path: C:\WINDOWS\$NtUninstallKB2079403$:SummaryInformation Status: Invisible to the Windows API! Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt Status: Size mismatch (API: 21110, Raw: 20648) Path: C:\Documents and Settings\All Users\Application Data\Pure Networks\Platform\sessionstore.js Status: Locked to the Windows API! SSDT ------------------- #: 009 Function Name: NtAddBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394708 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac4677c8 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39511c #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6401 #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff28 #: 036 Function Name: NtCreateEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff74 #: 038 Function Name: NtCreateIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a00f6 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d5db5 #: 043 Function Name: NtCreateMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39fe96 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ffb8 #: 051 Function Name: NtCreateSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39fede #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395310 #: 054 Function Name: NtCreateTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a00b0 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395a9c #: 061 Function Name: NtDeleteBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394756 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6ac7 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6d7d #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3990e4 #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6932 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d679d #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac4678ac #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3943be #: 109 Function Name: NtModifyBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3947a4 #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac399456 #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac396464 #: 114 Function Name: NtOpenEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff52 #: 115 Function Name: NtOpenEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff96 #: 117 Function Name: NtOpenIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a011a #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6111 #: 120 Function Name: NtOpenMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39febc #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac398c5a #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a003a #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff06 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac398e8c #: 131 Function Name: NtOpenTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a00d4 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac467a2c #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6618 #: 163 Function Name: NtQueryObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac396330 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d646a #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395eda #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac47330e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d5428 #: 211 Function Name: NtSetBootEntryOrder Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3947f2 #: 212 Function Name: NtSetBootOptions Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394840 #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39591c #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394448 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3945f8 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6bce #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39459e #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395bfe #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395d5a #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394668 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395632 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395794 #: 268 Function Name: NtVdmControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39488e #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395160 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x899151f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89650500 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_CREATE] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_CLOSE] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_POWER] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_PNP] Process: System Address: 0x896471f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x898a11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x895281f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x899171f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x88ef4500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x88ef4500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88ef4500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88ef4500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x88ef4500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x88ef4500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x896791f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x88e8d1f8 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_CREATE] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_CLOSE] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_READ] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_SHUTDOWN] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_CLEANUP] Process: System Address: 0x89685500 Size: 121 Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_PNP] Process: System Address: 0x89685500 Size: 121 ==EOF==