ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/04/20 11:34 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB5B0F000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA616000 Size: 8192 File Visible: No Status: - Name: PCI_PNP7336 Image Path: \Driver\PCI_PNP7336 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB4CA2000 Size: 45056 File Visible: No Status: - Name: spai.sys Image Path: spai.sys Address: 0xB9EA9000 Size: 1040384 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\cch~1cbac64ce.htp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\cch~1cbac6a36.htp Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\config\software.LOG Status: Size mismatch (API: 12288, Raw: 1024) Path: C:\Documents and Settings\Daki\Local Settings\Temp\etilqs_eCGyuLdyKMqbW1XtxDtN Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\Daki\Application Data\Azureus\logs\thread_2.log Status: Size mismatch (API: 171029, Raw: 170464) Path: C:\Documents and Settings\Daki\Application Data\Skype\kovacevic.darko\config.xml Status: Size mismatch (API: 15391, Raw: 15390) Path: C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies\DU Meter\DUMeter.sqb-journal Status: Invisible to the Windows API! Path: C:\Documents and Settings\Daki\Application Data\Mozilla\Firefox\Profiles\yr3dw3ez.default\azureus.statistics Status: Locked to the Windows API! Path: C:\Documents and Settings\Daki\Application Data\Skype\kovacevic.darko\chatsync\6b\6b548e958218f8b4.dat Status: Size mismatch (API: 14218, Raw: 12687) Path: C:\Documents and Settings\Daki\Local Settings\Application Data\Mozilla\Firefox\Profiles\yr3dw3ez.default\Cache\_CACHE_001_ Status: Size mismatch (API: 388743, Raw: 383869) SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbca72 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbd01e #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbea82 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbe438 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc1e8 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc03e4 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbce1a #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc62a #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc82a #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbe744 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc08f0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc940 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc9a8 #: 084 Function Name: NtFsControlFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbe5fa #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbfea8 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbe294 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc34a #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbcc40 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc040e #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbcb96 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbca10 #: 161 Function Name: NtQueryMultipleValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc714 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc4f2 #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc0110 #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbbe6a #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbf30c #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbbfcc #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc07c0 #: 207 Function Name: NtSaveKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbbc68 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbe924 #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbcf18 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbffa2 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc0438 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbc3a0 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc051c #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dc0648 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbfdd4 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbccea #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xb5dbcd5c Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8a5cb1f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x888c21f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_CREATE] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_CLOSE] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_POWER] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: alu45cwcȅః瑎て, IRP_MJ_PNP] Process: System Address: 0x8a2e01f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a2384c0 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x889971f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8a55e1f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x8a3c51f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a5cd1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x890c01f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x890c01f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x890c01f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x890c01f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x890c01f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x890c01f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8a3d61f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x890bd1f8 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_CREATE] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_CLOSE] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_READ] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_CLEANUP] Process: System Address: 0x8a3d5500 Size: - Object: Hidden Code [Driver: Cdfsࠅః灐畳HidUsb, IRP_MJ_PNP] Process: System Address: 0x8a3d5500 Size: -