ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/07/22 17:41 Program Version: Version 1.3.2.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: 00000058 Image Path: \Driver\00000058 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: a6zvcdj3.SYS Image Path: C:\WINDOWS\System32\Drivers\a6zvcdj3.SYS Address: 0xF78A4000 Size: 303104 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB3E71000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\hlktmp Status: Allocation size mismatch (API: 9400320, Raw: 0) Path: c:\documents and settings\l\local settings\temp\etilqs_l42zsvvpv5eg1dzqycud Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\l\Local Settings\Temp\IH100.tmp Status: Invisible to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x804d70d9 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xf8451d1c #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xf84520bc #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x804d70de #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xf8452194 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xf8452014 #: 247 Function Name: NtSetValueKey Status: Hooked by "sptd.sys" at address 0xf8452226 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8236f1d8 Address: 151 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x821d9990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_CREATE] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_CLOSE] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_READ] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_WRITE] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_SET_INFORMATION] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_CLEANUP] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: UdfsЅః瑎て, IRP_MJ_PNP] Process: System Address: 0x82037990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_CREATE] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_CLOSE] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_POWER] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: a6zvcdj3ȅ఍敋ꁹ, IRP_MJ_PNP] Process: System Address: 0x81e8e990 Address: 447 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x81fa7990 Address: 193 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x823d81d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x823711d8 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x81f8f990 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x823d91d8 Address: 447 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x81f42990 Address: 447 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x81f42990 Address: 447 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81f42990 Address: 447 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x81f42990 Address: 447 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x81f42990 Address: 447 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x81f42990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x81f50990 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_CREATE] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_CLOSE] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_POWER] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: IdeChnDr, IRP_MJ_PNP] Process: System Address: 0x823701d8 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x81fec990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_CREATE] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_CLOSE] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_READ] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_SET_INFORMATION] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_SHUTDOWN] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_CLEANUP] Process: System Address: 0x81ebc990 Address: 447 Object: Hidden Code [Driver: Cdfsȅఋ瑓杲敒污整呒㡌㌱‹慆業祬倠, IRP_MJ_PNP] Process: System Address: 0x81ebc990 Address: 447 ==EOF==