IOF

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/02/09 15:49

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP1

==================================================

 

Drivers

-------------------

Name: dump_iaStor.sys

Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys

Address: 0x8A90A000     Size: 815104    File Visible: No        Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xB3777000     Size: 49152     File Visible: No        Signed: -

Status: -

 

Name: spmt.sys

Image Path: C:\Windows\System32\Drivers\spmt.sys

Address: 0x80694000     Size: 1048576   File Visible: No        Signed: -

Status: -

 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000     Size: 0 File Visible: No        Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\System Volume Information\{ace728af-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace728ca-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace72928-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace72960-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace729a1-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace729d5-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace72a14-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ace72a3e-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{be2989c4-e5f3-11de-835b-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{f85c0137-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{f85c0168-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{f85c019d-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{f85c01f6-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{5a1401ac-f764-11de-9216-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{7201103f-e647-11de-8870-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{7201105b-e647-11de-8870-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$I7KHDVO.dat

Status: Visible to the Windows API, but not on disk.

 

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$I9B31E5.dmp

Status: Visible to the Windows API, but not on disk.

 

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$IWUDRLF.txt

Status: Visible to the Windows API, but not on disk.

 

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$R7KHDVO.dat

Status: Visible to the Windows API, but not on disk.

 

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$R9B31E5.dmp

Status: Visible to the Windows API, but not on disk.

 

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$RWUDRLF.txt

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Windows\System32\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\ProgramData\Microsoft\Windows Defender\Quarantine

Status: Locked to the Windows API!

 

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\drivers\sfi.dat

Status: Locked to the Windows API!

 

Path: c:\windows\temp\dwdd703.tmp\rootrepeal.exe.hu.kdmp

Status: Allocation size mismatch (API: 26476544, Raw: 0)

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d08b763a442c70c2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.1833_none_4dddbf6711947267.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_03c84dcc205e88fb.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_516c26fb0f4a960b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_cbf00aee470f5fb7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d1c5318643596706.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_49ed4131141912ee.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_4db05f807dd45954.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-aero_31bf3856ad364e35_6.0.6001.18000_none_abe3118b19699649\aero.msstyles.vgorg

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll.vgorg

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll.vgorg

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6001.18000_none_a5e49ad4068f9b12\uxtheme.dll.vgorg

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18865_none_474fb235c4186a78\$$DeleteMe.ieframe.dll.01ca9c1d67aaec80.0002

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18865_none_2a50efefa27d9172\$$DeleteMe.iertutil.dll.01ca9c1d67a08c40.0001

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_c5e14f032f533a9c\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_c6260b1e48a51cb0\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_c7643be32cc49731\_SERVI~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_4180b46a5c473b6d\_SMSVC~1.H

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad36Processes

-------------------

Path: System

PID: 4  Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1388       Status: Locked to the Windows API!

 

SSDT

-------------------

#: 012  Function Name: NtAdjustPrivilegesToken

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe00fa

 

#: 021  Function Name: NtAlpcConnectPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe10a8

 

#: 022  Function Name: NtAlpcCreatePort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe02e0

 

#: 054  Function Name: NtConnectPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf472

 

#: 060  Function Name: NtCreateFile

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5660d8

 

#: 064  Function Name: NtCreateKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d584aa6

 

#: 071  Function Name: NtCreatePort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf150

 

#: 075  Function Name: NtCreateSection

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdfb0c

 

#: 077  Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe0d7e

 

#: 078  Function Name: NtCreateThread

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abded16

 

#: 122  Function Name: NtDeleteFile

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d566f9a

 

#: 123  Function Name: NtDeleteKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5864bc

 

#: 126  Function Name: NtDeleteValueKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d585db2

 

#: 129  Function Name: NtDuplicateObject

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdea78

 

#: 165  Function Name: NtLoadDriver

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe0a00

 

#: 166  Function Name: NtLoadKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d586e86

 

#: 167  Function Name: NtLoadKey2

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5870c4

 

#: 168  Function Name: NtLoadKeyEx

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d587576

 

#: 174  Function Name: NtMakeTemporaryObject

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf6f6

 

#: 186  Function Name: NtOpenFile

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d566a8c

 

#: 194  Function Name: NtOpenProcess

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abde7a8

 

#: 197  Function Name: NtOpenSection

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf986

 

#: 201  Function Name: NtOpenThread

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abde920

 

#: 267  Function Name: NtRenameKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d58830c

 

#: 268  Function Name: NtReplaceKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d587840

 

#: 276  Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf26e

 

#: 280  Function Name: NtRestoreKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d587f4c

 

#: 286  Function Name: NtSecureConnectPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe079c

 

#: 301  Function Name: NtSetInformationFile

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5673a4

 

#: 314  Function Name: NtSetSecurityObject

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d588894

 

#: 317  Function Name: NtSetSystemInformation

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe0bae

 

#: 324  Function Name: NtSetValueKey

Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5854d6

 

#: 326  Function Name: NtShutdownSystem

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf690

 

#: 332  Function Name: NtSystemDebugControl

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf87a

 

#: 334  Function Name: NtTerminateProcess

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf01a

 

#: 335  Function Name: NtTerminateThread

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdeee8

 

#: 382  Function Name: NtCreateThreadEx

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe03ec

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x859181f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_CREATE]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_CLOSE]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_READ]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_WRITE]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_SET_INFORMATION]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_QUERY_EA]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_SET_EA]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_SHUTDOWN]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_CLEANUP]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: fastfat끖Ѝ䵆汳`ㄤ댩ㄤ댩逈虖ヸ댩퍜芶�髹, IRP_MJ_PNP]

Process: System Address: 0xb058e1f8     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x869e8500     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_CREATE]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_CLOSE]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_READ]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_WRITE]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_SHUTDOWN]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_POWER]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: cdrom֟灓摴逈薑, IRP_MJ_PNP]

Process: System Address: 0x86a2a4d0     Size: 121

 

Object: Hidden Code [Driver: Smb前摄�鳾幀虾‘ሊ, IRP_MJ_CREATE]

Process: System Address: 0x870c1500     Size: 121

 

Object: Hidden Code [Driver: Smb前摄�鳾幀虾‘ሊ, IRP_MJ_CLOSE]

Process: System Address: 0x870c1500     Size: 121

 

Object: Hidden Code [Driver: Smb前摄�鳾幀虾‘ሊ, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x870c1500     Size: 121

 

Object: Hidden Code [Driver: Smb前摄�鳾幀虾‘ሊ, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x870c1500     Size: 121

 

Object: Hidden Code [Driver: Smb前摄�鳾幀虾‘ሊ, IRP_MJ_CLEANUP]

Process: System Address: 0x870c1500     Size: 121

 

Object: Hidden Code [Driver: Smb前摄�鳾幀虾‘ሊ, IRP_MJ_PNP]

Process: System Address: 0x870c1500     Size: 121

 

Object: Hidden Code [Driver: netbt蛥
, IRP_MJ_CREATE]

Process: System Address: 0x86f5c500     Size: 121

 

Object: Hidden Code [Driver: netbt蛥
, IRP_MJ_CLOSE]

Process: System Address: 0x86f5c500     Size: 121

 

Object: Hidden Code [Driver: netbt蛥
, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86f5c500     Size: 121

 

Object: Hidden Code [Driver: netbt蛥
, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x86f5c500     Size: 121

 

Object: Hidden Code [Driver: netbt蛥
, IRP_MJ_CLEANUP]

Process: System Address: 0x86f5c500     Size: 121

 

Object: Hidden Code [Driver: netbt蛥
, IRP_MJ_PNP]

Process: System Address: 0x86f5c500     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_CREATE]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_CLOSE]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_POWER]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: iScsiPrtЎ浍摌뀰蚡ﳰ蚫눀醕, IRP_MJ_PNP]

Process: System Address: 0x86a26458     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]

Process: System Address: 0x84b521f8     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_CREATE]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_CLOSE]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_POWER]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: usbehciІ但塃
, IRP_MJ_PNP]

Process: System Address: 0x869f9500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_CREATE]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_CLOSE]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_READ]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_WRITE]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_QUERY_EA]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SET_EA]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SHUTDOWN]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_CLEANUP]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SET_SECURITY]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_POWER]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_SET_QUOTA]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: mrxsmb䌀髱І瑎湦܇$, IRP_MJ_PNP]

Process: System Address: 0x85960500     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_CREATE]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_CLOSE]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_READ]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_WRITE]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_SET_INFORMATION]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_SHUTDOWN]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_CLEANUP]

Process: System Address: 0xb646c1f8     Size: 121

 

Object: Hidden Code [Driver: cdfsЅ瑎硦
, IRP_MJ_PNP]

Process: System Address: 0xb646c1f8     Size: 121

 

==EOF==