Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect AND Malware won't load


  • Please log in to reply
22 replies to this topic

#1 gutterdoc

gutterdoc

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 06:44 PM

OK. I have the same problem as others; Google redirect/hijack. I can't get the Malware to start/load. I do have the logs from DDS, HJT and GMER. Can anyone help solve this? It is driving me mad! I don't know which files to clean/remove.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 23 March 2009 - 07:57 PM

Hello !! The HJT team is quite backlogged right now.
If you want to post the log,go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.

Or...are you trying to run malwarebytes? If so try these to get it working so you can post a log

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
***
Open up command prompt, type in following commands:
XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".
Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll

****

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

***
Try using a System Retore Point prior to the date of infection. You may be able to update and run MBam. Note this did not remove the malware.
Windows XP System Restore Guide

Edited by boopme, 23 March 2009 - 08:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 08:06 PM

OK. I renamed Malware and ran it. It found some bad trojans and I removed them and restarted the computer. Now it won't load and I get the BSOD. I'm dying here. Please help me fix this. It won't start in safe mode either. It is a paperweight. I have been working on this thing for 7 hours.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 23 March 2009 - 08:31 PM

Do you have the install CD? Load it and boot off it, Select repair install.

Or see post 5 here by quietman7
http://www.bleepingcomputer.com/forums/top...ml#entry1118311
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 08:35 PM

Did that while I was waiting. I'm up again. I need to get this root killer out of here. I have all the logs. Is there anything I should delete in Malware after a deep scan?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 23 March 2009 - 08:54 PM

That's good news. Post the MBAM log for review please.

Edited by boopme, 23 March 2009 - 08:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 09:05 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1890
Windows 5.1.2600 Service Pack 3

3/23/2009 10:03:45 PM
mbam-log-2009-03-23 (22-03-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 198881
Time elapsed: 44 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

#8 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 09:06 PM

The first scan

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

3/23/2009 8:54:14 PM
mbam-log-2009-03-23 (20-54-14).txt

Scan type: Quick Scan
Objects scanned: 74590
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51736dcb-100b-426f-a8f6-5efe51ecf1d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c3689615-a863-48e5-94f3-734a11825bf8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c3689615-a863-48e5-94f3-734a11825bf8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51736dcb-100b-426f-a8f6-5efe51ecf1d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c3689615-a863-48e5-94f3-734a11825bf8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c3689615-a863-48e5-94f3-734a11825bf8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{51736dcb-100b-426f-a8f6-5efe51ecf1d3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{c3689615-a863-48e5-94f3-734a11825bf8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{c3689615-a863-48e5-94f3-734a11825bf8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.91,85.255.112.85 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-3-8-39-100004321-100023251-100017882-7228.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xmp.bat (Trojan.Downloader) -> Quarantined and deleted successfully.

#9 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 09:08 PM

HJT log after Malware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:42 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

{Edited out log}

Edited by boopme, 23 March 2009 - 09:18 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 23 March 2009 - 09:20 PM

Hi, Ok the board policy is HJT logs have to be moved into the HJT forum. I edited it out so someone doesn;t move us.

Let's run ATF and SAS and get what's left.
From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 09:37 PM

SAS gives me an error and doesn't open even to update. Says it needs to be debugged/ send error message. ATF is OK. What now?

#12 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 09:47 PM

Thanks for saving my hide with the HJT log. SAS will not install after the download. Same error.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 23 March 2009 - 09:51 PM

Ok the rootkit earlier is still giving us grief.

CLB Rootkit infection aka TDSS, Seneka,GAOPDX and UAC Rootkit

Symptoms of infection.
1)MBAM will not install or run if already installed.
2)Other security tools also will not install or run if already installed.
3)Some installed security softwares that are able to still run will not update.
4)Some wellknown security/vendor sites are inaccesible as they are being blocked.

From MalwareBytes forum

Please follow these instuctions to run RootRepeal

If you are not 100% confident in identifying the CLB driver then post back here and we will need to run HJT.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 10:09 PM

RootRepeal is working. I don't know where the CLB driver is going to be. Will it be obvious or would you like the report once it is finished? HJT still works.

#15 gutterdoc

gutterdoc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2009 - 10:15 PM

Well here is the report.

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/03/23 23:01
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0EB2000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E8000 Size: 8192 File Visible: No
Status: -

Name: gaopdxpjiliqswkalrvimcfpxrldlvisbrpxvg.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxpjiliqswkalrvimcfpxrldlvisbrpxvg.sys
Address: 0xB11C4000 Size: 94208 File Visible: -
Status: Hidden from Windows API!

Name: PCI_PNP3192
Image Path: \Driver\PCI_PNP3192
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAD321000 Size: 45056 File Visible: No
Status: -

Name: spak.sys
Image Path: spak.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\SYSTEM32\gaopdxgcyidujnqtcdthyegdoetkfgegtaxytl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\mcmsc_albIZ2igvUtTjk9
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_LPKT3kMJyw7Lq76
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_oqmclo8kq9O11tc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\SYSTEM32\DRIVERS\gaopdxpjiliqswkalrvimcfpxrldlvisbrpxvg.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\EJ\Local Settings\Temp\etilqs_DNR0SFioPsJCta0LlXZk
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_632.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spak.sys" at address 0xb9ea80e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spak.sys" at address 0xb9ec6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spak.sys" at address 0xb9ec7030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spak.sys" at address 0xb9ea80c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spak.sys" at address 0xb9ec7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spak.sys" at address 0xb9ec6f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spak.sys" at address 0xb9ec719a

Stealth Objects
-------------------
Object: Hidden Module [Name: gaopdxgcyidujnqtcdthyegdoetkfgegtaxytl.dll]
Process: firefox.exe (PID: 5084) Address: 0x10000000 Size: 49152

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8ac0f1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x8ac8c1f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x8ac151f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x8ac121f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x8ac891f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x8ac8b1f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x8ac171f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x8ac851f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8aa931f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x8ac8a1f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x8ac841f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8ac901f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8ac1c1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8abda4d8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x8ac831f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x8ac211f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x8ac881f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x8ac1a1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8ac251f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x8ac1b1f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x8ac861f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_CREATE]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_CLOSE]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_POWER]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: aux0n6msȅవ浍瑓ຬ, IRP_MJ_PNP]
Process: System Address: 0x8aa851f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x8ac181f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x8ac221f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x8ac131f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x8ac161f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89f021f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89f021f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89f021f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89f021f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89f021f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89f021f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x8ac8d1f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_POWER]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: amsint, IRP_MJ_PNP]
Process: System Address: 0x8ac201f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CREATE]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CLOSE]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_POWER]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_PNP]
Process: System Address: 0x8ac111f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CREATE]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CLOSE]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_POWER]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: Sparrow, IRP_MJ_PNP]
Process: System Address: 0x8ac8e1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_CREATE]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_CLOSE]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_POWER]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: ql1240, IRP_MJ_PNP]
Process: System Address: 0x8ac1d1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8abc41f8 Size: -

Object: Hidden Code [Driver: sym_hi, IRP_MJ_CREATE]
Process: System Address: 0x8ac871f8 Size: -

Object: Hidden Code [Driver: sym_hi, IRP_MJ_CLOSE]
Process: System Address: 0x8ac871f8 Size: -

Object: Hidden Code [DriverHidden Services
-------------------
Service Name: gaopdxserv.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxpjiliqswkalrvimcfpxrldlvisbrpxvg.sys




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users